Thursday, November 15, 2018

Enrolling an iOS device into Intune

Before you can actually enrol an iOS device into Intune you typically need to complete the following preliminary steps:

Add an Apple management certificate to Intune

Set up an iOS Intune device compliance policy

Set up an iOS Intune device configuration policy

With all this done, you can now actually configure the device to be managed by Intune.

image

We’ll be using a newly wiped and configured iPhone as shown above in this walk through.

image

Note here, that this phone has both Facetime and the Safari browser on the device and available. After the device has been enrolled in Intune they will both be removed as part of the configuration policies that gets applied.

image

To do Mobile Device Management (MDM) for the device with Intune the user will need to download the Company Portal app and then run it.

image

There will be a prompt for a user login. This will be the user’s Office 365 credentials typically.

image

The device will also need to be connected to the Internet so it can verify these credentials and continue.

image

The user will now be prompted to put the device under management by selecting the Begin as shown above.

image

The user will then receive notification about what putting a device under management will mean as seen above.

In this scenario, we are assuming it is a bring your own device (BYOD).

image

The user will be given further instructions and then be required to press the Continue button.

image

The process will now try and open the Microsoft Intune portal in a browser. The user will need to select Allow to continue.

image

They will now be taken to a screen and prompted to install a new management profile by selecting the Install button in the top right.

This profile is the one that will be controlled by Intune and provide security over company data on this device.

image

The user will need to select Install again to continue.

image

They will then receive a warning about a third party certificate being installed as shown. This a certificate from Intune so the user should select Install in the top right to continue.

image

The user will be prompted to confirm that they wish their phone to be enabled for remote management.

They should select Trust to continue.

image

The management profile will complete installation. To finish this process select Done in the top right corner.

image

The user will be taken back to the Intune Company Portal app, where they will be prompted to continue. They should also now see that the device is now managed.

Select the Continue option.

image

The device settings will be checked. This is effectively running the compliance policy from Intune over the device to ensure it can be enrolled and meets the requirements to be considered to have the appropriate settings enabled and configured.

image

The process should complete without warnings or errors. This then indicates that the device is compliant and now has the configuration policies applied to it from Intune.

Select Done to continue.

image

The user will now see the Apps menu of the Company Portal app as shown above. They can return and use some of the other functionality in the app at any time but for now, simply close the app.

image

If you now look closely at the home page of the enrolled device now above, you will see, per the Intune Configuration policies that have been applied, both Facetime and Safari are no longer available on the device.

image

If an administrator now looks in the Intune portal they will see the device that has just been enrolled.

Select it to get more details.

image

They should see a summary of the device as well as a number of controls for the device across the top on the right.

image

If they select the Device compliance option from the menu on the left they will see the compliance policies that have been applied to the device and their state.

image

If they select Device configuration, they’ll see all the configuration policies that have been applied to this device and their current state.

You can select any of these policies on the right to get more information.

image

When you do you’ll see all the settings that have been applied as part of that policy. Here, you’ll see the policies for Facetime and Safari have been successfully applied (i.e. to be made unavailable on the device).

So, that’s how you put an iOS device under management using Intune. Doing so give you greater control over what is done on the and also the ability to do things like remotely wipe that device if required. A future article will show you how these management task can be accomplished on the the device.