Before you can actually enrol an iOS device into Intune you typically need to complete the following preliminary steps:
Add an Apple management certificate to Intune
Set up an iOS Intune device compliance policy
Set up an iOS Intune device configuration policy
With all this done, you can now actually configure the device to be managed by Intune.
We’ll be using a newly wiped and configured iPhone as shown above in this walk through.
Note here, that this phone has both Facetime and the Safari browser on the device and available. After the device has been enrolled in Intune they will both be removed as part of the configuration policies that gets applied.
To do Mobile Device Management (MDM) for the device with Intune the user will need to download the Company Portal app and then run it.
There will be a prompt for a user login. This will be the user’s Office 365 credentials typically.
The device will also need to be connected to the Internet so it can verify these credentials and continue.
The user will now be prompted to put the device under management by selecting the Begin as shown above.
The user will then receive notification about what putting a device under management will mean as seen above.
In this scenario, we are assuming it is a bring your own device (BYOD).
The user will be given further instructions and then be required to press the Continue button.
The process will now try and open the Microsoft Intune portal in a browser. The user will need to select Allow to continue.
They will now be taken to a screen and prompted to install a new management profile by selecting the Install button in the top right.
This profile is the one that will be controlled by Intune and provide security over company data on this device.
The user will need to select Install again to continue.
They will then receive a warning about a third party certificate being installed as shown. This a certificate from Intune so the user should select Install in the top right to continue.
The user will be prompted to confirm that they wish their phone to be enabled for remote management.
They should select Trust to continue.
The management profile will complete installation. To finish this process select Done in the top right corner.
The user will be taken back to the Intune Company Portal app, where they will be prompted to continue. They should also now see that the device is now managed.
Select the Continue option.
The device settings will be checked. This is effectively running the compliance policy from Intune over the device to ensure it can be enrolled and meets the requirements to be considered to have the appropriate settings enabled and configured.
The process should complete without warnings or errors. This then indicates that the device is compliant and now has the configuration policies applied to it from Intune.
Select Done to continue.
The user will now see the Apps menu of the Company Portal app as shown above. They can return and use some of the other functionality in the app at any time but for now, simply close the app.
If you now look closely at the home page of the enrolled device now above, you will see, per the Intune Configuration policies that have been applied, both Facetime and Safari are no longer available on the device.
If an administrator now looks in the Intune portal they will see the device that has just been enrolled.
Select it to get more details.
They should see a summary of the device as well as a number of controls for the device across the top on the right.
If they select the Device compliance option from the menu on the left they will see the compliance policies that have been applied to the device and their state.
If they select Device configuration, they’ll see all the configuration policies that have been applied to this device and their current state.
You can select any of these policies on the right to get more information.
When you do you’ll see all the settings that have been applied as part of that policy. Here, you’ll see the policies for Facetime and Safari have been successfully applied (i.e. to be made unavailable on the device).
So, that’s how you put an iOS device under management using Intune. Doing so give you greater control over what is done on the and also the ability to do things like remotely wipe that device if required. A future article will show you how these management task can be accomplished on the the device.