Microsoft Intune is Microsofts cloud based MDM system, I’m sure you all are aware of that. But do you now what it can do for an iOS device?
Well I will try to let you now what’s matter with Intune and iOS today. I want to add a bold on TODAY, what Microsoft release tomorrow we don’t now and it is also a possibility that apple changes something in the next iOS release….
I will go through the features, “how to” and IMHO the improvements I hope for future updates to come.
We will go through:
- Connect Intune and Apple Push Notification Service
- Setting up policy and apps for the iOS devices.
- Deploy Intune company portal app
- Configuring DEP
- Configuring VPP and deploying purchased apps
- Using Apple Configurator
When it comes to Intune we can discuss whether it’s a good choice to use a hybrid with SCCM or even only running SCCM is better, but from my point of view Intune is better off on its own. We don’t want legacy on-premises junk do we? 🙂
Anyway I work with focus on cloud only and I love it! This blogpost is about Intune standalone only.
First of all, we need an Intune tenant to work with. You will get that by registrering a trial, buying EMS license or Intune stand alone licenses.
Most of the environments I meet on a daily basis have an Office 365 tenant and Azure AD Sync setup so we only add the EMS license for the users before starting to setup Intune
This is where we start, bunch of licensed users and an empty Intune tenant
To get Apple iOS work with Intune we need to import an Apple Push Notification service (APNs) certificate from Apple. This certificate allows Intune to manage iOS and Mac devices and establishes an authorized and encrypted connection with the mobile device management authority services.
This is just for managing the devices with Intune, we need another account for VPP and DEP. Later on that. Let’s start create the Apple ID we need for Intune
Connect Intune and Apple Push Notification Service
Go to http://appleid.apple.com and register the account. Do not use the account anywhere else and absolutely not on a iOS device yet. The account will not function if it are connected to Appstore which will happen the first time when starting the AppStore on and iOS device the first time. Make sure You also add the two-step verification for the account.
Perfect, now it’s time to connect Intune to APN. Head over to the Intune portal at https://admin.manage.microsoft.com and logon with your admin account. Go down to ‘Admin’ and ‘Upload an APNs Certifictae’. Click the button to download a APN certificate request.
Improvements needed: Move the whole portal of the Silverlight junk to either the Azure Portal or Office 365 Admin Center.
This request will be provided to Apple to create the certificate. Save the file locally and use the link below to go to Apples site.
Logon with the account created in the beginning of the blog post. Click ‘Create Certificate’
That’s not the certificate. This will actually not be successful most of the times. If not just press cancel and a redirect will occur and the certificate will be available for download. Click Download to get a file called MDM_ Microsoft Corporation_Certificate.PEM. This is the certificate that you will be uploading to Intune. It will uniquely identify your organization to managed iOS devices. Then go back to Intune.
Choose to upload th APNs Certifictae. I the following dialog box pick up the certificate file and type in the apple id used when creating the certificate:
After that the Intune tenant should be ready for manage You iOS devices.
All done, quite easy but You have to remember that the certificate is only valid for one year. Then You have to request a new one. It will not affect any deployed apps, policy’s or iOS devices as long as the certificate is renewed in time with the same Apple ID.
Stay tuned for episode 2!!!!!