You may have read our article on how to Setup Microsoft Intune and manage it in Endpoint Manager. This blog post describes how to use Endpoint manager to enroll iOS devices.
With the various OS: Android, Windows and iOS and specific scenarios with BYOD and corporate device, there are so many ways to enroll devices.
We’ll show you one way to enroll a personal iOS device (BYOD) but you can refer to Microsoft Documentation which covers every possible scenario.
Endpoint Manager Enroll iOS Requirements
To enroll and manage iOS/MAC devices into Endpoint Manager, you first need to create an Apple MDM Push Certificate. These certificates expire 365 days after you create them and must be renewed manually in the Endpoint Manager portal.
- In the Endpoint Manager Portal
- Click Devices / iOS/iPadOS Enrollment and select Apple MDM Push Certificate
- Check the agreement in #1
- In the second step (#2), click on Download your CSR. A file will download in your browser. Keep this file for the next step
- On the third step (#3), click on Create your MDM Push Certificate
- You’ll be redirected on the Apple Push Certificate Portal
- Login using your Apple ID or create one
- In the Get Started section, click Create a Certificate
- Check the I have read and agree to these terms and conditions check box and click Accept
- Click Browse and select the .CSR file you created previously, click Upload
- Your certificate is now created and available for download. The certificate is valid for 1 year. You will need to repeat the process of creating a new certificate each year to continue managing iOS devices.
- Click on Download
- Ensure that the file is a .PEM and save it to a location on your server.
- Back in the Endpoint Manager Portal
- Complete step 4 by entering your Apple ID
- Complete step 5 by entering the MDM_ Microsoft Corporation_Certificate.pem that you just downloaded
- Click Upload at the bottom
- Once the certificate is created, you can now enroll an iOS device using a user that has an Intune licence.
- To enroll iOS device, you must install the Microsoft Intune Company Portal App. It can be installed on any iOS device having iOS 6 and later. (iPhone and Ipad)
Enroll the iOS Device
The Intune Company Portal app will allows to perform the following actions:
- Monitor mobile devices with Microsoft Intune
- Enable access to company resources with Microsoft Intune
- Deploy software to mobile devices in Microsoft Intune
- Configure security policy for mobile devices in Microsoft Intune
- Help protect your data with remote wipe, remote lock, or passcode reset using Microsoft Intune
To download the App :
- Open the App Store on your device and search for Intune Company Portal. (Or use this direct link)
- Install the App and open it
- Enter your credentials
- select Begin at the bottom
- Review and click Continue
- Review and click Continue
- You’ll get prompted to install the Management Profile, click on Allow. You will be prompt to enter your Iphone passcode
- Open Settings and select Pofile Downloaded
- Select Install at the top
- Click Install at the bottom
- On the Warning page, select Install
- On the Remote Management warning, select Trust
- Select Done at the top
- Back in the company Portal, select Continue Now
- If everything was setup correctly, you should have all 3 green check mark. Click Continue
The device will make its initial compliance check. If you have any app assignment, you’ll also receive an installation notification at this point.