How to enroll an iOS device in SCCM

Benoit LecoursSCCM1 Comment

Download and own all parts of the blog series in a single PDF file. Use our products page or use the download button below. This blog post won’t be updated, only the document will be.

 

In Part 1 of this series, we prepared the Intune environment for mobile device management. We also make sure we got the Intune subscription account.

In Part 2, we configured Active Directory and create users in Intune.

In Part 3, we prepared our Configuration Manager server in order to link it to Intune using the SCCM connector.

In Part 4, we will begin device enrollment starting with Apple iOS devices.

Here’s the main steps to enroll an iOS device :

  • You need an Apple certificate to establish communication between Apple and Intune
  • SCCM must be enabled for iOS enrollment
  • Your iOS devices need to download the Company Portal App from the App store.

Create APN Certificate Request

iOS devices needs to be contacted by the Apple Push Notification service (APNs) in order to check for policy. To do so, your company needs an APNs certificate to allow Windows Intune to contact Apple when device ask for new policies. Here’s how to obtain this certificate.

  • Go to Administration / Overview / Cloud Services / Windows Intune Subscriptions
  • Click the Create APN Certificate Request in the top ribbon

SCCM ios device enrollment

  • Enter the path where you want the file to be created and click Download

SCCM ios device enrollment

  • You will be prompt with the Intune login page, enter your Intune credential. See part 1 of this blog series if you don’t have an Intune account.

SCCM ios device enrollment

SCCM ios device enrollment

  • Sign in with your Apple ID on the Apple Push Certificate Portal

SCCM ios device enrollment

  • In the Get Started section, click Create a Certificate

SCCM ios device enrollment

  • Check the I have read and agree to these terms and conditions check box and click Accept

SCCM ios device enrollment

  • Click Browse and select the .CSR file you created previously, click Upload

SCCM ios device enrollment

Your certificate is now created and available for download. The certificate is valid for 1 year. You will need to repeat the process of creating a new certificate each year to continue managing iOS devices.

  • Click on Download
  • Ensure that the file is a .PEM and save it to a location on your server. If the downloadable file is a .JSON file, use a alternate browser (not IE) to download the file.

SCCM ios device enrollment SCCM ios device enrollment

On you have saved the file locally, sign out of the Apple Push Certificate Portal. You now have your APN Certificate (.PEM) and we’re ready for the next step.

SCCM ios device enrollment

Enable iOS enrollment

We will now enable iOS enrollment on the SCCM side.

  • Open the SCCM Console
  • Go to Administration / Overview / Cloud Services / Windows Intune Subscriptions
  • Right click Windows Intune Subscriptions
  • Click Properties
  • Select the iOS tab
  • Check Enable iOS enrollment
  • Enter your APNs certificate path at the bottom (the file we just downloaded)
  • Click OK

SCCM ios device enrollment

Enroll an iOS device

In order to enroll an iOS device, you must install the Microsoft Intune Company Portal App. It can be installed on any iOS device having iOS 6 and later. (Iphone and Ipad)

The Microsoft Intune Company Portal app will allows to perform the following actions:

  • Monitor mobile devices with Microsoft Intune
  • Enable access to company resources with Microsoft Intune
  • Deploy software to mobile devices in Microsoft Intune
  • Configure security policy for mobile devices in Microsoft Intune
  • Help protect your data with remote wipe, remote lock, or passcode reset using Microsoft Intune

To download the App :

  • Open the App Store on your device and search for Microsoft Intune Company Portal. (Or use this direct link)

SCCM ios device enrollment

  •  Install the App and open it

SCCM ios device enrollment

  • Enter your Intune credentials

SCCM ios device enrollment

  • On the Device Enrollment screen select Enroll at the bottom. If you select Cancel, your device won’t be enrolled but you could do it later. (See Troubleshooting section)

SCCM ios device enrollment

  • Wait for Intune to be contacted

SCCM ios device enrollment

  • You’ll get prompted to install the Management Profile, click on Install. You will be prompt to enter your Iphone passcode.

SCCM ios device enrollment

  • Then select Install

SCCM ios device enrollment

  • Wait until the process gets completed

SCCM ios device enrollment

  • On the Warning page, select Install

SCCM ios device enrollment

  • On the Remote Management warning, select Trust

SCCM ios device enrollment

  • Once completed, your device will be enrolled. Select Done

SCCM ios device enrollment

  • The company Portal will load and you’ll receive the confirmation that the device is enrolled

SCCM ios device enrollment

Verification

In the Company Portal :

  • Verify that there’s no I sign beside your device at the bottom of the company portal. The first screenshot is an enrolled device, the second one is a non enrolled device.

SCCM ios device enrollment  SCCM ios device enrollment

In SCCM :

  • Open the SCCM Console and browse to Assets and Compliance / Device Collections
  • Open the All Mobile Devices collection  and verify that your device is listed

SCCM ios device enrollment

Troubleshooting

At the beginning of the enrollment process, if you click on Cancel you can start it again manually.

  • Open the Company Portal, you’ll notice that there’s a I sign beside your device at the bottom. Select your device and the enrollment process will restart. Refer to the above procedure.

SCCM ios device enrollment

If you have any problem with enrollment, you can shake the device to enter diagnostic mode.

SCCM ios device enrollment

You can select to View log file or send it by Email to read it on your computer.

That’s it, you’ve completed the fourth step to manage mobile device with SCCM 2012.

Overview | Mobile Device Management with Intune and SCCM 2012

Next Part | How to enroll an Android device in SCCM

SCCM ios device enrollment

One Comment on “How to enroll an iOS device in SCCM”

  1. Benoit,
    Great write up on using Intune and SCCM. I have gone through Step 4 and added 3 iPad mini’s via the Intune company portal app. When I look in SCCM, they are not in the mobile devices collection but all 3 show up in the app on each iPad.
    Going through the steps, I noticed that some screens have changed and some items are completely gone in the wizards. I did my best to find the new way to complete the step but have a feeling I missed something. Any help would be appreciated.

Leave a Reply

Your email address will not be published. Required fields are marked *