Wednesday, 15 January 2014

MDM in SCCM 2012 R2 - iOS

Back to ConfigMgr main menu     
Back to MDM Menu

Apple devices (iOS 6.0 or later) can also be managed using the ConfigMgr 2012 R2/Windows Intune Unified Mobile Device Management solution (iOS 5.0 can be managed with ConfigMgr 2012 SP1).

The management of iOS devices requires an APN (Apple Push Notification). This allows communication between Intune and the Apple Push Notification Service (and hence your Apple devices).

Navigate to Administration > Cloud Services.

Right click Windows Intune Subscriptions and select to "Create APN certificate request". 

Enter a path and appropriate file name for your Certificate Signing Request (CSR). Click Download to contact Windows Intune and retrieve the CSR.

Enter your Windows Intune credentials when requested. 

Download is complete.  Close the Window.

See CSR file.

Now you must log in to the Apple Push Notification Portal

It is recommended NOT to use IE for this part of the process. Use another browser (this is opposite to what we found with the Symantec Enterprise Code Signing Certificate in Windows 8 Phone) or you may have difficulty downloading the .pem file.

However, I will stick with IE and show you what to do when you encounter the problem.

Enter your Apple ID and password.

 Select "Create a Certificate".

Accept the "Terms of use".

Browse to your CSR and Upload.

You receive a notification that you can now download a file. If you were using an alternative browser you could download and save this file. However we need a .pem file to continue. We are presented with a .json file which is of no use to us. Cancel this download and log out of the Apple Portal.

Now log back in to the Apple Push Notification Portal

See your certificate is now available.  Select to Download the certificate.

Now see that you are prompted to download a .pem file. This is what we want. Save the file.

This is our APN certificate.

Now open the properties of our previously created Windows Intune Subscription. Check the box to enable iOS enrollment. Browse to locate your APN certificate and Apply.

You have now successfully enabled iOS enrollment. The path to your APN cert now disappears.

Now it's time to enrol a device. The Windows Intune Company Portal for Apple was released on Nov 19 2013. It is available for free download from the Apple Store.

On a device search for the Windows Intune Company Portal in the Apple Store.

Open the app to download and install it.

Open the Portal.

Enter your email address (UPN) and domain password (as shown before with Windows 8 Phones).

The company portal opens. See "My Devices". Your device will show an "information symbol - i". This means that the device is not enrolled. Click on the device and enrollment commences.

Select "Add Device". You are presented with information about granting administrative rights to your IT dept. Click "Add" to confirm.

You are prompted to install the Management Profile. Select Install.

Select "Install now".

 See progress.

You are prompted with another warning. Click Install to accept it and continue.

Device is now enrolled and will appear in ConfigMgr console.

It will receive it's compliance policy shortly and the user will be forced to choose a PIN.

Example of device properties in ConfigMgr console.