EMS Landing page
Microsoft Intune is an excellent tool for managing mobile devices (Windows Phone, iOS and Android). We are given many options for deploying configuration settings to these devices. However, occasionally, we can encounter a requirement that is not supported natively. I had two such requirements today.
- deploy WPA2 Personal Wifi profile with password to iOS device
- deploy Cisco IPSec VPN profile to iOS device
Intune does not give us the options to configure these specific settings but it does give us the capability to import a custom iOS profile and deploy to devices. Great, I could easily create a custom profile using the Apple Configurator tool. This tool can only be used on a Mac device and the current version is only supported on OS X version 10.10.3 or later.
Launch the configurator tool.
"Prepare" is selected by default. We don't need to enter a name here. We are not provisioning a device. We only want to create a custom profile.
Turn "Supervision" on and click the + to "Create New Profile".
This will be our new iOS profile. In the General tab enter a name and description for the profile.
Open the Wi-Fi tab and click to Configure.
Enter the SSID, Security Type and password.
Open the
VPN tab and click to Configure.
Enter a name for the connection. Select the "Connection Type". See that there are quite a lot to choose from here.
Enter the Group Identifier and Shared Secret. Save the profile.
This is the saved profile. Select the arrow to export it.
Save the profile and give the file a sensible name.
It is saved with a .mobileconfig extension.
Have a look at the contents of the file. It's just XML.
Now we will import the custom policy in Intune. Navigate to Policy > Configuration Policies. Click to Add a new policy.
Choose iOS > iOS Custom Policy and select "Create Policy".
Enter a name for the policy and a name for the profile which will be displayed to users.
Browse and choose the .mobileconfig file. The XML is displayed.
Choose to deploy the policy now.
Choose the group you want to deploy to.
We can now wait for the policy to get to the device or force a policy sync.
Our policy has been received. Open the policy.
Have a look at "More Details".
We can see the WiFi and VPN profiles.
This is the VPN configuration on the device.
The Apple Configurator tool allows us to deploy configurations to devices via Intune even though these configurations are not natively available with Intune.
EMS Landing page
I've just tested one of the new Intune features that was added in April's service update and it works really well. You can find full details of those features here
We have now been given the ability to create WiFi profiles with pre-shared keys (PSK) for Android devices.
Previously when we created an Android WiFi policy the only available authentication options were Certificates or Username/Password. Now we can configure a WiFi profile with pre-shared keys using Android Custom Policies.
So how do we do that. You can find a full description in this TechNet Library article
Use Android custom policies to manage device settings with Microsoft Intune
Lets have a go at this.
In the Intune Portal navigate to Policy > Configuration Policies. Click to Add a new policy.
Open the Android templates but, instead of choosing WiFi Profile, select Android Custom Policy.
Enter a name and description for the policy. See the section for OMA-URI (Add one or more OMA-URI settings that control functionality on Android devices). Those of us that work with ConfigMgr are already familiar with this concept on Windows Phone devices.
Click on Add - now the fun starts.
What is this all about? OK we have to enter a name and description for this setting. but what about the rest. We are given some guidance in the TechNet article.
Have a look at the data types. We will be using XML so we choose "String XML".
The OMA-URI (which is case sensitive) must be the following format:
./Vendor/MSFT/WiFi/Profile/<Wi-Fi profile>/Settings
where <Wi-Fi profile> is a unique name for the profile.
What about the value? Microsoft have given us a template in the TechNet article. However we don't need it. We can generate our own XML file.
Here's a good tip from the field:
On your laptop navigate to
%SYSTEMDRIVE%\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces\{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}\{Random-GUID}.xml
where {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} corresponds to the network adapter GUID.
For every wireless configuration, there is a separate XML file with a random GUID as its name.
Open them up and have a look.
Here's one of mine. Find a profile that you want to deploy and open the XML file.
See the section:
<keyMaterial>01000000D08C9DDF0115D1118C7A00C04FC297etc</keyMaterial>
</sharedKey>
This is the encrypted shared key. All you have to do is replace between the brackets with your shared key.....
....and paste the xml into the Value window. Click OK to save the setting.
Edit 29th May 2015:
Johnathon Biersack has created a really cool XML Generator that we can use to create the XML file.
Download and read about this tool here
This is what is looks like:
End of edit.
Save the Policy (Gerry WiFi Profile).
Choose Yes to deploy the policy now......
....and deploy to your Android devices.
In time we get notification from the Intune Company Portal on the Android device that networks have been configured for the workplace.
There it is. Gerry WiFi profile is available for use. This is very slick.
