Step-By-Step: Connecting System Center Configuration Manager with Windows Intune Service

  • Article

 

In the CANITPRO.NET BYOD Basics series we recently explored the new mobile device management capabilities found in System Center 2012 Configuration Manager when combined with the Windows Intune service. To coincide with this post, this Step-By-Step has been created to help you setup your lab to test the mobile device management functionality provided by joining the two solutions together.

 

Getting Started

  1. Download and install System Center Configuration Manager 2012 SP1

    NOTE:     You can also run the following lab via Step-by-Step: Building a FREE System Center 2012 Configuration Manager SP1 Lab to setup your virtual lab
     
  2. Setup your Windows Intune account by taking advantage of the free 30-day demo

 

Prepare Your Active Directory
 

 

  1. Make sure users have publically accessible User Principal Name suffixes in Active Directory Domain Services
  2. Change the UPN for those users who will be utilizing Windows Intune to match the public Doman Name Services
     

Add records to Public DNS
 

  1. Go to account.manage.microsoft.com
  2. Select Domains from the left hand side
  3. Add a domain that you own the for verification add the TXT record to your public DNS to prove ownership - NOTE: This can take some time to replicate
  4. Create public DNS Alias to point EnterpriseEnrollment .<company domain name>.<tld> to manage.microsoft.com - NOTE: This allows users to enroll their devices via their email address

 

Deploy DirSync

 

  1. Prepare for DirSync via setting up a Windows Server 2012 server with .Net 3.5
  2. Install and run the Microsoft Deployment Readiness Tool.
     
    1. Depending on which portal you are using, do one of the following:
       
      1. If you are using Office 365 or another account portal, click Users, click Set up next to Active Directory synchronization, and then proceed to the next step.
      2. If you are using the Windows Azure Management Portal, click Active Directory, click on your directory showing on the Enterprise Directory page, click Directory Integration, and then proceed to the next step.
      3. If you are using the Windows Azure AD Preview Portal, in the left pane, click Integration, click Deploy directory sync, and then proceed to the next step.
         
    2. Click Activate.
        

Prepare Windows Intune for DirSync

    1. Go to account.manage.microsoft.com
    2. Go to Users > Active Directory Synchronization Setup
    3. Download and install DirSync
    4. Setup Synchronization
    5. Check Synchronization by making sure users now appear in the Users view at account.manage.microsoft.com
    6. Enable users for Synchronization
    7. Enable users for Windows Intune      
       

Enable Windows Intune for the users you wish to enroll

    1. Ensure the users password has been changed – NOTE: users cannot enroll devices using the default password they are issued upon account creation

 

Enabling the Company Portal for Windows RT

  1. Add the Windows Intune Connector Site System Role
  2. On the RT device go to Company Apps
     
    1. Log in with the users email address and password
    2. Install and start the portal
    3. Sign into the Company Portal App

This lab, once completed, provides an exceptional testing ground for BYOD enablement. Be sure to connect your Android, iOS and of course your Windows 8 and Windows Phone devices to said lab to ensure enablement offered through System Center 2012 and Windows Intune is the right fit for your organization.