Step-By-Step: Enrolling iOS Devices Via Apple Configurator In Microsoft Intune

  • Article

BYOD_iOS_Challenges

With the introduction of iOS into the workforce, IT professionals faced the dilemma of securing said devices.  Devices running iOS have traditionally been introduced in BYOD scenarios, however as of late, some organizations have now introduced corporately purchased iOS devices to perform certain functionality. The question on managing said devices still however remains.

Microsoft Intune, in conjunction with Apple Configurator, now presents a viable solution to enroll and manage iOS devices.  This solution also provides an added benefit of disallowing an end user the ability to reset the iOS device back to factory default.  This Step-By-Step post will detail this enablement and will require the iOS device to be USB-attached to an Apple computer running Apple Configurator.

  1. In the Microsoft Intune administration console go Policy > Device Enrollment Profiles, and then click Add… .

  2. Enter details for the device profiles:
     
    - Name – Name of the device enrollment profile
    - Description - Description of the device enrollment profile. Not visible to users
    - User affiliation – Specifies how devices are enrolled. For Direct Enrollment, select Do not prompt
    - Device group pre-assignment – All devices deployed this profile will initially belong to this group. You can reassign devices after enrollment
     

  3. Click Save Profile to add the profile
     

  4. In the Microsoft Intune administration console go Policy > Device Enrollment Profiles, and select the device profile to deploy to said iOS devices

  5. Click Export… in the taskbar
     
    NOTE: The Apple Configuration Method window opens
     

  6. Select Direct enrollment found under Apple Configurator Method
     

  7. Download and save the direct enrollment profile file (.mobileconfig).
     
    NOTE: The file must be imported into Apple Configurator to define the Intune profile used by iOS devices. An enrollment profile file is only valid for 2 weeks at which time it would then have to be re-created.
     

  8. Copy the Intune enrollment profile file (.mobileconfig) to a Mac computer running Apple Configurator
     

  9. Import the file into Apple Configurator
     

  10. Enroll the selected iOS device via USB connection using Apple Configurator
     
    NOTE: Devices configured with this file must already have completed Setup Assistant and must have an internet connection when the file is applied.