Mobility Management: Preparing An Intune Environment

Intune, Microsoft’s full-featured Mobile Device Management offering that supports Android, iOS, and Windows, can integrate with System Center Configuration Manager enabling larger environments. This combination can utilize a centralized management console to manage mobile devices, PCs, servers, and virtual machines, both in cloud and on-premise. 

A Microsoft Intune subscription is required before preparing the Intune environment. The 30-day free trialcan be enabled quickly.

The first step in order to link Intune and your Configuration Manager 2012 server is to add and verify your domain in Microsoft Intune. Mobile devices will with Intune and not directly with your Configuration Manager.

Intune management is split into 2 distinct links :

• https://account.manage.microsoft.com to access the Windows Intune Account Portal. Use it to add and manage users, subscriptions and domains). This console will be used to setup the environment
• https://admin.manage.microsoft.com to access the Windows Intune technical console This console will be barely used since all the mobile device management will be made in Configuration Manager

Let’s start the Windows Intune configuration:

1. Log in your Intune Account Portal
    
   
    
2. Select Domains section
    
3. Click on Add a domain
    
   
    
4. Enter your domain name and click Next
    
   
    
5. In the Verify domain screen
    
6. Follow the on-screen instructions to create a TXT record or a MX record on your public DNS. We choose to create a TXT record for this blog post.

1. Sign in to your domain name registrar’s website, and then select the domain that you’re verifying.
2. In the DNS management area for your account, select the option to add a TXT record for your domain.
3. In the Host or Host name box for the domain, type or paste @.
4. In the value box, type or paste your MS=msXXXXX. Depending on the website, this box may be labeled Text, Value, Address, Points to, or TXT record.
5. Where it asks for TTL information, type 1 Hour to set TTL to 1 hour.
6. Save your changes, and then sign out of your domain name registrar’s website.
    
   
    

Note: This step is important because it allows Intune to verify that you are the owner of the domain. Also the TXT value will have an unique value.

While you are modifying your DNS,

1. Create a DNS alias (CNAME record type) that redirects EnterpriseEnrollment.YourDomainName.com to manage.microsoft.com. This will be used to manage Windows and  Windows devices. It will prevent to enter the server name during device enrollment.
    
   Note: Typically it takes about 15 minutes for your changes to take effect. But it can take up to 72 hours for the DNS record that you created to propagate through the DNS system
    
   
    

Here is the result:

1. Once you’re complete your DNS entries, go back to the Intune console and click on Verify
    
   
2. In the Domains screen, check the status of the domain which should read Verified.   If an error is reported, wait a couple of hour and try again. Time is needed for the domain to sync the new DNS entries