Enterprise Mobility and Security Blog

RSS

As part of the Microsoft Intune service update being rolled out to customers between November 17, 2014 and November 19, 2014, we are also updating the Intune Company Portal for Windows Phone 8.1.  One of the key benefits of this update to the Company Portal is that you no longer need a Symantec certificate to enable enrollment of Windows Phone 8.1 devices in Intune standalone.

Another important change is that the new Company Portal for Windows Phone 8.1 will now be available in the Microsoft Store. Now, when you install the Company Portal and the device is not enrolled, the portal will show prompts to encourage the user to enroll. If the user touches the prompt, it will take them directly to Settings, Workplace so that they can enroll. These changes provide a better, more consistent workflow for enrollment, and provide companies with an easier way to try Windows Phone mobile device management (MDM) without having to commit to purchasing a Symantec certificate up front.

The Symantec certificate provides a way to verify that only trusted apps are installed on Windows Phones, but it can be difficult for companies to obtain and maintain this certificate. By releasing the Company Portal for Windows Phone 8.1 on the Microsoft Store, IT admins no longer need a Symantec certificate to sign their own copy of the Company Portal; the Microsoft Store provides a trusted version of the portal that has been validated by the store submission process.

When you’re ready to take advantage of these enrollment improvements, tell your Windows Phone 8.1 users to start by going to the Microsoft Store, installing the Company Portal, and enrolling according to the directions in the portal (just like iOS, Android, and Windows.) After users install the Company Portal from the Microsoft Store, users will be able to use the Company Portal to:

  • View and accept custom terms and conditions configured by the IT admin
  • Access deep links to the Microsoft Store
  • Use web links to access web pages
  • View enrolled devices
  • View contact information for the IT department

Users can do all of these tasks, even if the Windows Phone 8.1 device is not enrolled, and even if the IT admin has not uploaded the .pfx file for the Symantec certificate.

While the certificate isn’t required for enrollment, you will still be required to upload the .pfx file for the Symantec certificate and the signed ssp.xap file for the Company Portal in the following scenarios:

  • If you want to sign and deploy your own line of business (LOB) apps to Windows Phone 8.1 devices
  • If you need to enroll Windows Phone 8 devices, even if you don’t want to deploy LOB apps to these devices
  • If your Intune subscription is connected to System Center 2012 R2 Configuration Manager. Support for the “certificate-less” enrollment feature is planned for a future release of System Center Configuration Manager.
  • If your users cannot access the Microsoft Store, either because their access has been blocked by their IT admin or because they don’t have Microsoft accounts.

One more note: It’s possible to have the ssp.xap file from the Download Center installed on a device at the same time as the new Company Portal app from the Microsoft Store, which could be confusing to users. If you’re going to tell users to install the latest version of the Company Portal app from the Microsoft Store, make sure to create a software deployment that uninstalls the existing ssp.xap Company Portal file first.

Additional technical documentation will be available in the TechNet Library here on November 21.

Also – If you haven’t already tried Microsoft Intune, sign up for a free 30-day trial today!

–  Cathy Moya, Program Manager