We’ve just released an update to the Company Portal app for iOS which includes improved support for corporate-owned iOS devices enrolled using the Apple Device Enrollment Program (DEP) or Apple Configurator.
In this post, we will describe best practices for enrolling and managing corporate-owned iOS devices with the Intune Company Portal app.
- An iOS device enrolled in DEP – or - access to a Mac device with Apple Configurator
- Intune credentials for end-user enrollment
- Apple ID credentials for end-user login to the App Store
Enrolling a Device:
- The IT Admin completes the instructions on this TechNet page for preparing corporate-owned iOS devices. This may require logging into the Apple DEP portal to assign devices or launching Apple Configurator tool to configure devices over a USB connection. In most cases, the device must be factory reset for the configuration to take effect. NOTE: It is important to select “prompt for user affinity” in the enrolment profile. If you select “no user affinity” or use Direct Enrolment then you cannot use the Company Portal app on that device.
- The end-user turns on the device and completes the out-of-box enrolment experience as part of iOS Setup Assistant. Take note of the Intune credentials used during enrolment. NOTE: If you are not prompted to enter credentials during Setup Assistant, then that means the device is configured without user affinity. Do not install the Company Portal on this device! It is unsupported. Return to Step 1 and prepare the device with user affinity.
- You must setup an Apple ID on the device. This may be completed during Setup Assistant, or otherwise must be done after enrolment. This Apple ID is required to install the Company Portal app in the next step.
- After device setup is complete, download the Microsoft Intune Company Portal app from the App Store.
- Launch the Company Portal app and login using the same Intune credentials from Step 2.
- After login, the end-user will be prompted to enrol the device. The first step of this enrolment flow will ask the user to Identify their device. This list includes iOS devices that have already been corporate-enrolled and assigned to the end-user’s Intune account. Choose the matching device. NOTE: If this device is not already corporate-enrolled, select “new device” to continue with the standard enrolment flow.
- On the next screen, the user must confirm the serial on the device. The user can tap on the link “confirm the Serial Number” to launch the Settings app to easily verify the serial number. The user must then enter the last 4 characters of the serial number into the Company Portal app. NOTE: The purpose of this step is verify that the device the user is currently on is the exact same corporate device that has already been enrolled in Intune.
- If the serial number on the device does not match, the wrong device may have been selected. Go back to the previous screen and select a different device.
- If the serial number is properly verified, the Company Portal app will briefly transition to the Company Portal website to finalize enrolment, and then prompt the user to return to the app.
- Enrolment is now complete. You can now use this device with the full set of Intune capabilities.