This is a special certificate that Apple will generate for you. IMPORTANT: You do not need a Certificate Authority or worry about creating a certificate. Simply follow the 5 steps in the wizard to setup the certificate. I have already performed this step in my lab. Within MEM navigate to Devices -> Enroll Devices -> Apple Enrollment and click on Apple MDM Push Certificate: This starts with setting up the Apple MDM Push Certificate. It can be accessed at Configure Apple MDM Push Certificate Note: I will be using Microsoft Endpoint Manager (MEM), which Intune is built into, for this blog. Before we begin I recommend you review this documentation so you have a good understanding of what this entails. To allow for Apple devices to be enrolled, we need to configure Intune so that it can properly manage an Apple device. Setup Intune for Apple Device Enrollment & Management See my blog Intune: How to MDM Enroll Android Devices (Personal w/ Work Profile) for how to MDM manage Android devices. As much as I would love to show you DEP and Supervision – and even Zero Touch, I don’t have the means neccessary to lab this up (It requires a company’s DUN, TaxID and Purchase Order to complete the process with Apple to obtain a business account). Note: For purposes of this blog, we will only be discussing Intune MDM enrollment for iOS/iPadOS. Review your business requirements to determine which path to go down. However, I need to stress, majority of scenarios can be accomplished through just normal MDM enrollment. For more information see Deployment Models. IMPORTANT: MDM and Apple Deployment Programs can be combined to provide even greater management of a device, and even fully automate the provisioning of a device such as a “ Zero Touch” approach. For more information see Deployment Reference for iPhone and iPad This enables additional functionality like GPS tracking when the device is entered into “lost mode” among other (really cool) managed features. The device can be managed through Apple’s deployment programs (formerly known as Device Enrollment Program (DEP): Apple School Manager or Apple Business Manager which allows it to be “ supervised“. The device is typically enrolled by downloading the Company Portal app and the user self-enrolls. Through device configuration profiles, Intune can manage settings within the OS, push apps, ensure device compliance is met, remote wipe all data or just business data, etc. Backgroundįor Apple iOS/iPadOS devices specifically (excluding Mac and Apple TV, although can be managed), there are two methods that can be used to manage them: This allows the operating system (OS) to be managed, fully customizing the device to the organization’s requirements. Apple TV devices can also be configured using a Wi-Fi or ethernet connection.When it comes to managing iOS and iPadOS devices within the organization, Microsoft Intune (aka Microsoft Endpoint Manager) has the capability to manage these devices via Mobile Device Management (MDM). It requires iOS devices to be connected to a Mac running Apple Configurator 2. It isn’t a zero-touch option, but it is a pretty powerful tool. This is because the records of the device and its association with an organization are required to link the device to that organization and its Apple Business Manager or Apple School Manager account.įor iPhones, iPads, and Apple TV devices purchased outside those official channels, Apple Configurator 2 allows IT departments to automate the setup and enrollment process. Only devices that are purchased directly from Apple or select Apple Authorized resellers can be configured by DEP. This occurs directly in the setup assistant and requires no additional work for the user.Īs powerful as DEP is, it does have one key limitation. When a device is activated, the activation server recognizes it as belonging to your organization and leverages Apple Business Manager or Apple School Manager to automatically enroll the device in your mobile device management (MDM) platform and apply configuration profiles to the device. Apple’s Automated Device Enrollment (often referred to by its older name, Device Enrollment Program, or DEP) makes it possible to automatically enroll iPhones, iPads, Macs, and Apple TV devices with zero touch from IT.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |