How to Enroll iOS/iPadOS devices in Intune

In this post I will be explaining on how to Enroll iOS devices in Intune. The enrollment process for Apple Iphone and iPad will remain same. The MDM enrollment process for iOS/iPadOS and iPadOS devices provides access to company resources such as email access and others. We can also apply Configuration profiles and Compliance policies. it can apply policies and configuration profiles. Once enrolled, we have option to create Update policy as well to deploy iOS/iPadOS updates as well.

Enrollment process requires Company Portal application. For this, user needs to install Company Portal manually and needs to initiate the enrollment process.

Pre-requisites to enroll iOS/iPadOS devices

Supported Operating System: Following are the supported OS:
1. Apple iOS 13.0 and later
2. Apple iPadOS 13.0 and later
Apple MDM Push certificate configuration – This is the certificate required to manage Apple devices. If you haven’t done it, do it now. The process consists of:
1. Downloading the Intune certificate in CSR format
2. Create a New Push Certificate with downloaded CSR certificate in previous step. Push certificate created will be in pem format
3. Provide Apple ID for Apple MDM push certificate.
4. Upload Push certificate in Intune portal.

These steps can be performed by Logging into Microsoft Endpoint Manager admin center and navigating to Home > Devices > iOS/iPadOS and click on Apple MDM Push Certificate under Prerequisites.

Check the link on how to configure Push certificate, this is a one time process only, if you have done it previously for MacOS, you don’t need to do it again.

Enroll iOS/iPadOS device using Company Portal

Apple iOS device can be enrolled by installing Company Portal and following the instructions which includes download of management profile from Microsoft and then installation of management profile. The process follows as:

Install Intune Company Portal from App Store.

One installed, launch the Company Portal.

Company Portal will send important notifications to your device, click on Allow to receive the notifications.

Setup to Portal access will launch, which will require you to perform few steps, click on Begin.

You will get list for Device management regarding what your company Can’t see vs Can see.

Organization cannot see:

View browsing history on this device
See your personal emails, documents, contacts, or calendar
Access your passwords
View, edit or delete your photos
See the location of a personal device

Organization can see:

Device model
Device Manufacturer
Operating system and version
App inventory and app names
Device Owner
Device name
Device serial number
IMEI

For a corporate-owned devices, organization can additional see:

Applications and data in your personal profile
Phone number

Device management Can't — Device management Can’t

Review privacy information is completed, click on Continue to begin Download management profile

Review privacy information Company Portal

Click on Allow to download configuration profile.

Management profile will be downloaded and can see the notification.

We will be going through next step Install management profile, click Continue.

Install management profile

You will get instructions on how to install management profile.

How to install management profile

Navigate to Settings > General, we can see downloaded profile name showing as Management Profile, click on it.

Management Profile

This will launch Install Profile page, click on Install to initiate it.

Once again click on Install to initiate installing Microsoft Intune Root Certification Authority, which will add the certificate to trusted certificates on your iPad.