How to Enroll iOS/iPadOS devices in Intune

by | Intune

In this post I will be explaining on how to Enroll iOS devices in Intune. The enrollment process for Apple Iphone and iPad will remain same. The MDM enrollment process for iOS/iPadOS and iPadOS devices provides access to company resources such as email access and others. We can also apply Configuration profiles and Compliance policies. it can apply policies and configuration profiles. Once enrolled, we have option to create Update policy as well to deploy iOS/iPadOS updates as well.

Enrollment process requires Company Portal application. For this, user needs to install Company Portal manually and needs to initiate the enrollment process.

Pre-requisites to enroll iOS/iPadOS devices

  1. Supported Operating System: Following are the supported OS:
    1. Apple iOS 13.0 and later
    2. Apple iPadOS 13.0 and later
  2. Apple MDM Push certificate configuration – This is the certificate required to manage Apple devices. If you haven’t done it, do it now. The process consists of:
    1. Downloading the Intune certificate in CSR format
    2. Create a New Push Certificate with downloaded CSR certificate in previous step. Push certificate created will be in pem format
    3. Provide Apple ID for Apple MDM push certificate.
    4. Upload Push certificate in Intune portal.

These steps can be performed by Logging into Microsoft Endpoint Manager admin center and navigating to Home > Devices > iOS/iPadOS and click on Apple MDM Push Certificate under Prerequisites.

Check the link on how to configure Push certificate, this is a one time process only, if you have done it previously for MacOS, you don’t need to do it again.

Enroll iOS/iPadOS device using Company Portal

Apple iOS device can be enrolled by installing Company Portal and following the instructions which includes download of management profile from Microsoft and then installation of management profile. The process follows as:

Install Intune Company Portal from App Store.

Intune Company Portal
Intune Company Portal

One installed, launch the Company Portal.

Company Portal Sigin
Company Portal Sigin

Login with company account and click on Continue. Login with your email id and provide password.

EnrolliOSDevice 03

Company Portal will send important notifications to your device, click on Allow to receive the notifications.

Company Portal send Notifications
Company Portal send Notifications

Setup to Portal access will launch, which will require you to perform few steps, click on Begin.

Set up Company Portal access
Set up Company Portal access

You will get list for Device management regarding what your company Can’t see vs Can see.

Organization cannot see:

  • View browsing history on this device
  • See your personal emails, documents, contacts, or calendar
  • Access your passwords
  • View, edit or delete your photos
  • See the location of a personal device

Organization can see:

  • Device model
  • Device Manufacturer
  • Operating system and version
  • App inventory and app names
  • Device Owner
  • Device name
  • Device serial number
  • IMEI

For a corporate-owned devices, organization can additional see:

  • Applications and data in your personal profile
  • Phone number
Device management Can't
Device management Can’t

Review privacy information is completed, click on Continue to begin Download management profile

Review privacy information Company Portal
Review privacy information Company Portal

Click on Allow to download configuration profile.

EnrolliOSDevice 10

Management profile will be downloaded and can see the notification.

Profile Downloaded

We will be going through next step Install management profile, click Continue.

Install management profile
Install management profile

You will get instructions on how to install management profile.

How to install management profile
How to install management profile

Navigate to Settings > General, we can see downloaded profile name showing as Management Profile, click on it.

Management Profile
Management Profile

This will launch Install Profile page, click on Install to initiate it.

Once again click on Install to initiate installing Microsoft Intune Root Certification Authority, which will add the certificate to trusted certificates on your iPad.

Management Profile Install
Management Profile Install

Click on Trust which will enrol the iPad into remote management

Remote Management Install
Remote Management Install

We can see Management Profile got installed successfully which will be displayed under VPN & Device Management. Click on More Details.

Management Profile More Details
Management Profile More Details

This will show you list of all certificates installed including:

Device Identity Certificates and other certificates related to Intune Root CA, MDM Device and others.

EnrolliOSDevice 20
EnrolliOSDevice 21

Return back to the Company Portal setup, click on Done.

Launch Company Portal and we can see the various tabs such as Apps, Devices, Support and Notifications.

EnrolliOSDevice 22

Important links

Enroll iOS/iPadOS devices in Intune in Microsoft Intune – Microsoft Intune | Microsoft Docs

Operating systems and browsers supported by Microsoft Intune | Microsoft Docs

Set up iOS device access to your company resources | Microsoft Docs

Leave a Reply