This is the second part of a series on Windows Intune. Windows Intune is Microsoft’s mobile device management solution.
Setting up Intune – Users
Setting up the trial of Intune is pretty simple. Go to the Intune homepage and set up a trial. No credit card information is needed, and you can use your trial for 30 days and manage 25 devices. When you get signed in, the first thing that you have to do is set up users. This has to be done so that devices can be enrolled. Click the “Add users” button. If actually implementing Intune (versus trying it out), you will want to eventually tie it to some sort of single-sign on or Active Directory.
After clicking “Add users”, fill out the form with their information. You can also expand “Additional Details” for extra directory information. Next, define if this user will be an administrator, as well as their location. Leave the defaults on the “Group” page. The “Email” page allows you to send emails to the user/users that you just created. The system will send them an email with their username and temporary password. Finally, click create and the account will be created.
Setting Up Intune – Device Management
After creating your first user, this box appears on the screen. Click the “Admin Console” link.
This link will direct you to the Intune admin console (you will likely have to log in again). The first thing that appears is the ability to download the computer client, as well as setting up mobile device management authority. We will focus on mobile device management. Click on the “Set up mobile device management authority and channels” link. Click the “Set Mobile Device Management Authority” link under “Tasks” in the right pane. Check the box and click OK.
Now the remaining options on the page enables and we can begin to set up the various mobile operating systems. I am going to illustrate Intune’s capabilities with an iOS device.
To begin setting up Intune for iOS, click the iOS link. You are presented with this screen:
This is a little confusing at first, because it looks like you need an Apple APNs certificate, with usually requires an iOS developer account (at a cost of $99/year). This, however, is not the case. When you click “Upload an APNs Certificate”, you are given the option to “Download the APNs certificate request”. This streamlines the process and does not require the additional cost of an iOS developer account.
Download the csr file and click the “Apple Push Certificates portal” link. You should be presented with an Apple login screen. Ensure that you log in with a company Apple ID and not your personal ID. The created certificate will be tied to this Apple ID and cannot be transferred.
Click the “Create a Certificate” link and accept the terms and conditions. Browse to your certificate and click “Upload”. If you are using IE, you will be prompted to download a .json file. Ignore this and refresh the page. You will be present with this screen:
Notice that it says that this certificate will expire on July 25, 2015 (one year from today). This certificate has to be renewed at that date, your MDM will cease to function. This information is tied to your Apple ID, which is how you can get back to this point to renew your certificate. From this screen, we download the certificate. Click the “Download” button and save the file. Now we can go back to Intune and upload the certificate. Browse for the downloaded certificate and type in the Apple ID assigned to it.
Now that we have iOS configured, we can enroll a device. Go to https://m.manage.microsoft.com on the mobile device. Log in with the account that we set up earlier.
Once you’re signed in, click the “Install” button. This will enroll the device into Intune.
Click “Install” to install the MDM profile.
It will take it a few seconds, but after the system generates the appropriate keys, the device will enroll.
We can go back to the Intune console and see the new device:
Disclaimer
All content provided on this blog is for information purposes only. Windows Management Experts, Inc makes no representation as to accuracy or completeness of any information on this site. Windows Management Experts, Inc will not be liable for any errors or omission in this information nor for the availability of this information. It is highly recommended that you consult one of our technical consultants, should you need any further assistant.
