Deploying iOS Custom Profiles for Microsoft Intune

If Microsoft announces new features for Intune they are mostly applied first for iOS. My customers want to manage mainly iOS devices as well.

That’s why I just try to test the Intune capabilities first for iOS.

I have many options for deploying configurations to apple devices. However, occasionally, I can encounter a requirement that is not supported natively. I had two such requirements today:

Standalone Intune has a feature to deploy custom iOS policies. This lets you basically deploy a XML file with the supported configuration information you want to set on an iOS device even if it isn’t available in the Intune console.

The easiest way to create a profile file is to use the Apple Configurator, it is only available for OS X. Actually my girlfriend has an MacBook Air where I installed the Apple Configurator from the App store.

Launch Apple Configurator and create a new profile. Turn “Supervise” on and click the + to “Create New Profile”.1

Enter the information about the Wi-Fi network, here you can select WPA2 Personal and supply the password which isn’t possible in Microsoft Intune for now at least. Then select “Save”:3

Enter a name for the connection. Select the “Connection Type”. See that there are a bunch of settings to choose from here. Enter the Group Identifier and Shared Secret. Save the profile:2

This is the saved profile. Select the arrow to export it. Save it somewhere where you can access it later and upload it to Intune, I save it to my Onedrive.4

More information about valid syntax and settings can be found here.

To deploy the newly created custom iOS policy file do the following:

  1. Login to the Intune console at http://manage.microsoft.com.
  2. Under Policy and Configuration Policy, select Add
  3. Select Create and Deploy a Custom Policy and Create Policy.5
  4. Enter a Name, Name displayed to the user and import the mobileconfig file created before. Then select Save Policy.6
  5. A dialog appears that asks you if you want to deploy the policy.
  6. Then select a group to deploy the policy to.
  7. On the iOS device, in my case an iPad Mini I can now see that the policy is applied under the Management Profile (yes it is in Swedish).

This Tool you can use if you want a bulk enrollment for iOS devices with Device Enrollment Program. The recommended way of managing company owned iOS devices as it can configure the iOS device to be enrolled during setup of the device even after a reset. It can also configure the iOS device to be in Supervised mode as well which allows for many more management capabilities. All this is done over-the-air so no cable or handling needed by the IT department just register the device in DEP and then send it directly to the end-user, you can configure the first time setup wizard using Intune and controlling which options should be available. You could say that DEP is the same as Apple Configurator over-the-air also note that DEP is not available in all countries which also could be a challenge.

2 Comments


  1. Hi, is this also possible in hybrid (Intune via SCCM)?

    Reply

    1. Hallo Mike, for sure.
      Same configs are available in SCCM console as well.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *