If Microsoft announces new features for Intune they are mostly applied first for iOS. My customers want to manage mainly iOS devices as well.
That’s why I just try to test the Intune capabilities first for iOS.
I have many options for deploying configurations to apple devices. However, occasionally, I can encounter a requirement that is not supported natively. I had two such requirements today:
- Deploy WPA2 Personal Wifi profile with password. Native support from Intune.
- Deploy Cisco IPSec VPN profile to iOS device. Native support from Intune.
Standalone Intune has a feature to deploy custom iOS policies. This lets you basically deploy a XML file with the supported configuration information you want to set on an iOS device even if it isn’t available in the Intune console.
The easiest way to create a profile file is to use the Apple Configurator, it is only available for OS X. Actually my girlfriend has an MacBook Air where I installed the Apple Configurator from the App store.
More information about valid syntax and settings can be found here.
To deploy the newly created custom iOS policy file do the following:
- Login to the Intune console at http://manage.microsoft.com.
- Under Policy and Configuration Policy, select Add
- Select Create and Deploy a Custom Policy and Create Policy.
- Enter a Name, Name displayed to the user and import the mobileconfig file created before. Then select Save Policy.
- A dialog appears that asks you if you want to deploy the policy.
- Then select a group to deploy the policy to.
- On the iOS device, in my case an iPad Mini I can now see that the policy is applied under the Management Profile (yes it is in Swedish).
This Tool you can use if you want a bulk enrollment for iOS devices with Device Enrollment Program. The recommended way of managing company owned iOS devices as it can configure the iOS device to be enrolled during setup of the device even after a reset. It can also configure the iOS device to be in Supervised mode as well which allows for many more management capabilities. All this is done over-the-air so no cable or handling needed by the IT department just register the device in DEP and then send it directly to the end-user, you can configure the first time setup wizard using Intune and controlling which options should be available. You could say that DEP is the same as Apple Configurator over-the-air also note that DEP is not available in all countries which also could be a challenge.