Category Office Apps & Services

Intune – MDM – Device Enrolment – Add an iPhone Device

Intune – Mobile Device Management – Device Enrolment – Add a Device

Lets focus on BYOD (Bring Your Own Device)

Example Apple – iOS enrolment

BYOD

  • Devices are not wiped during enrolment
  • Device is associated with a user
  • Users can unenroll the device

At this point we have already completed the Pre Req’s (See Apple MDM Push Certificate if you haven’t done this already)

Apple Configurator / Devices

https://devicemanagement.microsoft.com

We need to add an iOS device you will need the serial number and device detail in a CSV file to import

CSV format <device serial>,<Detail Owner? Device type)

Add a device

Devices> iOS > Apple Configurator

Have you created a Profile? Create a Profile before adding a device, see this guide

Select a profile and import your CSV file contain all your devices. Then click add.

Success !! Devices Added

Additional info from Microsoft Docs available here

Intune – MDM – Device Enrolment – Create a Profile

Intune – Mobile Device Management – Device Enrolment – Create a Profile

Lets focus on BYOD (Bring Your Own Device)

Example Apple – iOS enrolment

BYOD

  • Devices are not wiped during enrolment
  • Device is associated with a user
  • Users can unenroll the device

At this point we have already completed the Pre Req’s (See Apple MDM Push Certificate if you haven’t done this already)

Now : Create a Profile

You need to create a profile before enrolling a device.

Apple Configurator / Devices

https://devicemanagement.microsoft.com

We need to add a Profile

Profiles > Create


Enrol with User Affinity ( i.e Map the Device to a User) + Auth via company Portal (Example options selected)


Then click “Create”

Success a profile is created


Intune – Apple MDM Push Certificate

Intune – Mobile Device Management – Device Enrolment – Apple MDM Push Certificate

Lets focus on BYOD (Bring Your Own Device)

Example Apple – iOS enrolment

BYOD

  • Devices are not wiped during enrolment
  • Device is associated with a user
  • Users can unenroll the device

MDM push Certificate required

Go to device management https://devicemanagement.microsoft.com

Enrol iOS devices in Intune


Devices > Apple Enrollment > Apple MDM Push Certificate

You will need an Apple ID used on your Device

Step 3 expanded….

Create your MDM push certificate redirects you to login to the Apple portal with your Apple ID

https://identity.apple.com/pushcert/

Click “Create a Certificate

Read, Tick and Accept the terms

Upload your CSR

Download Certificate

Then View Manage Certificates. Note Expiry date!


Now back to step 4.


Enter Apple ID

Step 5


Add your MDM push certificate


Click upload

Success….


Intune – Mobile Device Management – Register and Assign a Intune License

Setting up Intune on your current Office365 subscription.

Things to know..

  1. Check your Pre Reqs/Supported devices
  2. More than 150 licenses for EMS? Check out FastTrack Center Benefit!
  3. DNS registration
  4. Users and Groups
  5. Intune license required
  6. Apps can be assigned to groups to be installed automatically
  7. You can create profiles on devices
  8. Define app policies / and restrictions

Getting started

Signup, Already using Office 365 = You already have an account

Yes, add it to my account

Try now

Continue

Check your email

Assign the license

Editing users (User Management) https://admin.microsoft.com

Add the Intune license

Save

You will now see the license is assigned to the user

WVD – Windows Virtual Desktop – Admin Tasks, Tips and Useful Blogs

Office 365, Legacy Applications and MFA

Some legacy applications don’t support MFA. This is a solution to enable the apps to continue to function when MFA is enabled for a user in Office365.

How to create a “Additional Security Verification App Passwords”

Browse to https://portal.office.com/account/

Click “Security & Privacy” then click “Manage Security and Privacy”

Expand / Click on “Additional Security Verification”

Click “Create and manage app passwords”

Click “Create”

Enter a Name , example “Diary Sync” and click “Next”

Click “copy password to clipboard” (YOU NEED THIS PASSWORD)

(password above example only)

Some might get this error. Copy the password. (short cut to copy > Ctrl +A, then Ctrl + C)

(password above example only)

Click “Close”

You now have an application password which you can use with your legacy application without MFA causing any integration problems

Office 365 – Security (Part 1)

Have you setup MS Office 365? Did you start with security in mind?

Have you reviewed your Security and privacy settings? Nothing is configured out of the box. When implementing o365, start treating the platform as if you were securing your On-Prem infrastructure.

Start with the basics:

  • Password Policies
  • Privacy Statements

Can you add additional security to users?

Have you enabled and enrolled users to use MFA? Is it Enfored MFA?

Has access been restricted?

https://docs.microsoft.com/en-us/sharepoint/control-access-based-on-network-location

Mobile Device Management, are you applying any controls to apps accessing OneDrive?

Has logging been enabled for the Office 365 Security and Compliance reports and stats