Enrol iOS Devices through Intune


This is my first post regarding Microsoft Intune even though i have been using it in a corporate infrastructure for quite a while now, Intune is a cloud based mobile device and operating system management solution which will eventually replace SCCM. I would advise you get an EMS (Enterprise Mobility + Security) trial direct from Microsoft which lasts for 90 days, this gives you access to Intune as well as an Azure AD Premium 2 subscription plus much more.

Now before you enrol an iOS device such as an iPad or an iPhone you need an Apple MDM Push Certificate which is quite straightforward to setup, once you have this it will last for 365 days before it expires. There are many ways to enrol iOS devices such as DEP, Apple School Manager and Apple Configurator Direct Enrollment so research which method is best for you as DEP for instance will still let you manage aspects of the device using Intune. Below is how you nagivate to your MDM cert area.

  • Login to your Azure Portal
  • Navigate to Intune
  • Device Enrollment
  • Apple Enrollment
  • Apple MDM Push Certificate

I would also advise you have a basic level of configuration for the following elements of Intune before enrolling new devices:

  • Device Enrollment Restrictions – With this configured you can specify Platforms so perhaps iOS only, the Minimum and Maximum versions and how many devices a user can enroll
  • Device Compliance Policies – Ensure your future devices comply with security settings for instance such as setting minimum password lengths, restrict apps and set the Device Threat Level. You can also block Jailbroken devices which is especially useful if you are operating in a corporate environment
  • Device Configuration Profiles – You have a number of options here but for now i would setup device restrictions, with this you can stop your users from making modifications such as changing the passcode and installing apps. Other profiles such as Device Features, Wi-Fi and VPN are widely used
  • Conditional Access – Conditional Access protects corporate resources by requiring certain conditions to be met before access is granted, App Based Conditional Access is a great feaure.


  • Open your App Store and search for Intune Company Portal
  • Tap Get
  • Enter your company email address or if you have a test portal ensure you have a few test accounts in there with a License assigned to them (Check Microsoft Intune>Users-All Users and check the license for your chosen test account)
  • Tap Next
  • Now enter your password
  • Tap Sign in
  • If the authentication was successful you should see this
  • This part is where you begin the process of enabling your device to access company resources, you can postpone however you won’t be able to access your documents, emails etc
  • Tap Begin
  • ps. You may have setup Terms and Conditions so you will see a window for that before this one but i haven’t managed to get round to that yet, another post maybe!
  • Observe the brief
  • Tap Continue
  • Tap Continue
  • The redirect will send you to Safari to get management information for your device
  • Tap Allow
  • Tap Install
  • Enter your passcode
  • Tap Install
  • With the Management Profile segment almost concluded you are now going to start the process to install the certificate to allow MDM through intune
  • Tap Install
  • Tap Trust to allow your company to manage corporate information and settings on your device
  • Tap Done
  • You are now prompted to open the final part using the Company Portal App
  • Tap Open
  • p.s At this point once the app opens, you may be asked to specify the best category for your device if this has been configured under Intune>Device Enrollment>Device Categories.  If you have setup other features such as compliance policies etc you will be presented with slightly more options to configure
  • That’s it, take a look at the brief description of what has been achieved
  • Tap Done