In this post, I’m going to show you how to add existing iOS devices into Intune using Apple Configurator 2, Apple Business Manager, and Microsoft Intune.
Warning: This process will wipe devices! Please backup your devices before doing this to ensure data is retained.
Also, in order to use this configuration, you will need to be an:
- Intune administrator in Azure
- Administrator or device enrollment manager in Apple Business Manager
Adding the iOS Device to Apple Business Manager
For the configuration of this process, you will need to configure the Apple MDM push certificate as well as an enrollment program token. For a demo on how to set up a push certificate, read this Microsoft Demo.
An ADE token “lets Intune sync information about ADE devices that your corporation owns. It also allows Intune to upload enrollment profiles to Apple and to assign devices to those profiles. You can use the Apple Business Manager (ABM) or Apple School Manager (ASM) portal to create a token”1.
Once the enrollment token is set up, make sure you create enrollment profiles for your specific platforms and your environment. Devices must have an enrollment profile assigned before they are powered on and successfully enroll. So make sure to set your default profiles!
For the configuration of Apple Configurator 2, you need to set the organization by using your Apple Business Manager account as well as an MDM server.
To start the deployment, attach the device, make sure it shows up, select the device, select ‘Prepare’.
For now, choose ‘Manual Configuration’. Add it to your Apple Business Manager, and also choose ‘Allow Devices To Pair With Other Computers’.
Select your MDM server as well as your organization.
If you’re going to do this in production, you probably want to set up a wi-fi profile to make it faster. For the purposes of this demo, we will not cover this process. But for a demo on how to set up a wifi profile in Apple Configurator 2, look watch this video.
Select ‘Prepare’. Notice you may get messages regarding it will erase. Select ‘Erase’.
The device will reset. It will be wiped, reconfigured, and added into Apple Business Manager.
Adding The iOS Device To Microsoft Intune
Now we have to add it from configuration manager into Intune. And you do that by going back to the Apple Business Manager.
First, go to settings. Notice in the MDM server, you now have a device in the MDM configurator called ‘Apple Configurator’.
Select ‘Show Devices’. Select the device that you added. Click ‘Edit Device Management’.
Change the device management to the Intune environment. Do this by selecting ‘Edit Device Management’, and under the ‘Assign The Server’ drop down, select the Intune option, and hit ‘Continue’. Now this device will be reassigned to Intune.
If you go to settings, you’ll now see that there’s now nothing in Apple Configurator 2. Instead, now the device is in the Intune environment.
There is a sync process that happens every 12 hours. You can also manually kick it off. To do so, go into the enrollment token. Select ‘Devices’. Select ‘Sync’ and then ‘Refresh’.
Now your device is in Intune. By default, since you set you default profiles, it should now go and enroll into the profile that you set up earlier.
Alternatively, if you want to assign a different profile, you can select the machine profile and it will give you different options if you have different profiles.
Checking Configuration On the Device
After you’ve prepared the device in Intune, turn it on. Once the device is to the preset screen, you will need to go to the Apple Business Manager and reassign the device to Intune MDM server. You’ll also need to verify that it is now listed inside Intune.
This device is now registered inside Intune. Congratulations!
