Export (0) Print
Expand All

Getting started with Microsoft Intune: walkthrough guide

Updated: November 21, 2014

Applies To: Microsoft Intune

This walkthrough guide helps you to get started using Microsoft Intune to manage mobile devices and computers in under an hour. If you want to learn more about Intune before using this guide, please see the Microsoft Intune evaluation guide and the Microsoft Intune Service Description.

Before you start this walkthrough, you will need the following:

  • Administrator device. A device with a Silverlight-enabled web browser that you can use to access the websites where you, the IT administrator, create user accounts (the Account Portal) and where you manage devices and users (the Administrative Console).

  • A Mobile device (or use InPrivate browsing on the administrator device). A second device with a web browser, that you can use to access the Company Portal to see how most Intune users will enroll and manage their devices, find and install software, and request help from administrators.

    noteNote
    Instead of using a second device with a web browser, you can use the “privacy mode” setting on the same browser that you use for Intune administration (for example: in Internet Explorer, you can click Settings > Safety > InPrivate Browsing).

  • Microsoft Online Services work or school account, if you have one. If you have an existing Microsoft Online Services account, you will need the tenant administrator credentials for that account. You don’t need this if you don’t have such an account, or if you want to use this walkthrough for evaluation purposes only.

  • Certificates and Accounts. Depending on which types of devices you will manage in this walkthrough, you might need several certificates (or keys) and accounts to retrieve those certificates:

     

    Platform Requirements More information

    Windows Phone 8 and Windows Phone 8.1

    Download the Support Tool for Intune Trial Management of Windows Phone

    Follow the installation instructions provided on the support tool download page to upload the signed SSP.xap file in the Intune account portal. This enables Windows Phone trial account enrollment.

    Windows RT, Windows RT 8.1, or Windows 8.1 devices.

    There are no requirements for enrolling Windows RT and Windows devices.

    To learn more, see Set up your computers to be managed by Microsoft Intune.

    iOS 6.0 or later

    Get an Apple Push Notification service certificate.

    Request an Apple Push Notification service certificate from Apple, as described here: Start managing iOS devices with Microsoft Intune.

    Android

    None.

    Not applicable.

You can complete this walkthrough in 30 minutes to set up a few users and either a few mobile devices or a few computers. With an hour, you can set up both mobile devices and computers, and also complete the optional portion of the walkthrough in which you configure alerts, notifications and reports.

The time required for each task is as follows:

Whether you Sign Up or Sign In depends on whether your organization already has an Microsoft Online Services work or school account, whether you have an Enterprise Agreement or equivalent volume licensing agreement with Microsoft, and whether you plan to use the subscription that you set up as part of this walkthrough after you evaluate Intune:

 

Sign Up for a new account if: Sign In with your work or school account if:

You don’t have a work or school account, as is provided when you sign a volume licensing agreement with Microsoft or subscribe to Office 365. You should sign up for a new account if your organization does not have a work or school account. If your organization has not signed an Enterprise Agreement or equivalent volume licensing agreement with Microsoft (or has Office 365 account), then you do not have an Microsoft Online Services account that you can use to sign in to Microsoft Online Services.

OR

You will discard your free trial after completing the walkthrough. If you are using your Intune free trial subscription for evaluation purposes only, and you plan to redo your Intune service setup and device provisioning after using this walkthrough guide. This is the recommended option if you plan to use Intune with System Center 2012 Configuration Manager.

ImportantImportant
If you sign up for a new account, you cannot later use an existing work or school account to manage that account, or combine it with existing volume licensing agreements.

You have a work or school account provided with a volume licensing agreement or Office 365 subscription, and you are using this walkthrough to set up Intune. If you have a Microsoft Online Services work or school account, which is provided when you sign an Enterprise Agreement or equivalent volume licensing agreement with Microsoft (or when you subscribe to Office 365), and you want to use the steps in this walkthrough to set up the Intune service and provision devices for production use, you should sign in with your existing work or school account. This will ensure that your Intune free trial links to your existing Microsoft Online Services.

ImportantImportant
If you are setting up Intune on an existing account, we recommend that you review Configure Microsoft Intune before proceeding with this walkthrough.

  1. First, click here to visit the Intune Sign up page.

  2. On the Sign up page you have two options:

    • Subscribe using your Microsoft Online Services work or school account: Click Sign in if you already have a work or school account, and you want to use the same account to subscribe to both services. When you use the same account for multiple services, those services use the same Azure AD infrastructure and are tenants of Azure AD. Azure AD provides the core directory and identity management capabilities for Microsoft cloud services.

    • Subscribe to Intune only: If you do not yet subscribe to a cloud service, complete the form on the sign-up page to subscribe to Intune.

       

      Fields More information

      Country or region

      This sets the Azure region where the data you use with Intune is located. This also determines billing and applicable taxes for the cloud service.

      This selection determines the fields that appear later in this form where you specify your physical address.

      Organization language

      This sets the language that you want to use for business communications from Microsoft.

      First name, and Last name

      These are associated with the initial user account that Intune creates to manage your subscription.

      Organization name

      The organizational name is typically your company name, and is the name that will display to users who interact with your subscription.

      Address (various)

      This is the mailing address of your organization.

      Email address

      The email address that you provide is where you receive service information, billing, and details for password resets. Additionally, promotional information that you choose to receive is sent to this address.

      New domain name

      Specify a domain name to use with onmicrosoft.com. This domain name is free with your trial or paid subscription.

      By default, this domain name is associated with your subscription and user accounts that you add to Intune. After you subscribe, you can add and use a domain name that you already own, or continue to use the free onmicrosoft.com domain.

      New User ID, and password

      Specify an account name and password for the initial tenant administrator account for your subscription. This can be any name you choose and will be associated with the first name and last name you provided in this same form.

After you complete the form and accept the Microsoft Online Subscription Agreement:

  • You are automatically signed in to the Microsoft Intune account portal with the tenant administrator account.

  • An email message that contains your account information is sent to the email address that you provided during sign-up. This confirms your subscription is active.

Now that your account has been set up, you should add user accounts that will be used by other users of Intune.

You use the New users wizard to add individual user accounts. Follow the procedure below to create at least three additional user accounts, with unique names for each user. Each user account that you add counts against the 25 licenses that are available to you as part of your Intune free trial.

To learn more about adding users, see Set up Microsoft Intune.

  1. In the Intune account portal, click Users > New.

  2. Click User to start the New users wizard.

    1. On the Details page, complete the required fields.

    2. On the Settings page set the location for the user.

    3. On the Group page, click Next to accept the default and assign a license for Intune to the user’s account. This will count against the set of 25 licenses that you have available as part of your free trial.

    4. On the Email page, specify up to five email addresses that will receive notification of the user name and temporary password for the account. Separate multiple email addresses by semicolons (;). When ready, click Create to add the user to your subscription.

    5. On the Results page you can view the new account name and its temporary password. Intune automatically creates the temporary password.

The new user now appears in the Users node of the account portal.

  1. In the Intune administration console, click Administration > Company Portal, and then scroll to the bottom of the screen. Copy the URL shown under Intune company portal.

  2. Open a new browser window in “privacy mode” (in Internet Explorer, click Settings > Safety > InPrivate Browsing), or on a different device, and then navigate to the URL that you copied in the previous step. When the user signs-in for the first time, they must provide a new password for the account.

Groups in Intune give you great flexibility for managing your devices and users. You can set up groups to suit your organizational needs (for example, by geographic location, department, or hardware characteristics). You can use groups to perform a wide variety of administrative tasks at scale, from setting policies for a set of users to deploying applications to a set of devices.

To learn more about using groups, see Use groups to manage users and devices with Microsoft Intune.

  1. In the Intune administration console, click Groups > Overview > Create Group.

  2. For the Group name, type “My Trial Devices” and from the parent group list, select All Devices, and then click Next.

  3. On the Define Membership Criteria page, select All devices, to indicate that the group includes both mobile devices and computers.

  4. On the Define Direct Membership page, click Next. If we had created a group that did not include all devices, and we wanted to add specific devices to our new group, we could do that here.

  5. On the Summary page, review the actions that will be taken, and then click Finish.

The newly created group can be found in the Groups list, in the Groups workspace, under All Devices. From here, you can also edit or delete the group.

  1. In the Intune administration console, click Groups > Overview > Create Group.

  2. For the Group name, type “My Trial Users” and from the parent group list, select All Users, and then click Next.

  3. On the Define Membership Criteria page, next to Exclude members from these security groups, click Browse and then select Company Administrator. This exclusion will let you manage the My Trial Users group without affecting the Company Administrator account (also known as the tenant administrator).

  4. On the Define Direct Membership page, click Next. You don’t need to do anything here because you want the My Trial Users group to include all users, except for the Company Administrator.

  5. On the Summary page, review the actions that will be taken, and then click Finish.

The newly created group can be found in the Groups list, in the Groups workspace, under All Users. From here, you can also edit or delete the group.

Intune policies provide you with straightforward settings that help control the security settings on mobile devices, maintain Windows Firewall and Endpoint Protection settings for computers, and deploy applications. If you are planning to use the service or devices that you configure in this walkthrough for real, production use (instead of just evaluation), it is absolutely essential that you follow the instructions found in Configure security policy for mobile devices in Microsoft Intune and Help secure your computers with Endpoint Protection and Windows Firewall policy for Microsoft Intune. In this walkthrough, you will set up a mobile device security policy and a computer firewall policy, and then prepare to deploy an app to mobile devices after they are enrolled.

  1. Open the Intune administration console.

  2. In the workspace shortcuts pane, click the Policy icon.

  3. In the Tasks list on the Policy Overview page, click Add Policy.

  4. Select Mobile Device Security Policy, click Create and Deploy a Policy with the Recommended Settings, and then click Create Policy.

  5. A confirmation message appears that prompts you to confirm whether you want to deploy the policy now. To deploy the policy, click Yes.

  6. In the Manage Deployment dialog box, select All Users to deploy the policy to all users that you manage, click Add, and then click OK.

By creating this policy, you have ensured that mobile devices enrolled in Intune will:

  • Lock after 15 minutes of inactivity

  • Require a password to unlock

  • Permit only four repeated sign-in failures before being wiped

  1. Open the Intune administration console.

  2. In the workspace shortcuts pane, click the Policy icon.

  3. In the Tasks list on the Policy Overview page, click Add Policy.

  4. Select Windows Firewall Settings, click Create and Deploy a Policy with Recommended Settings > Create Policy.

  5. A confirmation message appears that prompts you to confirm whether you want to deploy the policy now. To deploy the policy, click Yes.

  6. In the Manage Deployment dialog box, select the user group My Trial Users to deploy the policy to all users that you manage, click Add, and then click OK.

By creating this policy, you have ensured that computers enrolled in Intune will:

  • Turn on the Windows Firewall at all times (whether on a domain, a private network, or a public network)

  • Notify the user when Windows Firewall blocks a new program (whether on a domain, a private network, or a public network)

  1. In the Intune administration console, click Software > Managed Software > Add Software. If prompted, enter your Intune credentials.

    noteNote
    When you start the Intune Software Publisher for the first time, a short delay occurs while the application is installed.

  2. On the Before you begin page, click Next.

  3. On the Software setup page, select External link in Select how this software is made available to devices.

  4. Enter the external link for the software in Specify the URL, and then click Next. Depending on which mobile device platform you are using for this walkthrough, you should use one of the following links:

    1. iOS: https://itunes.apple.com/us/app/microsoft-lync-2010-for-iphone/id484293461?mt=8

    2. Android: https://play.google.com/store/apps/details?id=com.microsoft.office.lync15

    3. Windows Phone 8 or Windows Phone 8.1: http://www.windowsphone.com/en-us/store/app/lync-2013/d85d8a57-0f61-4ff3-a0f4-444e131d8491

  5. On the Software description page, provide the information that you want users to see in the company portal for the software, and then click Next. The following settings are available:

     

    Setting Details

    Publisher

    Enter the name of the publisher: Microsoft.

    Name

    Enter Microsoft Lync.

    Description

    Enter a description for the software. (Lync messaging and videoconferencing app)

    Category

    Select the category that best fits this software: Collaboration

    Display this as a featured app and highlight it in the company portal

    Select this option to display the app prominently in the company portal on mobile devices.

    Icon

    Choose whether to associate an icon with the software. The maximum size for the icon is 250 x 250 pixels. The recommended size is 32 x 32 pixels. This setting is optional, so skip it for this walkthrough.

  6. On the Summary page, verify the software information, and then click Upload. Click Close to exit the wizard.

  7. In the Intune administration console, click Software > Managed Software > Manage Deployment.

  8. Click Microsoft Lync.

  9. On the Select Groups page, select My Trial Users to deploy the software to that user group, and then click Next.

  10. On the Deployment Action page, select Available Install from the Approval column for each group.

  11. Click Finish.

The Microsoft Lync app will now be available to install on mobile devices from the company portal. But first, we need to install Intune software on mobile devices and computers.

There are a wide variety of ways that you a user can install the Intune client software on computers: they can use an installer provided by the administrator to manually enroll, or Intune software can be included in an OS image or deployed using Group Policy. They can also self-enroll their computers. For this walkthrough, we will use the self-enrollment approach.

When users self-enroll their computers through the Microsoft Intune company portal, each enrolled computer is linked to the user account that was used to install the client software.

To learn more about computer management using Intune, see Set up your computers to be managed by Microsoft Intune.

noteNote
  • The user must be an administrator on the computer to install the client software.

  • Self-enrolling requires that Internet Explorer is installed on the client computer.

  • Each time a user self-enrolls a computer, it uses a Microsoft Intune license.

  • You must use a Microsoft Online Services work or school account to self-enroll a computer. This is the account that you used to sign in, or the administrator account that was created when you signed up for the free trial.

  • If the client software is already installed on a computer, the end-user will receive an error.

  1. In the Intune administration console, click Administration > Company Portal, and then scroll to the bottom of the screen. Copy the URL shown under Intune company portal.

  2. Use Internet Explorer to browse to the company portal URL that you acquired in the previous step, and log in with your administrator credentials.

  3. Click Add Device.

  4. Click Download Software and then click Run.

  5. Click Next to start the Microsoft Intune Setup Wizard.

  6. When the Setup Wizard has completed, click Finish.

Before you enroll mobile devices, you must complete the Prerequisites for your mobile devices, as discussed in the introduction of this walkthrough.

To set up mobile devices to work with Intune, you must first set the Mobile Device Management Authority, and then follow the instructions to set up mobile devices. After you complete these steps, you can use the Company Portal app on each device to download the Microsoft Lync application that you published previously.

To learn more about mobile device management using Intune, see Manage mobile devices with Microsoft Intune.

Follow the instructions in Manage mobile devices with Microsoft Intune to set the Mobile Device Management Authority.

  1. Ensure that you have completed the Prerequisites; including publishing the signed Windows Phone account portal that you downloaded from the download center.

  2. On the Windows Phone device, go to Settings > Workplace > add account.

  3. You will be asked to provide user credentials for one of the user accounts that you created previously. When authentication is successful, Intune establishes a relationship between the user and the Windows Phone device.

  4. Tap Install company app or Hub to install the company portal app and enroll the device.

  • Open the Company Portal on the device, choose Apps, and then install Microsoft Lync.

In the Intune administration console, alerts are used to quickly assess the overall health of managed devices in your organization. You can configure and customize alerts so that they report and display only the information you need for your organization. You can set whether an alert is enabled or disabled, configure the severity, use the display threshold to determine how frequently an alert event must be triggered before an alert is displayed, and also configure settings that are specific to certain types of alerts.

Notifications are used to inform administrators (and other users) using e-mail when certain types of alerts are triggered.

Reports are used to answer a range of questions, such as how many computers have a particular application or update installed, what malware was blocked, or which users needed Remote Assistance over the last month.

To learn more about alerts, notifications, and reports, see Monitoring and reporting with Microsoft Intune.

  1. In the Intune administration console, click Alerts > Overview > Configure Alert Type Settings.

  2. Click the search box, type “malware”, and then click the search icon.

  3. Right-click Investigate New Malware > Configure. Note that this alert is part of the Endpoint Protection category.

  4. In the Severity list, change the alert severity to Critical, and then click OK.

Now that we have increased the severity of this alert, let’s set up a notification to ensure that our malware expert is informed whenever this alert is triggered.

  1. In the Intune administration console, click Alerts > Overview > Configure Alert Type Settings.

  2. Click Notification Rules, and then click Create New Rule.

  3. Click Notification Rules, and then click Create New Rule.

  4. Complete Step 1 of the Create Notification Rule Wizard as follows:

    • Name: type “Critical Malware Alerts”.

    • Select the categories that apply: choose Endpoint Protection.

    • Select the alert severity: choose Critical.

  5. Complete Step 2 of the wizard by selecting All Devices, and then clicking Next.

  6. Complete Step 3 the wizard by choosing e-mail addresses that will be notified.

As a result of creating this notification, all critical endpoint protection alerts (including the one that you configured to be critical in the previous section) will generate an e-mail notification to the list of recipients that you provided.

  1. In the Intune administration console, click Reports > Mobile Device Inventory Reports.

  2. Under Select device groups, click Edit, and then clear the checkbox for All Devices and select the checkbox for My Trial Devices.

  3. Click Save As, and for the name, type “My Trial Device inventory”.

You now have a report that shows you the inventory for all devices in the My Trial Devices group that you created earlier in this walkthrough.

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft