Planning and Requirements for Exchange ActiveSync Management of Mobile Devices with Windows Intune
Updated: December 17, 2012
Applies To: Windows Intune
This topic provides an overview of the steps that you should take before you connect Windows Intune to your Exchange Server.
|If you are also using Windows Intune direct management to manage mobile devices, we recommend that you deploy the Exchange Connector only in the same environment where have configured Windows Intune direct management.|
To prepare to connect Windows Intune to your Exchange Server
Configure Active Directory synchronization.
To connect Windows Intune to your Exchange environment, you must configure Active Directory synchronization so that your local users and security groups are synchronized to the Windows Azure Active Directory and can appear in the Windows Intune administrator console. To configure Active Directory synchronization, you need to set up the Microsoft Directory Synchronization tool. When you set up the Microsoft Directory Synchronization tool, it populates the Windows Intune account portal with synchronized users and security groups and it enables Windows Intune to retrieve user information for mobile device users.
Important To ensure that your AD DS infrastructure is properly prepared for Windows Intune, we strongly recommend that you review Active Directory Synchronization Roadmap.
Enable Domain Verification.
When you set up your Windows Intune account, make sure to enable domain verification in the Windows Azure Active Directory service. When this is done, you can synchronize mailbox information for connected users, and users who are managed by Windows Intune can synchronize their email messages.
Activate synced users for Windows Intune.
After you synchronize your local users and security groups to the Windows Azure Active Directory, you must activate the synchronized users and assign them membership in the Windows Intune user group to provision them in Windows Intune. The process of provisioning defines device owners as managed users in Windows Intune. After provisioning is complete, users are displayed and can be managed in the Windows Intune administrator console. You do not need to activate the synced security groups. For more information, see the “Adding Users and Security Groups to Windows Intune” section in the Windows Intune Getting Started Guide.
Set the Mobile Device Management Authority to Windows Intune.
The mobile device management authority determines where you will perform mobile device management tasks. You can set the mobile device management authority to Windows Intune by using the Windows Intune administrator console or you can set the authority to System Center Configuration Manager by using the System Center Configuration Manager console.
We recommend that you deploy the Exchange Connector only in the same environment where you set the mobile device management authority.For information about how to set the mobile device management authority to System Center Configuration Manager, see the System Center Configuration Manager 2012 SP1 documentation. For information about how to set the mobile device management authority to Windows Intune, see Set the Mobile Device Management Authority to Windows Intune.
Caution Consider carefully whether you want to manage mobile devices by using Windows Intune only or System Center Configuration Manager with Windows Intune Integration. After you set the mobile device management authority to either of these options, it cannot be changed.
Understand Exchange Connector Host System Requirements for Windows Intune and Service to Service Connector Requirements in Windows Intune.
Make sure that the computer that hosts the Windows Intune Exchange Connector meets the necessary requirements.
Complete the task of Setting Permissions on Windows PowerShell Cmdlets.
Before downloading and installing the Exchange Connector, make sure that the user who configures the Windows Intune Exchange Connector has the necessary Windows PowerShell cmdlet permissions.