Windows
United States (English) Sign in
Home Windows 8 Windows 7 Windows Vista Windows XP MDOP Windows Intune Library Forums
This topic has not yet been rated - Rate this topic

Set up Windows Intune Direct Management for Windows RT Mobile Devices

Updated: December 17, 2012

Applies To: Windows Intune December 2012 Release

Windows Intune provides comprehensive mobile device management capabilities. With Windows Intune, you can deploy policies to help secure corporate data on devices, perform a hardware inventory, and retire and wipe these devices. In addition, Windows Intune direct management of mobile devices enables you to distribute applications to users in either of the following ways:

  • External link: For Windows RT devices, you can provide a link address to an application on the Windows Store. In addition, this web link can be to a web-based application that runs on the device through the device’s web browser.

  • Software installer: You can provide a signed application package that is uploaded directly to the Windows Intune service and then sideloaded onto managed devices. Sideloaded applications do not have to be certified by the Windows Store or installed through the Windows Store.

Users benefit from an enrollment and application installation experience that is tailored for their device types, they can choose the applications that they want to install, and they can maintain control of configuring their devices.

This topic describes how to set up direct management of Windows RT devices in Windows Intune.

Set up mobile device management for Windows RT devices

  1. To be sure that your environment meets the requirements to set up mobile device management for Windows RT devices, we recommend that you review Requirements for Windows Intune Direct Management of Windows RT Mobile Devices.

  2. To be managed by Windows Intune, devices must first discover and enroll in the Windows Intune service. You can either enable automatic detection of a Windows Intune enrollment server, or provide the following enrollment server address to users: enterpriseenrollment-s.manage.microsoft.com.

    To enable devices to automatically detect a Windows Intune enrollment server, complete the following steps:

    1. Verify your domain in the Windows Intune account portal.

    2. Create a CNAME resource record for the verified domain in the public DNS. If there is more than one verified domain, you must create a CNAME record for each domain. The CNAME resource record must contain the following information:

      • Alias name: enterpriseenrollment

      • Fully qualified domain name (FQDN) for the target DNS host: enterpriseenrollment.manage.microsoft.com

      For example, if contoso.com and fabrikam.com are the verified domains, you would create two CNAME resource records: One resource record to redirect requests that arrive at enterpriseenrollment.contoso.com to enterpriseenrollment.manage.microsoft.com, and another record to redirect requests that arrive at enterpriseenrollment.fabrikam.com to enterpriseenrollment.manage.microsoft.com. For information about how to create a CNAME resource record, see Add an Alias (CNAME) Resource Record to a Zone.

    noteNote
    Keep in mind that DNS settings can take up to 72 hours to be applied.

  3. If you have not enabled automatic detection of a Windows Intune enrollment server, proceed to Step 3. If you have enabled automatic detection, confirm that you have set up automatic detection correctly by completing the following steps:

    1. Open the Windows Intune administrator console.

    2. In the workspace shortcuts pane, click the Administration icon.

    3. In the navigation pane, under Mobile Device Management , click Windows RT .

    4. Under Step 1: Enrollment Server Address , type the name of the verified domain, and then click Test Auto-Detection .

    5. If you have set up automatic detection correctly, a message appears to confirm that users can enroll their devices without manually specifying the address of the Windows Intune enrollment server.

  4. Make sure that you have completed the steps that are required to distribute applications and external web links to users who have Windows RT devices. For information, see Adding and Deploying Software.

  5. Although sideloaded applications do not have to be certified by the Windows Store or installed through the Windows Store, they can only be installed on sideloading-enabled devices. To enable a Windows RT device for sideloading, you must first obtain sideloading product activation keys. For information about how to obtain sideloading product activation keys, see Microsoft Volume Licensing. After you obtain sideloading product activation keys, complete these steps in the Windows Intune administrator console to add the keys:

    1. On the Windows RT Mobile Device Management Setup page under Step 2: Add Sideloading keys , click Add Sideloading Key .

    2. In the Add Sideloading Key dialog box, enter a name, the sideloading product activation key, the number of total activations, and optionally a description, and then click OK .

  6. To distribute line-of-business apps to Windows RT users, you must also ensure that the apps are signed with a certification authority that is trusted by the users’ devices. You can either obtain a non-Microsoft public certificate, or use a code-signing certificate from your organization’s certification authority. For information, see Acquire a Code Signing Certificate. If you use a code-signing certificate from your organization’s certification authority, you must upload a code-signing certificate to Windows Intune so that it can be distributed to Windows RT devices:

    noteNote
    Windows Intune only retains one copy of the code-signing certificate. You cannot uninstall a code-signing certificate that was previously installed through Windows Intune.

    To upload a code-signing certificate, complete these steps in the Windows Intune administrator console:

    1. On the Windows RT Mobile Device Management Setup page under Step 3: Upload Code-Signing Certificate (Optional) , click Modify Code-Signing Certificate .

    2. In the Upload a Code-Signing Certificate dialog box, click Browse , specify the code-signing certificate file to use, and then click Upload .

  7. Review and complete the steps in Enroll Windows RT Mobile Devices in Windows Intune Direct Management to ensure that your environment meets the enrollment prerequisites and that your users are prepared to enroll their Windows RT devices in Windows Intune direct management.

See Also

 
Did you find this helpful?
(1500 characters remaining)
© 2013 Microsoft. All rights reserved.