Export (0) Print
Expand All
2 out of 4 rated this helpful - Rate this topic

Set up Windows Intune Direct Management for Windows Phone 8 Mobile Devices

Updated: June 3, 2013

Applies To: Windows Intune

Windows Intune provides comprehensive mobile device management for mobile devices. With Windows Intune, you can deploy policies to help secure corporate data on devices, perform a hardware inventory, and retire and wipe these devices. In addition, Windows Intune direct management of mobile devices enables you to distribute applications to users in either of the following ways:

  • External link: For Windows Phone 8 devices, you can provide a link address to an application on the Windows Phone Store. In addition, this web link can be to a web-based application that runs on the device through the device’s web browser.

  • Software installer: You can provide a signed application package that is uploaded directly to the Windows Intune service and then sideloaded onto managed devices. Sideloaded applications do not have to be certified by the Windows Phone Store or installed through the Windows Phone Store.

Users benefit from an enrollment and application installation experience that is tailored for their device types, they can choose the applications that they want to install, and they can maintain control of configuring their devices.

This topic describes the requirements to set up direct management of Windows Phone 8 devices.

Set up mobile device management for Windows Phone 8 devices

  1. To be sure that your environment meets the requirements to set up mobile device management for Windows Phone 8 devices, we recommend that you review Requirements for Windows Intune Direct Management of Windows Phone 8 Devices.

  2. To be managed by Windows Intune, devices must first discover and enroll in the Windows Intune service. You can either enable automatic detection of a Windows Intune enrollment server, or provide the following enrollment server address to users: manage.microsoft.com.

    To enable devices to automatically detect a Windows Intune enrollment server, complete the following steps:

    1. Verify your domain in the Windows Intune account portal.

    2. Create a CNAME resource record for the verified domain in the public DNS. If there is more than one verified domain, you must create a CNAME record for each domain. The CNAME resource record must contain the following information:

      • Alias name: enterpriseenrollment

      • Fully qualified domain name (FQDN) for the target DNS host: enterpriseenrollment.manage.microsoft.com

      For example, if contoso.com and fabrikam.com are the verified domains, you would create two CNAME resource records: One resource record to redirect requests that arrive at enterpriseenrollment.contoso.com to enterpriseenrollment.manage.microsoft.com, and another record to redirect requests that arrive at enterpriseenrollment.fabrikam.com to enterpriseenrollment.manage.microsoft.com. For information about how to create a CNAME resource record, see Add an Alias (CNAME) Resource Record to a Zone.

    noteNote
    Keep in mind that DNS settings can take up to 72 hours to be applied.

  3. If you have not enabled automatic detection of a Windows Intune enrollment server, proceed to Step 3. If you have enabled automatic detection, confirm that you have set up automatic detection correctly by completing the following steps:

    1. Open the Windows Intune administrator console.

    2. In the workspace shortcuts pane, click the Administration icon.

    3. In the navigation pane, under Mobile Device Management, click Windows Phone 8.

    4. Under Step 1: Enrollment Server Address, type the name of the verified domain, and then click Test Auto-Detection.

    5. If you have set up automatic detection correctly, a message appears to confirm that users can enroll their devices without manually specifying the address of the Windows Intune enrollment server.

  4. Make sure that you have completed the steps that are required to distribute applications and external web links to users who have Windows Phone 8 devices. For information, see Adding and Deploying Software in Windows Intune.

  5. To distribute applications and external links to users who have Windows Phone 8 devices, you must first distribute the Company Portal app to these users. Users access the Company Portal app when they enroll their devices in Windows Intune. To complete the enrollment process, users must install the Company Portal app. When you distribute applications and external links to users, they can access the applications and links by visiting the Company Portal app.

    Before you can distribute the Company Portal app to users, you must make sure that the app is signed by a mobile code-signing certificate that is trusted by users’ devices. To obtain the code-signing certificate, complete the following steps:

    1. Establish a Company Dev Center account on the Windows Phone Dev Center. As part of this process, you will receive a Publisher ID. For more information, see Registration Info.

    2. Visit the Symantec Enterprise Mobile Code Signing Certificate website to complete the required steps to obtain an enterprise mobile code-signing certificate. When this process is complete, Symantec will deliver a certificate that can be imported into the certificate store on a computer.

  6. To prepare the Company Portal app for distribution to users, you must first download the app, and then ensure that it is signed with a certification authority that is trusted by the users’ devices. To download and sign the app, complete the following steps:

    1. Open the Windows Intune administrator console.

    2. In the workspace shortcuts pane, click the Administration icon.

    3. In the navigation pane, under Mobile Device Management, click Windows Phone 8.

    4. Under Step 3: Download the Company Portal app File, click the Download the App File hyperlink.

    5. In the Certificates snap-in on the computer where the certificate is imported, export the certificate in PFX format. Be sure to export the private key with the Symantec enterprise mobile code-signing certificate that you obtained in step 5b. The .pfx file will be used to sign the Company Portal app and any other line-of-business apps. For more information about how to export the certificate in PFX format, see Export a Certificate with the Private Key.

    6. Download the XapSignTool tool from the Windows Phone 8 SDK.

    7. To sign the Company Portal app, follow the instructions in the “Signing the XAP by using the XapSignTool tool” section in How to sign a company app by using XapSignTool. You must sign the Company Portal app with the Symantec enterprise mobile code-signing certificate that you obtained when you completed step 5b.

      noteNote
      If an update for the Company Portal app is released, repeat step 6 to download the latest version.

  7. To distribute the Company Portal app to users, you must upload the signed Company Portal app file to Windows Intune. During the upload process, you are also prompted to provide the Symantec enterprise mobile code-signing certificate that you obtained in step 5b. Windows Intune generates an application enrollment token (AET) so that you can enroll phones in the company account. This is required so that users can install the Company Portal app. The Company Portal app will be automatically made available to members of the All Users group in Windows Intune, so that you do not have to explicitly create a deployment to make it available.

    If you have updated the Company Portal app, the new version can be distributed to users in the following ways:

     

    If you use System Center Configuration Manager for Mobile Device Management If you use Windows Intune for Mobile Device Management
    • Supersede the current Company Portal app with latest update.  This will automatically install the update on their managed device.

    • Update the content for the Company Portal app, pointing it to the location of the new app.

    • Send the signed .xap file to users as an attachment in an email. The user’s enrollment and certificates will be verified when they open the file.

    • Deploy the update as a new app to appear in the list of available apps. This may be confusing to users because they would have to open the older version of the portal and opt to install the newer version of the portal displayed there.

    • Send the signed .xap file to users as an attachment in an email. The user’s enrollment and certificates will be verified when they open the file.

    • Deploy the update as a new app to appear in the list of available apps. This may be confusing to users because they would have to open the older version of the portal and opt to install the newer version of the portal displayed there.

  8. Review and complete the steps in Enroll Windows Phone 8 Devices in Windows Intune Direct Management to make sure that your environment meets the enrollment prerequisites, and that your users are prepared to enroll their Windows Phone 8 devices in Windows Intune direct management.

See Also

 
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.