Export (0) Print
Expand All

Requirements for Windows Intune Direct Management of iOS Mobile Devices

Updated: November 1, 2013

Applies To: Windows Intune

Windows Intune provides comprehensive mobile device management capabilities. With Windows Intune, you can deploy policies to help secure corporate data on devices, perform a hardware inventory, and retire and wipe these devices. In addition, Windows Intune direct management of mobile devices enables you to distribute applications to users in either of the following ways:

  • External link: For iOS devices, you can provide a link address to an application on the App Store. In addition, this web link can be to a web-based application that runs on the device through the device’s web browser.

  • Software installer: You can provide a signed application package that is uploaded directly to the Windows Intune service and then sideloaded onto managed devices. Sideloaded applications do not have to be certified by the App Store or installed through the App Store.

Users benefit from an enrollment and application installation experience that is tailored for their devices types, they can choose the applications that they want to install, and they can maintain control of configuring their devices.

This topic describes the requirements to set up direct management of iOS devices.

  1. Set the mobile device management authority.

    The mobile device management authority determines where you will perform the mobile device management tasks. You can set the mobile device management authority to Windows Intune by using the Windows Intune administrator console, or you can set the authority to System Center Configuration Manager by using the System Center Configuration Manager console.

    noteNote
    If you also plan to use Exchange ActiveSync to manage mobile devices, we recommend that you only deploy the Exchange Connector in the same environment where you set the mobile device management authority and where you plan to configure Windows Intune direct management. For information about how to set up the Exchange Connector for mobile device management in Windows Intune environments see Exchange Connector Host System Requirements for Windows Intune.

    CautionCaution
    Consider carefully whether you want to manage mobile devices by using Windows Intune only or System Center Configuration Manager with Windows Intune Integration. After you set the mobile device management authority to either of these options, it cannot be changed.

    For information about how to set the mobile device management authority to System Center Configuration Manager, see the System Center Configuration Manager 2012 SP1 documentation. For information about how to set the mobile device management authority to Windows Intune, see Set the Mobile Device Management Authority to Windows Intune.

    If you plan to set System Center Configuration Manager 2012 SP1 as the mobile device management authority, see the System Center Configuration Manager 2012 SP1 documentation for planning requirements and setup steps. This topic addresses requirements and planning for scenarios in which the mobile device management authority is set to Windows Intune.

  2. Provision users in Windows Intune.

    To manage users’ mobile devices, you must first provision the users in Windows Intune. The process of provisioning defines device owners as managed users in Windows Intune. After provisioning is complete, users appear and can be managed in the Windows Intune administrator console. You provision by users doing either of the following:

    • If you have Active Directory Domain Services (AD DS) in your environment: You can configure Active Directory synchronization so that your local users and security groups are synchronized to the Windows Azure Active Directory and can appear in the Windows Intune administrator console. To configure Active Directory synchronization, you need to set up the Microsoft Directory Synchronization tool. When you set up the Microsoft Directory Synchronization tool, it populates the Windows Intune account portal with synchronized users and security groups, and it enables Windows Intune to retrieve user information for mobile device users.

      ImportantImportant
      To ensure that your AD DS infrastructure is properly prepared for Windows Intune, we strongly recommend that you review Active Directory Synchronization Roadmap. After you synchronize your local users and security groups to the Windows Azure Active Directory, you must activate the synchronized users and assign them membership in the Windows Intune user group to provision them in Windows Intune.

      You do not need to activate the synchronized security groups. For more information, see the “Adding Users and Security Groups to Windows Intune” section in the Windows Intune Getting Started Guide.

    • If you do not have AD DS in your environment: You can provision users in Windows Intune by manually adding the users to the Windows Intune account portal. For more information, see the “Adding Users and Security Groups to Windows Intune” section in the Windows Intune Getting Started Guide.

After you have make sure that your environment meets the requirements that are described in this topic, proceed to Set up Windows Intune Direct Management for iOS Mobile Devices for detailed procedures and instructions to complete mobile device management setup tasks.

See Also

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft