Export (0) Print
Expand All
4 out of 6 rated this helpful - Rate this topic

Set up Windows Intune Direct Management for iOS Mobile Devices

Updated: November 1, 2013

Applies To: Windows Intune

Windows Intune provides comprehensive mobile device management capabilities. With Windows Intune, you can deploy policies to help secure corporate data on devices, perform a hardware inventory, and retire and wipe these devices. In addition, Windows Intune direct management of mobile devices enables you to distribute applications to users in either of the following ways:

  • External link: For iOS devices, you can provide a link address to an application on the App Store. In addition, this web link can be to a web-based application that runs on the device through the device’s web browser.

  • Software installer: You can provide a signed application package that is uploaded directly to the Windows Intune service and then sideloaded onto managed devices. Sideloaded applications do not have to be certified by the App Store or installed through the App Store.

Users benefit from an enrollment and application installation experience that is tailored for their devices types, they can choose the applications that they want to install, and they can maintain control of configuring their devices.

noteNote
Your use of the Apple Push Notifications service, Mobile Device Management (MDM) certificates and Apple IDs is subject to the terms of separate agreements between you and Apple.  Microsoft is not responsible for operation of the Apple Push Notifications service, the MDM certificates or Apple ID or liable for any issues arising from your use (or inability to use) them.

To enable mobile device management for iOS devices

  1. To be sure that your environment meets the requirements to set up mobile device management for iOS devices, we recommend that you review Requirements for Windows Intune Direct Management of iOS Mobile Devices. For example, before you set up mobile device management, you must set the mobile device management authority. For more information, see Set the Mobile Device Management Authority to Windows Intune.

  2. In the Windows Intune administrator console, click Administration, click Mobile Device Management Setup, and then click iOS. Click the link to Upload an APNs Certificate.

    The APNs (Apple Push Notifications) certificate enables Windows Intune to manage and communicate with iOS devices.

  3. Click Download the APNs certificate request. When the Save As dialog box opens, save the CSR (Certificate Signing Request) file.

    For security, you must provide Apple with a CSR file when you apply for the APNs certificate.

  4. Browse to the Apple Push Certificates Portal.

  5. Sign in by using an Apple ID that is not connected to a specific user in your organization so that you will retain this Apple ID even if the current administrator leaves your organization.

    If you don’t have an Apple ID, create a new one. If this is the first time you are using the Apple Push Notification Certificates Portal, you might have to verify your email address.

  6. In the Apple Push Certificates Portal, upload the CSR file that you downloaded.

  7. After you receive confirmation that you have successfully uploaded the CSR file, click Download in the Apple Push Certificates Portal, and then save the certificate file from the Apple portal. This file is named MDM_Microsoft_Corporation_Certificate.pem.

  8. After downloading the APN Certificate file MDM_Microsoft_Corporation_Certificate.pem, in the Windows Intune Admin Console click Administration, click Mobile Device Management Setup, and then click iOS. Click the link to Upload an APNs Certificate and select the APNs Certificate that you just downloaded.

    ImportantImportant
    If you use Internet Explorer to download the APNs certificate, you will receive an error saying that the file is not valid when you try to upload it in the Windows Intune administrator console. In order to download the file properly with Internet Explorer:

    1. After you create the certificate and are prompted to save or open the file, click Cancel.

    2. Sign out of the Apple Push Certificates Portal and sign in again.

    3. On the Certificates for Third-Party Servers page, download the most recent APNs certificate that was created.

    4. In the Windows Intune administrator console, click Upload the APNs certificate and browse to the MDM_Microsoft_Corporation_Certificate.pem file that you downloaded previously.

    We recommend that you enter your Apple ID when prompted. Doing so saves the Apple ID that you used to create the certificate in Windows Intune, so that upon annual renewal, Windows Intune can remind you which Apple ID you used.

    Review and complete the steps in Enroll iOS Mobile Devices in Windows Intune Direct Management to ensure that your environment meets the enrollment prerequisites and that your users are prepared to enroll their iOS devices in Windows Intune direct management.

  9. Send an email to the end user with his username, password and instructions to login to the company portal through http://m.manage.microsoft.com. The user will be prompted to install a management profile to install their device. Optionally, in your email you may include the link to the end user help for Windows Intune, http://onlinehelp.microsoft.com/en-us/windowsintune/jj841407.aspx.

To renew the APNs certificate

You must renew the APNs certificate every year. Windows Intune will warn you when your APNs certificate is about to expire. It will display a warning 60 days before expiry and, if applicable, will display an error after the certificate is no longer valid. These messages are displayed on the iOS Mobile Device Management Setup Overview page in the Windows Intune administrator console. You can only have one APNs certificate in Windows Intune at a time. It is important to renew your APNs certificate and not upload a new one.

To renew your APNs Certificate, in the Windows Intune administrator console, click Administration, click Mobile Device Management Setup. click iOS, and then click the link to Renew an APNs Certificate. Then follow the procedure that you used to enable iOS mobile device management. Be sure to click Renew in the Certificates for Third-Party Servers screen.

WarningWarning
When you renew your APNs certificate, make sure to use the same Apple ID that you used when you created the original certificate.

noteNote
If you do not renew the APNs certificate in time before it expires, you will receive an error that the certificate is not valid. Mobile device management for iOS devices will be suspended, but you can update the certificate at any time without needing to re-enroll iOS devices with Windows Intune.

WarningWarning
If you create a new certificate instead of renewing your existing certificate, you will receive an error that the certificate does not match and you will have to delete the new certificate and renew the previous certificate or re-enroll all of the iOS mobile devices.

To delete the APNs certificate

You should only delete the APNs certificate if you no longer plan to manage iOS mobile devices by using Windows Intune.

WarningWarning
Deleting the APNs certificate will disable iOS mobile device management in Windows Intune and un-enroll all iOS mobile devices from Windows Intune.

  1. In the Windows Intune administrator console, click Administration, click Mobile Device Management Setup. and then click iOS.

  2. Click the link to Delete the APNs Certificate.

See Also

 
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.