Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

Requirements for Windows Intune Direct Management of Windows Phone 8 Devices

Updated: October 1, 2013

Applies To: Windows Intune

Windows Intune provides comprehensive mobile device management capabilities. With Windows Intune, you can deploy policies to help secure corporate data on devices, perform a hardware inventory, and retire and wipe these devices. In addition, Windows Intune direct management of mobile devices enables you to distribute applications to users in either of the following ways:

  • External link: For Windows Phone 8 devices, you can provide a link address to an application on the Windows Phone Store. In addition, this web link can be to a web-based application that runs on the device through the device’s web browser.

  • Software installer: You can provide a signed application package that is uploaded directly to the Windows Intune service and then sideloaded onto managed devices. Sideloaded applications do not have to be certified by the Windows Phone Store or installed through the Windows Phone Store.

Users benefit from an enrollment and application installation experience that is tailored for their device types, they can choose the applications that they want to install, and they can maintain control of configuring their devices.

This topic describes the requirements to set up direct management of Windows Phone 8 devices.

Requirements to set up direct management of Windows Phone 8 devices

Before you complete the steps in Set up Windows Intune Direct Management for Windows Phone 8 Mobile Devices, make sure that you understand the following tasks and requirements, so that your environment meets the prerequisites for managing Windows Phone 8 devices.

  1. Set the mobile device management authority.

    The mobile device management authority determines where you will perform mobile device management tasks. You can set the mobile device management authority to Windows Intune by using the Windows Intune administrator console, or you can set the authority to System Center Configuration Manager by using the System Center Configuration Manager console.

    noteNote
    If you also plan to use Exchange ActiveSync to manage mobile devices, we recommend that you only deploy the Exchange Connector in the same environment where you set the mobile device management authority and where you plan to configure Windows Intune direct management. For information about how to set up the Exchange Connector for mobile device management in Windows Intune environments, see Exchange Connector Host System Requirements for Windows Intune.

    CautionCaution
    Consider carefully whether you want to manage mobile devices by using Windows Intune only, or by using System Center Configuration Manager with Windows Intune Integration. After you set the mobile device management authority to either of these options, it cannot be changed.

    For information about how to set the mobile device management authority to System Center Configuration Manager, see the System Center Configuration Manager 2012 SP1 documentation. For information about how to set the mobile device management authority to Windows Intune, see Set the Mobile Device Management Authority to Windows Intune.

    noteNote
    If you plan to set System Center Configuration Manager 2012 SP1 as the mobile device management authority, see the System Center Configuration Manager 2012 SP1 documentation for planning requirements and setup steps. This topic addresses requirements and planning for scenarios in which the mobile device management authority is set to Windows Intune.

  2. Provision users in Windows Intune.

    To manage users’ mobile devices, you must first provision the users in Windows Intune. The process of provisioning defines device owners as managed users in Windows Intune. After provisioning is complete, users appear and can be managed in the Windows Intune administrator console. You provision by users doing either of the following:

    • If you have Active Directory Domain Services (AD DS) in your environment: You can configure Active Directory synchronization so that your local users and security groups are synchronized to the Windows Azure Active Directory and can appear in the Windows Intune administrator console. To configure Active Directory synchronization, you need to set up the Microsoft Directory Synchronization tool. When you set up the Microsoft Directory Synchronization tool, it populates the Windows Intune account portal with synchronized users and security groups, and it enables Windows Intune to retrieve user information for mobile device users.

      ImportantImportant
      To ensure that your AD DS infrastructure is properly prepared for Windows Intune, we strongly recommend that you review Active Directory Synchronization Roadmap.

      After you synchronize your local users and security groups to the Windows Azure Active Directory, you must activate the synchronized users and assign them membership in the Windows Intune user group to provision them in Windows Intune. You do not need to activate the synchronized security groups. For more information, see the “Adding Users and Security Groups to Windows Intune” section in the Windows Intune Getting Started Guide.

    • If you do not have AD DS in your environment: You can provision users in Windows Intune by manually adding the users to the Windows Intune account portal. For more information, see the “Adding Users and Security Groups to Windows Intune” section in the Windows Intune Getting Started Guide.

  3. Enable automatic detection of a Windows Intune enrollment server, or provide the following enrollment server address to users: manage.microsoft.com.

    To be managed by Windows Intune, devices must first discover and enroll in the Windows Intune service. If you plan to enable automatic detection of a Windows Intune enrollment server, you must make sure that you have set up a verified domain name for your Windows Intune account, and then create a CNAME resource record for the verified domain in the public DNS, as described in Set up Windows Intune Direct Management for Windows Phone 8 Mobile Devices.

  4. Obtain the Publisher ID for the company as provided on the company’s Dev Center account page. For more information, see Company app distribution for Windows Phone.

  5. Obtain an enterprise mobile code-signing certificate from Symantec.

    To distribute applications and external links to users who have Windows Phone 8 devices, you must first distribute the Company Portal app to these users. Users can access the Company Portal app when they enroll their devices in Windows Intune. To complete device enrollment, they must install the Company Portal app on their devices. When you distribute applications and external links to users, they can access the applications and links by visiting the Company Portal.

    Before you can distribute the Company Portal app to users, you must ensure that it is signed by a mobile code-signing certificate that is trusted by users’ devices. After you obtain an enterprise mobile code-signing certificate, additional steps are required to export the certificate in PFX format, and to generate an application enrollment token (AET), as described in Set up Windows Intune Direct Management for Windows Phone 8 Mobile Devices.

Next steps

After you made sure that your environment meets the requirements that are described in this topic, proceed to Set up Windows Intune Direct Management for Windows Phone 8 Mobile Devices for detailed procedures and instructions that will help you complete mobile device management setup tasks.

See Also

 
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.