System Center
United States (English) Sign in
Home 2012 Previous Versions Library Forums Gallery
2 out of 3 rated this helpful - Rate this topic

How to Manage Mobile Devices by Using the Windows Intune Connector in Configuration Manager

Updated: April 1, 2013

Applies To: System Center 2012 Configuration Manager SP1

noteNote
The information in this topic applies only to System Center 2012 Configuration Manager SP1.

noteNote
This topic appears in the Deploying Clients for System Center 2012 Configuration Manager guide and in the Scenarios and Solutions Using System Center 2012 Configuration Manager guide.

System Center 2012 Configuration Manager SP1 lets you manage Windows Phone 8, Windows RT, iOS, and Android devices by using the Windows Intune service over the Internet. Although you use the Windows Intune service, management tasks are completed by using the Configuration Manager console. You can use the Windows Intune connector site system role in the Configuration Manager console to connect to the Windows Intune service.

Many employees do work-related tasks, such as viewing their email, on their personal mobile devices. This trend is referred to as Bring Your Own Device (BYOD). Bring your own device is a scenario where employees perform work-related tasks on their user-owned mobile devices. Companies that embrace bringing your own device can provide more than just email for mobile devices. Companies can now provide and manage mobile apps to let employees perform work-related tasks. While providing apps to user-owned devices, companies can protect company data by exercising control over mobile device enrollment and security settings. With Configuration Manager SP1, you have control over which users can enroll their mobile devices and which users can access your company’s data and apps.

Use the following sections to help you manage mobile devices by using the Windows Intune connector.

For a checklist about how to configure Configuration Manager to manage mobile devices, see Administrator Checklist: Configuring Configuration Manager to Manage Mobile Devices by Using Windows Intune.

When employees use their own devices they expect to have some control over the apps they download, in addition to privacy for their personal data. The Bring Your Own Device scenario lets you balance employee concerns with company constraints. Users can manage their devices by using the company portal. The company portal is a self-service portal that lets users control what apps are installed on their devices. Also, the company portal is customized for that platform so that users will only see apps available for their device type. The following table lists what actions users can control on their devices by using the company portal.

 

Company portal actions available to users From Windows RT From Windows Phone 8 From iOS From Android

Enroll device.

Yes

Yes

Yes

No

Retire local device.

Yes

Yes

No

No

Wipe mobile devices remotely.

Yes

No

No

No

Install line-of-business apps.

Yes

Yes

Yes

Yes

Install apps from the store that the device connects to for Windows Store, Windows Phone Store, App Store, or Google Play.

Yes

Yes

Yes

Yes

The Windows Intune connector gives administrators the ability to manage apps, compliance settings, and device life cycle.

Before you can install the Windows Intune connector, you first have to subscribe to the Windows Intune service and configure your Windows Intune subscription. Your subscription lets you choose which user collection can enroll mobile devices. Also, your subscription lets you configure a portal that will host your company apps and then lets users manage their devices. You use the subscription to publish your privacy statement so that your employees understand what is being monitored on their mobile devices. The company portal lets users view and download the apps that your company provides.

After you have configured the subscription, you can install the Windows Intune connector. The Windows Intune connector lets you deploy apps to mobile devices by using a distribution point hosted by the Windows Intune service. This distribution point, manage.microsoft.com, is available after you install the Windows Intune connector. When you deploy an app by using the Windows Intune connector, the app appears in the company portal where users can view and download the app. You can either deploy a link to an app that exists in an app store or you can deploy a line-of-business app by using sideloading. Sideloading lets you distribute an app directly to a device without using the Windows Store, Windows Phone Store, App Store, or Google Play. You can sideload an app for Windows Phone 8, Windows RT, iOS, and Android.

The Windows Intune connector also lets you manage compliance settings and collect inventory on Windows Phone 8, Windows RT, and iOS devices. You can manage the life cycle of mobile devices, which includes actions such as wipe, retire, and block. The Windows Intune service uses the management client that is built into the Windows RT and Windows Phone 8 platforms. For mobile devices that run iOS, Windows Intune uses the iOS APIs for management. The following table lists the kinds of management tasks that are available for each mobile device platform.

 

Management tasks Windows RT Windows Phone 8 iOS Android

Device life cycle management such as the ability to retire, wipe, remote wipe, remove, and block devices.

Yes

Yes

Yes

No

Compliance settings that include settings for password settings, email management, security, roaming, encryption, and wireless communication.

Yes

Yes

Yes

No

Line-of-business app management.

Yes

Yes

Yes

Yes

App installation from the store that the device connects to (Windows Store, Windows Phone Store, App Store, Google Play).

Yes

Yes

Yes

Yes

Hardware inventory.

Yes

Yes

Yes

No

Use the following information to determine the prerequisites for managing mobile devices.

 

External dependencies More information

Sign up for a Windows Intune organizational account.

Sign up for an account at Windows Intune.

For more information, see Windows Intune organizational account and Acceptable Use Policy for Windows Intune in the Documentation Library for Windows Intune.

Add a public company domain.

All user accounts must have a publicly registered UPN that can be verified by Windows Intune.

Verify users have a public domain UPN.

Before you synchronize the Active Directory user account, you must verify that user accounts have a public domain UPN. For more information, see Add User Principal Name Suffixes in the Active Directory documentation library.

Deploy and configure directory synchronization.

Directory synchronization lets you populate Windows Intune with synchronized user accounts. The synchronized users and security groups are added to Windows Intune. For more information, see Configure directory synchronization in the Active Directory documentation library.

For single sign-on you must deploy AD FS. For more information, see Configure single sign-on in the Active Directory documentation library.

Create a DNS alias.

Create a DNS alias (CNAME record type). You have to configure a CNAME in DNS that redirects EnterpriseEnrollment.<company domain name>.com to manage.microsoft.com. For example, if Melissa's email address is Meliss@contoso.com, you have to create a CNAME in DNS that redirects EnterpriseEnrollment.contoso.com to manage.microsoft.com.

The CNAME record is used as part of the enrollment process.

Obtain certificates or keys.

For more information, see Obtain Certificates or Keys to Meet Prerequisites per Platform in this topic.

The following table lists the certificates or keys that you must have to enroll mobile platforms.

 

Platform Certificates or keys How you obtain certificates or keys

Windows Phone 8

Code signing certificate: All sideloaded apps must be code-signed.

Buy a code signing certificate from Symantec.

Windows RT

Sideloading keys: Windows RT devices have to be provisioned with sideloading keys to enable the installation of sideloaded apps.

All sideloaded apps must be code-signed.

Buy sideloading keys from Microsoft.

All apps must be code-signed by using your company’s certification authority or an external certification authority.

iOS

Apple Push Notification service certificate.

Request an Apple Push Notification service certificate from Apple. For more information, see the Prerequisites for Enrolling iOS Devices in this topic.

Android

None.

Not applicable.

To manage Windows Phone 8 devices, you have to deploy the Windows Phone 8 company portal app. The company portal app must be code-signed with a certificate that is trusted by the Windows Phone 8 devices.

  1. Obtain a Windows Phone Dev Center Publisher ID from the Windows Phone Dev Center.

  2. Retrieve a certificate from the Symantec website by using your Publisher ID.

  3. In the Certificates snap-in on the computer where the certificate is imported, export the certificate in PFX format. Be sure to export the private key with the Symantec enterprise mobile code-signing certificate. The .pfx file will be used to sign the company portal app and any other line-of-business apps. For more information, see How to Export a Certificate with the Private Key.

  4. Download the Windows Phone 8 company portal app.

  5. To deploy an app to users, the app must be signed by a certification authority that is trusted by Windows Phone 8 devices. Use the XAPSignTool app Windows Phone 8 SDK to sign your apps with the .pfx file you created from the Symantec certificate. For more information, see How to sign a company app by using XapSignTool.

  6. Deploy the Windows Phone 8 company portal app to the manage.microsoft.com distribution point.

    For more information, see To deploy an application to mobile devices in this topic.

  7. Sign all apps that you plan to deploy to Windows Phone 8.

To configure app management on a mobile device that runs Windows RT, you must follow these steps.

  1. Obtain sideloading keys. Before you can run sideloaded line-of-business apps on Windows RT, you must obtain and activate sideloading keys from Microsoft. For more information about sideloading product activation keys, see Microsoft Volume Licensing.

  2. Sign all apps. For sideloaded apps to run on Windows RT, you must use a certificate to sign all apps.

To enroll iOS devices, you must follow these steps.

  1. Download a Certificate Signing Request from Windows Intune. This certificate signing request lets you apply to Apple’s certification authority for an Apple Push Notification service certificate.

  2. Request an Apple Push Notification service certificate from the Apple website.

  1. In the Configuration Manager console, click Administration.

  2. In the Administration workspace, expand Hierarchy Configuration, and click Windows Intune Subscriptions.

  3. On the Home tab, in the Create group, click Create APNs certificate request.

  4. In the Request Apple Push Notification Service Certificate Signing Request dialog box, click Browse to specify a location to download the Certificate Signing Request, specify your choice of file name, and then click Download.

  5. On the Windows Intune sign in page, enter your organizational account and password. After you sign in, the certificate signing request is downloaded to the location that you specified.

  1. Connect to the Apple Push Certificates Portal.

  2. Sign in and complete the wizard.

    noteNote
    Make sure that you use a company account to obtain the Apple Push Notification service certificate. When you have to go back to the site to renew the certificate, make sure that you use the same account.

  3. Upload the Certificate Signing Request that you downloaded from Windows Intune.

 

Dependencies in Configuration Manager More information

Create the Windows Intune subscription.

For more information, see The Windows Intune Subscription in this topic.

Add the Windows Intune connector.

For more information, see The Windows Intune Connector Site System Role in this topic.

The Windows Intune subscription lets you specify your configuration settings for the Windows Intune service; this includes specifying which users can enroll their devices and defining which mobile device platforms to manage. When you have created your subscription, you can then install the Windows Intune connector site system role, which lets you connect to the Windows Intune service. This connector site system role will push settings and applications to the Windows Intune service. Windows Intune will then make apps available to users on their mobile devices by using the company portal. The Windows Intune subscription performs the following actions:

  • Retrieves the certificate that the Windows Intune connector requires to connect to the Windows Intune service.

  • Defines the user collection that enables users to enroll mobile devices.

  • Defines and configures the mobile platforms that you want to support.

  1. In the Configuration Manager console, click Administration.

  2. In the Administration workspace, expand Hierarchy Configuration, and click Windows Intune Subscriptions.

  3. On the Home tab, in the Create group, click Create Windows Intune Subscription.

  4. On the Introduction page of the Create Windows Intune Subscription Wizard, review the text and click Next.

  5. On the Subscription page, click Sign in and sign in by using your Windows Intune organizational account. Select the Allow the Configuration Manager console to manage this subscription check box. When you select this setting, you will only be able to manage mobile devices by using the Configuration Manager console. To continue with your subscription, you must select this option.

  6. Click the privacy links to review them, and then click Next.

  7. On the General page, specify the following options, and then click Next.

    • Collection: Specify a user collection that contains users who will enroll their mobile devices.

      noteNote
      If a user is removed from the collection, the user’s device will continue to be managed for up to 24 hours until the user record is removed from the user database.

    • Company name: Specify your company name.

    • URL to company privacy documentation: If you publish your company privacy information to a link that is accessible from the Internet, provide the link so that users can access it from the company portal. Privacy information can clarify what information users are sharing with your company.

    • Color scheme for company portal: Optionally, change the default color of blue for the company portals.

    • Configuration Manager site code: Specify a site code for a primary site to manage the mobile devices. Although you can change the site code at any time, if you do this, existing users will have to retire their mobile devices and then re-enrolled to the new site.

  8. On the Platforms page, select the device types that you want to manage and review the platform requirements, and then click Next.

For each device type that you selected, you must configure additional options. Use the following procedures for more information. After you have configured these additional options, click Next and complete the wizard.

  • On the iOS page, click Browse to specify the Apple Push Notification service certificate that you received from Apple. For more information about how to obtain an Apple Push Notification service certificate, see the Prerequisites for Enrolling iOS Devices section in this topic.

  • On the Windows Phone 8 page, specify the code-signing certificate to use for all Windows Phone apps and then specify the location of the signed Windows Phone 8company portal app.

For more information about how to obtain the certificate, see the Prerequisites for Enrolling Windows Phone 8 Devices section in this topic.

Windows RT devices require that all sideloaded apps be signed with a trusted code-signing certificate.

  1. On the Windows RT Configuration page, if you have a certificate from your company’s certification authority, click Browse to specify the code-signing certificate that you want to use for all Windows 8 apps.

    noteNote
    All apps must be code-signed. This field is for your company’s certificate. If you have purchased a certificate from an external certification authority, you can leave this field blank.

  2. Click Add to enter your sideloading keys. For more information about how to obtain the certificate, see the Prerequisites for Enrolling Windows RT Devices section in this topic.

The Windows Intune connector sends settings and software deployment information to Windows Intune and retrieves status and inventory messages from mobile devices. The Windows Intune service acts as a gateway that communicates with mobile devices and stores settings.

  1. In the Configuration Manager console, click Administration.

  2. In the Administration workspace, expand Site Configuration, and then click Servers and Site System Roles.

  3. Add the Windows Intune Connector role to a new or existing site system server by using the associated step:

    • New site system server: On the Home tab, in the Create group, click Create Site System Server to start the Create Site System Server Wizard.

    • Existing site system server: Click the server on which you want to install the Windows Intune connector role. Then, on the Home tab, in the Server group, click Add Site System Roles to start the Add Site system Roles Wizard.

  4. On the System Role Selection page, select Windows Intune Connector, and click Next.

  5. Complete the wizard.

Enrollment establishes a relationship between the user, the device, and the Windows Intuneservice. Users enroll their own mobile devices. Android devices are not enrolled, but can be managed by using the Exchange Server connector. The following sections describe enrollment for Windows Phone 8, Windows RT, and iOS.

For Windows Phone 8, users start enrollment from the Windows Phone 8 device by going to system settings and selecting company apps. The following processes then occur:

  1. Users are asked to provide their Active Directory credentials for service. Users enroll their own mobile devices. Android devices are not enrolled, but can be managed by using the Exchange Server connector. The following sections describe enrollment for authentication. When authentication is successful, Windows Intune establishes a relationship between the user and the Windows Phone 8 device.

  2. A certificate is installed on the device for authentication between the device and the Windows Intune service.

  3. Users must select Install company app or Hub to let their device be managed.

    ImportantImportant
    If users do not select this option, they cannot download the company portal. If the Windows Phone 8 company portal is not installed during enrollment, or if users uninstall the company portal, users must retire their mobile device and re-enroll it. Or, you can make the company portal file available by sending users a link in an email.

  4. The company portal is installed on the device. Inventory is collected; management settings are applied, and users now have access to line-of-business apps that you make available to them.

For Windows RT, users start enrollment from the Windows RT device. The following processes occur:

  1. On the Windows RT device, users select Start, and type System Configuration, and open the Company Apps dialog box.

  2. The users enter their company credentials and are authenticated. A relationship between the users, the Windows RT device and the Windows Intune service is established.

  3. Windows Intune collects inventory and applies management settings. Users now have access to line-of-business apps and direct links to the app store through the company portal.

For iOS, enrollment is as follows:

  1. An administrator begins enrollment by creating and sending an email invitation to users to manage their iOS devices. The email invitation includes a link to the enrollment portal, manage.microsoft.com.

  2. The users are asked for their company credentials to begin the enrollment process.

  3. As soon as authentication is successful, a relationship between the user, the iOS device and the Windows Intune service is established.

  4. Windows Intune collects inventory and applies management settings. The user now has access to line-of-business apps and direct links to the app store through the company portal.

You can retire, block, wipe, or delete devices. The following table lists the management functions for each platform and compares these to the management functions that the Exchange Server connector supports. Because you cannot enroll Android devices by using the Windows Intune connector, you must use the Exchange Server connector to remove, block, wipe, or delete these devices.

For more information about how to manage mobile devices by using the Exchange Server connector, see How to Manage Mobile Devices by Using the Exchange Server Connector in Configuration Manager.

 

Management function Windows Phone 8 Windows RT iOS Exchange Server connector

Retire: Removes the device from Configuration Manager and leaves personal settings and data unchanged on the device.

Yes

Line-of-business apps are uninstalled, which includes the company portal app. User settings are retained.

Yes

Removes the Windows RT sideloading keys. Without the sideloading keys, sideloaded apps will no longer run. User settings are retained.

noteNote
When an RT device is retired, users can still use company apps until the next update. The update occurs every 24 hours for Windows RT devices.

Yes

Installed apps will still run.

Yes

Installed apps will still run. User settings are removed.

Block: Blocks the client from communicating with the hierarchy. Clients can be unblocked.

Yes

Yes

Yes

Not available

Wipe: Deletes all data, and reverts to the manufacturer’s defaults. You can issue a remote wipe command by using the Configuration Manager console. Or, the user can wipe the device by using the Application Catalog or any company portal except the Windows Phone 8 company portal.

Yes

Not available

Yes

Varies with mobile device

Delete: Deletes the mobile device permanently from the hierarchy so that the device is no longer managed. No data is removed from the device. After the device is deleted, the user has to re-enroll.

Yes

Yes

Yes

Not available

  1. In the Configuration Manager console, click Assets and Compliance and select Devices.

  2. Select a device and then select the action that you want to take.

You can control compliance settings, such as password policy, for mobile devices by using the Windows Intune connector.

Create configuration items to define configurations that you want to manage and assess for compliance on mobile devices. The steps you have to take to manage compliance settings are as follows.

 

Step Description

Step 1: Create a configuration item for mobile devices.

To create configuration items for mobile devices that you enroll by using the Windows Intune connector, see How to Create Mobile Device Configuration Items for Compliance Settings in Configuration Manager.

Step 2: Create a configuration baseline.

For more information about how to create the configuration baseline, see How to Create Configuration Baselines for Compliance Settings in Configuration Manager.

Step 3: Deploy the configuration baseline.

After a configuration baseline is created, you can apply it to a user or device collection. If you apply the settings to a user collection, the compliance settings are applied to all the enrolled devices for those users. For more information, see How to Deploy Configuration Baselines in Configuration Manager.

You can ensure that users comply with basic security settings by using compliance settings. The following table lists the compliance settings available to Windows Phone 8, Windows RT, and iOS devices. For Android devices, you can use the Exchange server connector for basic security settings.

 

Compliance setting Windows Phone 8 Windows RT iOS

Require password settings on mobile devices

Yes

No

Yes

Minimum password length (characters)

Yes

Yes

Yes

Idle time before mobile device is locked

Yes

Yes

Yes

Number of passwords remembered

Yes

Yes

Yes

Password expiration in days

Yes

Yes

Yes

Password complexity

Yes

No

Yes

Number of failed logon attempts before device is wiped

Yes

Yes

Yes

Removable storage

Yes

No

No

Camera

No

No

Yes

File encryption on mobile device

Yes

No

No

Mobile apps that you deploy appear in the company portal. Users can decide whether to download the apps to their devices. Use the information in the following sections to help you create and deploy applications to mobile devices.

For Windows Phone 8 devices, you can deploy apps or you can deploy links to apps in the Windows Phone Store. To deploy apps to Windows Phone 8, you must select Windows Phone 8 devices when you configure the Windows Intune subscription.

  1. In the Configuration Manager console, click Software Library.

  2. In the Software Library workspace, expand Application Management, and then click Applications.

  3. In the Home tab, in the Create group, click Create Application.

  4. On the General page of the Create Application Wizard, select Automatically detect information about this application from installation files.

  5. In the Type drop-down list, select Windows Phone app package (*.xap file).

  6. Click Browse to select the Windows Phone app package you want to import, and then click Next.

  7. On the General Information page of the wizard, enter the descriptive text and category information that you want users to see in the company portal.

  8. Complete the wizard.

The new application is displayed in the Applications node of the Software Library workspace.

  1. In the Configuration Manager console, click Software Library.

  2. In the Software Library workspace, expand Application Management, and then click Applications.

  3. In the Home tab, in the Create group, click Create Application.

  4. On the General page of the Create Application Wizard, select Automatically detect information about this application from installation files.

  5. In the Type drop-down, select Windows Phone app package (in the Windows Phone Store)

  6. Click Browse to open the Windows Phone Store, select the app you want to include, and then click Next.

  7. On the General Information page, enter the descriptive text and category information that you want users to see in the company portal.

  8. Complete the wizard.

The new application is displayed in the Applications node of the Software Library workspace.

For Windows RT devices, you can deploy line-of-business apps or you can deploy links to apps in the Windows Store. To deploy apps to Windows RT devices, you must specify Windows RT devices in the Create Windows Intune Subscription Wizard.

  1. In the Configuration Manager console, click Software Library.

  2. In the Software Library workspace, expand Application Management, and then click Applications.

  3. In the Home tab, in the Create group, click Create Application.

  4. On the General page of the Create Application Wizard, select Automatically detect information about this application from installation files.

  5. In the Type drop-down, select Windows app package (*.appx file).

  6. Click Browse, select the signed .appx program file that you want to include, and then click Next.

  7. On the General Information page, enter the descriptive text and category information that you want users to see in the company portal.

  8. Complete the wizard.

The new application is displayed in the Applications node of the Software Library workspace.

To create a link to the Windows Store for Windows RT, the app must be installed on a Windows 8 computer. You must first configure WinRM for HTTPS on the Windows 8 computer.

  1. Create an HTTPS-based listener by running winrm qc –Transport:HTTPS.

  2. Run the command enable-psremoting to allow PowerShell remoting.

  3. Run the command winrm delete winrm/config/Listener?Address=*+Transport=HTTP to remove the HTTP-based listener that was automatically created by the enable-psremoting command.

  4. Open Windows Firewall and add an inbound rule for port 5986, which is the default HTTPS port for Windows Remote Management (WinRM).

  1. In the Configuration Manager console, click Software Library.

  2. In the Software Library workspace, expand Application Management, and then click Applications.

  3. In the Home tab, in the Create group, click Create Application.

  4. On the General page of the Create Application Wizard, select Automatically detect information about this application from installation files.

  5. In the Type dropdown, select Windows app package (in the Windows Store)

  6. Click Browse and then, in the Browse Windows App Packages dialog box, connect to a computer that runs Windows 8 and that has the required app installed, select the app, and then click Next.

  7. On the General Information page, enter the descriptive text and category information that you want users to see in the company portal.

  8. Complete the wizard.

The new application is displayed in the Applications node of the Software Library workspace.

For devices that run iOS, you can deploy line-of-business apps or you can deploy links to apps on the App store.

  1. In the Configuration Manager console, click Software Library.

  2. In the Software Library workspace, expand Application Management, and then click Applications.

  3. In the Home tab, select Create group, and then click Create Application.

  4. On the General page of the Create Application Wizard, select Automatically detect information about this application from installation files.

  5. In the Type drop-down list, select App Package for iOS (*.ipa file).

  6. Click Browse, select the signed application (*.ipa) file that you want to include, and then click Next.

  7. On the General Information page, enter the descriptive text and category information that you want users to see in the company portal.

  8. Complete the wizard.

The new application is displayed in the Applications node of the Software Library workspace.

  1. In the Configuration Manager console, click Software Library.

  2. In the Software Library workspace, expand Application Management, and then click Applications.

  3. In the Home tab, in the Create group, click Create Application.

  4. On the General page of the Create Application Wizard, select Automatically detect information about this application from installation files.

  5. In the Type dropdown, select App Package for iOS from App Store.

  6. Click Browse, select the app you want to include, and then click Next.

  7. On the General Information page, enter the descriptive text and category information that you want users to see in the company portal.

  8. Complete the wizard.

The new application is displayed in the Applications node of the Software Library workspace.

For Android devices, you can deploy apps or you can deploy links to Google Play by using the company portal.

  1. In the Configuration Manager console, click Software Library.

  2. In the Software Library workspace, expand Application Management, and then click Applications.

  3. In the Home tab, in the Create group, click Create Application.

  4. On the General page of the Create Application Wizard, select Automatically detect information about this application from installation files.

  5. In the Type drop-down, select App Package for Android (*.apk file).

  6. Click Browse, select the .apk program file you want to include, and then click Next.

  7. On the General Information page, enter the descriptive text and category information that you want users to see in the company portal.

    noteNote
    If you create more than one deployment type for the same app, only the deployment type with the highest priority will be displayed in the company portal.

  8. Complete the wizard.

The new application is displayed in the Applications node of the Software Library workspace.

  1. In the Configuration Manager console, click Software Library.

  2. In the Software Library workspace, expand Application Management, and then click Applications.

  3. In the Home tab, in the Create group, click Create Application.

  4. On the General page of the Create Application Wizard, select Automatically detect information about this application from installation files.

  5. In the Type drop-down, select App Package for Android in Google Play.

  6. Click Browse, select the app you want to include, and then click Next.

  7. On the General Information page, enter the descriptive text and category information that you want users to see in the company portal.

  8. Complete the wizard.

The new application is displayed in the Applications node of the Software Library workspace.

Supersedence works the same for mobile apps as it does for other apps.

For more information about superseding applications, see How to Use Application Supersedence in Configuration Manager.

noteNote
For Windows Phone 8 devices, if you update the company portal app, you must update to the most recent company portal app in the Windows Subscription Wizard after you supersede the older version of the company portal with a new version.

A user can only request approval to download an app from a Windows-based computer or a Windows RT device. If you deploy an app that requires approval from an administrative user, the user must request approval from the Application Catalog on a Windows-based computer. As soon as the user requests approval, the app appears in the company portal.

Requirements rules specify conditions that must be met before a deployment type can be installed on a client device. The requirements that are specific to mobile devices are listed in the following table:

 

Platform Requirements available

Windows Phone 8

Not available

Windows RT

Windows 8 operating system version and language requirements are supported.

ImportantImportant
If you create a deployment type for a Windows app package (*.appx file) file with any additional requirements, you will not be able to deploy the app to Windows RT devices.

iOS

iOS operating system, language requirements, and chassis (iPad or iPhone) are supported.

Android

Not available

For more information about requirements, see the Step 6: Specify Requirements for the Deployment Type section in the How to Create Deployment Types in Configuration Manager topic.

Use the information in the following section to deploy applications to mobile devices. After you deploy the application, the app is not automatically installed on devices. Users must download the app from the company portal.

  1. In the Configuration Manager console, click Software Library.

  2. In the Software Library workspace, expand Application Management, and then click Applications.

  3. In the Applications list, select the application that you want to deploy, on the Home tab, in the Deployment group, click Deploy.

  4. On the General page of the Deploy Software Wizard, specify the following information:

    • Software – To display the applications that you want to deploy. You can click Browse to select a different application to deploy.

    • Collection – Click Browse and select the collection that you selected for enablement in the Windows Intune Subscription Wizard.

      ImportantImportant
      Selecting the device collection All Mobile Devices will not deploy apps to iOS, Android, Windows Phone 8, or Windows RT. You must select the same user collection or a subset of the user collection that you selected in the Windows Intune Subscription Wizard.

  5. Click Next.

  6. On the Content page of the wizard, select Manage.Microsoft.com as your distribution point. Click Next.

  7. On the Deployment Settings page of the Deploy Software Wizard, specify the following information:

    • Action – From the drop-down list, select Install to install the application.

    • Purpose – From the drop-down list, select Available. When you manage mobile devices by using the Windows Intune connector, apps must be configured as Available and do not support Required.

  8. Complete the wizard by specifying your preferred setting for the alerts and scheduling pages. The User Experience page is not relevant to mobile devices.

On iOS, Windows Phone 8, and Windows RT, if the certificate that is used to sign apps expires, apps are no longer available for users to download.

 

Platform Expired certificate consequences Resolution

iOS

Users can no longer install apps

Renew the APNs certificate and locate the Windows Intune Subscription iOS page to upload the new certificate.

The new certificate must be created by using the same ID as the original certificate or devices have to be enrolled again.

Windows Phone 8

Users can no longer install apps

Renew the code signing certificate and go the Windows Intune Subscription page to upload the certificate. All apps signed with the previous certificate and the new certificate will run.

Windows RT

Users can no longer install apps

Renew the code signing certificate and open the Windows Intune Subscription Wizard Windows RT page to upload the new certificate.

You can inventory the following hardware properties by using the Windows Intune connector. For information about how to configure hardware inventory, see How to Configure Hardware Inventory in Configuration Manager.

 

Hardware Inventory Class Windows Phone 8 Windows RT iOS Available by using the Exchange Server connector

Name

Device_ComputerSystem.DeviceName

Device_ComputerSystem.DeviceName

Device_ComputerSystem.DeviceName

Yes

Unique Device ID

Device_ComputerSystem.DeviceClientID

Device_ComputerSystem.DeviceName

Device_ComputerSystem.UDID

Yes

Serial Number

Not applicable

Not applicable

Device_ComputerSystem.SerialNumber

No

Email Address

Device_Email.OwnerEmailAddress

Device_Email.OwnerEmailAddress

Device_Email.OwnerEmailAddress

Yes

Operating System Type

Device_OSInformation.Platform

CCM_OperatingSystem .SystemType

Not applicable

Yes

Operating System Version

Device_ComputerSystem.SoftwareVersion

Win32_OperatingSystem.Version

evice_OSInformation.OSVersion

Yes

Build Version

Not applicable

Win32_OperatingSystem.BuildNumber

Not applicable

No

Service Pack Major Version

Not applicable

Win32_OperatingSystem.ServicePackMajorVersion

Not applicable

No

Service Pack Minor Version

Not applicable

Win32_OperatingSystem.ServicePackMinorVersion

Not applicable

Yes

Operating System Language

Device_OSInformation.Language

Not applicable

Not applicable

No

Total Storage Space

Not applicable

Win32_PhysicalMemory.Capacity

Device_Memory.DeviceCapacity

No

Free Storage Space

Not applicable

Win32_OperatingSystem.FreePhysicalMemory

Device_Memory.AvailableDeviceCapacity

No

International Mobile Equipment Identity or IMEI (IMEI)

Not applicable

Not applicable

Device_ComputerSystem.IMEI

Yes

Mobile Equipment Identifier (MEID)

Not applicable

Not applicable

Device_ComputerSystem.MEID

No

Manufacturer

Device_ComputerSystem.DeviceManufacturer

Win32_ComputerSystem.Manufacturer

Not applicable

No

Model

Device_ComputerSystem.DeviceModel

Win32_ComputerSystem.Model

ModelName

Yes

Phone Number

Not applicable

Not applicable

Device_ComputerSystem.PhoneNumber

Yes

Subscriber Carrier

Not applicable

Not applicable

Device_ComputerSystem.SubscriberCarrierNetwork

Yes

Cellular Technology

Not applicable

Not applicable

Device_ComputerSystem.CellularTechnology

No

Wi-Fi MAC

Not applicable

Win32_NetworkAdapter.MACAddress

Device_WLAN.WiFiMAC

No

-----
For additional resources, see Information and Support for Configuration Manager.

Tip: Use this query to find online documentation in the TechNet Library for System Center 2012 Configuration Manager. For instructions and examples, see Search the Configuration Manager Documentation Library.
-----
Did you find this helpful?
(1500 characters remaining)
© 2013 Microsoft. All rights reserved.