Export (0) Print
Expand All

Administrator Checklist: Configuring Configuration Manager to Manage Mobile Devices by Using Microsoft Intune

Updated: October 27, 2014

Applies To: System Center 2012 Configuration Manager SP1, System Center 2012 R2 Configuration Manager

The information in this topic applies only to System Center 2012 Configuration Manager SP1 and System Center 2012 R2 Configuration Manager.

Use the following checklist to help you configure Configuration Manager SP1 to manage mobile devices by using the Microsoft Intune service.

For additional information about these steps, see How to Manage Mobile Devices by Using Configuration Manager and Microsoft Intune.


Step More information

Sign up for a Microsoft Intune account

Sign up for an account at Microsoft Intune.

For more information, see Task 1: Subscribe to Microsoft Intune in the documentation library for Intune.

Make sure that you have a publicly registered domain name

All user accounts must have a publicly registered UPN that can be verified by Microsoft Intune. GoDaddy or Symantec are typical examples of companies that provide domain names.

Verify that users have a public domain UPN

Before synchronizing the Active Directory user account, you must verify that user accounts have a public domain UPN. For more information, see Add User Principal Name Suffixes in the Active Directory documentation library.

You can create a Configuration Manager custom report to verify that the UPN of the users who are discovered is consistent with the Intune Account Portal by using the following SQL query:

SELECT UserPrincipalName, 
COUNT(*) AS NumOfOccurances FROM (SELECT RIGHT(User_Principal_Name0, 
User_Principal_Name0)) AS UserPrincipalName FROM CM_EC1.dbo.v_R_User) 
AS sub GROUP BY UserPrincipalName

Optional, but strongly recommended: Deploy and configure Active Directory Federated Services (AD FS)

When you set up single sign-on, your users can sign in with their corporate credentials to access the services in Intune.

For more information, see the following topics:

Deploy and configure directory synchronization

Directory synchronization lets you populate Intune with synchronized user accounts. The synchronized user accounts and security groups are added to Intune. For more information, see Configure directory synchronization in the Active Directory documentation library.

Optional, not recommended: If you are not using AD FS, reset users’ Microsoft Online passwords

If you are not using AD FS, you must set a Microsoft Online password for each user.

Create a DNS alias

Create a DNS alias (CNAME record type). You have to configure a CNAME in DNS that redirects EnterpriseEnrollment.<company domain name>.com to manage.microsoft.com. For example, if Melissa's email address is Meliss@contoso.com, you have to create a CNAME in DNS that redirects EnterpriseEnrollment.contoso.com to manage.microsoft.com.

The CNAME record is used as part of the enrollment process.

Obtain the required certificates or keys for mobile device platforms

For Windows RT devices:

For Windows Phone 8 devices:

For iOS devices:

Create the Microsoft Intune subscription

How to create the Microsoft Intune subscription

Add the Windows Intune connector site system role

How to configure the Windows Intune Connector role

Verify that Configuration Manager is successfully connecting to the Microsoft Intune service

  • Check the Cloudusersync.log to verify that user accounts are successfully synchronized.

  • Check the Sitecomp.log to verify that the Windows Intune connector was created successfully.

See Also

For additional resources, see Information and Support for Configuration Manager.

Tip: Use this query to find online documentation in the TechNet Library for System Center 2012 Configuration Manager. For instructions and examples, see Search the Configuration Manager Documentation Library.
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
© 2014 Microsoft