Start managing iOS devices with Microsoft Intune
Updated: June 26, 2015
Applies To: Microsoft Intune
Before you can manage iOS mobile devices with Intune, you need an Apple Push Notification service (APNs) certificate. This certificate allows Intune to manage iOS and establish an accredited and encrypted IP connection with the mobile device management authority services.
Set up Intune
If you haven’t already, Prepare for mobile device management by setting the mobile device management authority to Microsoft Intune.
Get a certificate signing request
As an administrative user, open the Microsoft Intune administration console, go to Administration > Mobile Device Management > iOS > Upload an APNs Certificate, and click Download the APNs certificate request. Save the certificate signing request (.csr) file locally. The .csr file is used to request a trust relationship certificate from the Apple Push Certificates Portal.
Get an Apple Push Notification service certificate
Go to the Apple Push Certificates Portal and sign in with your company Apple ID to create the APNs certificate using the .csr file. This Apple ID must be used in future to renew your APNs certificate. Download the APNs (.pem) certificate and save the file locally. This APNs certificate file is used to establish a trust relationship between the Apple Push Notification server and Intune’s mobile device management authority.
Add the APNs certificate to Intune
In the Microsoft Intune administration console, go to Administration > Mobile Device Management > iOS > Upload an APNs Certificate, and click Upload the APNs certificate. Browse to the certificate (.pem) file and click Open and then enter your Apple ID. With the APNs certificate, Intune can enroll and manage iOS devices by pushing policy to enrolled mobile devices.
You can now support iOS device enrollment with Microsoft Intune in these ways:
Enable mobile device enrollment with the Microsoft Intune Account Portal - Let users enroll their personal devices (BYOD) with the Company Portal app
Enroll corporate-owned devices with the Device Enrollment Manager in Microsoft Intune – A designated manager enrolls and manages multiple devices with a specialized Intune account (Shared devices)
Enroll corporate-owned iOS devices in Microsoft Intune - Enroll corporate-owned devices using Apple Configurator (CYOD)
Once devices are enrolled you can: