Export (0) Print
Expand All

Enable mobile device enrollment with the Microsoft Intune Account Portal

Updated: April 24, 2015

Applies To: Microsoft Intune

Intune supports “bring your own device” (BYOD) by letting users enroll their devices through the Microsoft Intune Account Portal. Before you can enroll devices, you must configure Intune for mobile device management. If you haven’t already, set up management for each device platforms in your organization:

  1. Add Intune users
    The mobile device owner must be added to the Microsoft Intune Account Portal before devices can be enrolled. Log in to the Microsoft Intune Account Portal, click Add users, and select an option:

    • User: To add a single user select New > User and enter Details, Assign roles, Set user location, and then assign the user to a Group.

    • Bulk add: Create a .csv file (see samples files provided) and import it into the Intune Account Portal. Specify roles, location, and group, and then create the accounts. Sample and blank .csv files can be downloaded from the Microsoft Intune Account Portal.

    You can also enable Active Directory or Azure Active Directory synchronization. For more information about integrating other Azure Active Directory users with Intune, see Directory synchronization roadmap or click Other ways to add users in the Intune Account Portal.

  2. Set device enrollment limit (Optional)
    To limit the number of mobile devices a user can enroll, log in to the Microsoft Intune administration console, click Admin > Mobile Device Management > Enrollment rules. Select the maximum number of devices a user can enroll and then click Save.

  3. Create enrollment profiles
    Profiles can specify whether devices have user affinity that link the device to the user for Intune. Profiles can also assign a group for device management. At least one profile must be specified before company-owned devices can be enrolled in Intune.

    In the Microsoft Intune administration console, click Policy > Device Enrollment Profile, > Add. Define the following details:

    • Name - The profile name listed in the Intune administration console

    • Prompt during enrollment - Species whether to prompt the device user for credentials when enrolling the new device

    • Group - Specifies a mobile device group for devices assigned this profile

  4. Set a default profile
    The default profile is assigned to mobile devices enrolled in Intune that don't have a profile specified. In the Intune administration console click Profiles > Enrollment profiles and then select the profile to be the default profile. In the action bar, click Set default… and then confirm the default profile by clicking OK.

  5. Set Company Portal settings
    You can customize the Intune Company Portal for your company. In the Microsoft Intune administration console click Admin > Company Portal. Configure the following

    • Company Name

    • IT department contact name

    • IT department phone number

    • Additional information

    • Company privacy statement URL

    • Support website URL (not displayed)

    • Website name

  6. Set Terms and Conditions
    You can publish terms and conditions that your users see when they first use the company portal from any device. In the Microsoft Intune administration console click Company Portal > Terms and Conditions.

You can publish terms and conditions that your users will see when they first use the company portal from any device, whether or not that device is already enrolled. Users will have to accept those terms to access the portal. When you update the terms and conditions significantly and want users to see and accept them, you can mark the new terms and conditions as a new version, and users will go through the same process the next time they visit the portal.

Terms and conditions apply to users, not to devices, so users will only have to accept each version once to visit the company portal from any of their devices.

Terms and Conditions reports show which users accepted your terms and conditions, the most recent version number they accepted, and the date they accepted that version. Export the report to keep an archive of when users accepted previous versions. See Manage reports in Microsoft Intune.

Once you’ve set up enrollment, you can inform users that device enrollment is available. For guidance helping users enroll their personal devices, download Microsoft Intune Enrollment Instructions. General information follows.

  1. Tell your users to go to the Store and install the Company Portal or go to the Company Apps (Windows Phone 8.0 only). Users enroll and manage their mobile devices with the Company Portal app. They can also use a Company Portal website. Each device operating system has its own Company Portal app:

    • Android - Users install the Company Portal app from Microsoft Corporation available on Google Play.

    • iOS - Users install the Company Portal app from Microsoft Corporation available in the App Store. Users can then view their Devices to enroll their phones.

    • Windows Phone 8.1- Users install the Company Portal app from Microsoft Corporation available in the Windows Phone store.

    • Windows Phone 8 - Users click system settings > company apps, and sign in using their user ID. The Company Portal app is deployed to users’ phones.

    • Windows 8.1 and Windows RT 8.1 - Users download the Company Portal app from the Windows Store. The following steps describe the enrollment process.

      1. Go to PC Settings > Network > Workplace.

      2. Enter the User ID and click Turn on.

      3. Check the Allow apps and services from IT admin dialog box, and click Turn on.

      If your account does not have a public domain CNAME alias in DNS and you are using a *.onmicrosoft.com account, you must add the following registry information to enroll your Windows 8.1 computer:

      • If it is not already present, create the MDM registry key: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\MDM]

      • Under the MDM registry key create a new REG_SZ called DiscoveryService with the value data “manage.microsoft.com”

    • Windows RT - Click Start, and type “System Configuration”, and click the dialog box to open the Company Apps.

  2. When users open the Company Portal they’ll be asked for credentials. If you didn’t create a public domain CNAME, Windows and Windows Phone users are prompted for the server address and must type “manage.microsoft.com”. Windows Phone 8.1 and iOS phone users can then view their Enrolled Devices to enroll their phone.

  3. If this is their first time in the portal, or if you’ve required acceptance of a new version of terms and conditions, they’ll be asked accept those terms. This isn’t affected by whether the device is enrolled or not. The user either accepts or declines. If they accept, they can continue to the portal. If they decline they are asked to confirm that they want to decline, and are then provided with a link to instructions on how to unenroll. They are not automatically unenrolled, and until they unenroll you can still manage the device.

    At this point the process differs for devices that have not yet been enrolled, depending on the operating system of the device.

    • For Windows devices and Windows Phone 8.1, the Company Portal will remind the user to enroll. Windows Phone 8.1 will have a link to enrollment settings, and Windows will have a link to help content that describes how to enroll.

    • For iOS and Android devices, the user is led through the enrollment process. Users will still see a message from Microsoft about the impact of enrolling.

A Windows or Windows Phone user may find the enrollment interface in the device without going to the Company Portal and could enroll without seeing the terms and conditions. You should advise your users to start at the Windows Store or Windows Phone Store, to increase exposure and acceptance of your terms and conditions.

Once devices are enrolled you can:

See Also

To navigate Intune documentation on TechNet, see the Intune Site Map. Want to try Intune? Sign up for a 30-day trial.
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
© 2015 Microsoft