Skip to main content

Onboarding into Intune

All new mobile phones at PBR are bring onboarded to Intune

 

In order to onboard an iOS device into Intune you must first install the Apple Configurator App on your personal phone. This phone must be also connected to Wi-Fi (PBR Corporate Wi-Fi doesn't work with this process) so needs to be connected to Internet Wi-Fi. iOS version of your personal phone and the new PBR phone need to be similar, but not necessarily exactly the same (it worked for me with my personal iPhone on 18.01 and PBR iPhone on 17.7)

Apple Configurator App is available for the App Store, icon looks like image.png

    • Open Personal iPhone and log into Apple Configurator with PBR Apple Business Manager Username (apple@pbr.org.au) and Password (in 1Password). This MFA's to Mitch's phone. Click on settings and ensure that 'Share Wi-Fi' is enabled 
    • If the phone has been used previously then it must first be erased, once erased or if new proceed with the guided setup until you get to the screen prompting to connect to a Wi-Fi network. (DO NOT CONNECT).
    • On your personal phone scan the screen of the new PBR phone and a QR code will appear and then the new phone will go through the process to add to Apple Business Manager.
    • Once complete log into Apple Business Manager https://business.apple.com with same creds as above. Navigate to Devices

    • image.png

    • Select the device you added (best done by serial number) you now need to assign the MDM server to the device, click on 3 dots top right, select edit MDM server and select Intune as the PBR MDM Server and clcikimage.png
    • Now the new device will be listedupdated as per below image.pngThis is all that needs to be done in Apple Business Manager. 
    • Log into Intune, navigate to Devices | Enrolment | Apple tab | Enrolment Program Tokens | Select Intune Token | Devices. It can take some time to sync, if its not showing after a few minutes try a refresh and if still not showing try a sync (this will take 15 mins)image.png

    • Once the device is visible in Intune, you need to assign a profile. Select the device and click Assign Profile. Currently there are 2 profiles configured - 

      • PBR Default iOS Profile - This is for staff that are being assigned a personal iPhone 

      • PBR Shared iOS Profile - This is for role based iPhones & iPad's

    • Select the required profile and click sync and wait the 15 minutes for the sync to complete.

    • Return to the iPhone you are onboarding and click Erase iPhone, the phone will then erase and restart
    • Once restarted go through the setup prompts, language, country, appearance, quick start (select setup without another device), connect to wifi (choose internet), Remote Management, (choose enroll the iPhone), create a passcode (123456)
    • Once you get to the home screen The device should now be visible in Intune Devices | iOS/iPadOS Devices. Its can take some time (like everything with Intune)image.png
  • Once visible you need to assign the device(not the user)to an AAD group, (this is where the majority of configuration gets applied) there are currently 3 groups setup  - 
    • Intune_iOS_iPhones_Individual
    • Intune_iOS_iPhones_Role
    • Intune_iOS_iPads
  • Restart the phone

  • Open Company Portal App and sign in with PBR User Creds (not needed on iPad's or iPhones that are Role Based)Follow the prompts

     

    Assigned Apps will be installed on the iPhone (apps are specified in Intune,  Apps | iOS Apps)

    Select device and you can manage the device

    iOS updates are specified in a policy

    Configuration Profiles - Devices | iOS | Configuration
    Can configure policies here to restrict device use. eg block camera, or setup wifi

    iOS updates are specified in Devices | iOS/iPad |iOS Updates
    Set to Latest update and update at next check-in (should possibly look to change to schedule out of hours)

     

    •  

     

    9. 

     

    Back to top