In today’s post, I continue my discussion of mobile device management (MDM). In my last post preparing for mobile device management, I described how to prepare for MDM. Now, I talk about how to prepare for and execute device enrollment for Windows, Windows Phone, Apple iOS, and Google Android devices. Let’s start off by talking about how you prepare for device enrollment.

Device enrollment preparation

You can think of device enrollment preparation as the next logical step after preparing for MDM. But device enrollment preparation is specific to the types of devices you want to support. So, you only need to prepare for those devices that you need to support. In the next few paragraphs, I’ll walk you through each device type and how you can prepare for its enrollment.

Prepare for Windows device enrollment

To prepare your Windows Intune subscription for Windows devices, complete the following steps:

  1. Enable Windows device enrollment. Enable Windows device enrollment by selecting the Enable Windows enrollment check box on the Windows tab of the Windows Intune Subscription Properties dialog box.
  2. Add the code-signing certificate. You use this code-signing certificate to sign your line-of-business apps. You add the code-signing certificate on the Windows tab of the Windows Intune Subscription Properties dialog box.
  3. Add sideloading keys. You add sideloading keys in the Windows Sideloading Keys node of the Software Library workspace in the Configuration Manager console.

    Sideloading keys are necessary for:

    • All Windows RT 8.1 and Windows RT devices.
    • Windows 8.1 and Windows 8 Enterprise and Pro devices that are not domain joined.

    Sideloading keys are not required for the Windows 8.1 Enterprise, Windows 8.1 Pro, and Windows 8 Enterprise devices that are domain joined.

Prepare for Windows Phone device enrollment

Preparing your Windows Intune subscription for Windows Phone devices is almost as easy as for Windows devices. Complete the following steps for Windows Phone devices:

  1. Register as a company developer in the Windows Phone Dev center. To be able to deploy your own apps (and specifically, the Company Portal app), you must register as a Windows Phone company developer here. You must register so that you can obtain a certificate, which is required to sign your apps (such as the Company Portal app, which you can customize and sign for your use). You must have your customized and signed Company Portal app to deploy apps to Windows Phone devices.
  2. Customize, sign, and upload your Company Portal app. To sign your Company Portal app, you must obtain a code-signing certificate from the Symantec Enterprise Mobile Code Signing Certificate website. You use the code-signing certificate to sign your Company Portal app and configure your Windows Intune subscription to use the certificate.
  3. Create and deploy a Microsoft System Center 2012 R2 Configuration Manager application for your Company Portal app. You create a System Center 2012 R2 Configuration Manager application based on the Company Portal app’s .xap file. Then, you deploy the app to all users in the Configuration Manager user collection for users who will be enrolling devices.
  4. Enable Windows Phone device enrollment. You enable Windows Phone device enrollment by selecting the Enable Windows Phone enrollment check box on the Windows Phone tab of the Windows Intune Subscription Properties dialog box.
  5. Add the application enrollment token. You obtain the application enrollment token from the Symantec Enterprise Mobile Code Signing Certificate website that you used to sign your Company Portal app. Add the application enrollment token on the Windows Phone tab of the Windows Intune Subscription Properties dialog box.
  6. Select the Configuration Manager application package based on the signed Company Portal .xap file. You select the Configuration Manager application package in Application package containing signed company portal .xap on the Windows Phone tab of the Windows Intune Subscription Properties dialog box.

But what if you want to evaluate Windows Phone management? Do you have to go through all these steps? Not to fear! You can download the Support Tool for Windows Intune Trial Management of Windows Phone. This tool helps simplify the configuration process; but remember that it’s for evaluation purposes only. For production environments, use the process above.

Preparation for iOS device enrollment

Preparing for iOS device enrollment is similar to the process for Windows Phone. Here are the steps you must complete:

  1. Enable iOS device enrollment. Enable iOS device enrollment by selecting the Enable iOS enrollment check box on the iOS tab of the Windows Intune Subscription Properties dialog box.
  2. Specify the Apple Push Notification (APN) certificate. Obtain the APN certificate by downloading a certificate request from Windows Intune. Submit the certificate request to the Apple Push Certificate Portal, and then upload the APN certificate to Windows Intune.

Prepare for Android device enrollment (including Samsung KNOX)

To prepare for Android device enrollment (including Samsung KNOX), simply select the Enable Android enrollment check box on the Android tab of the Windows Intune Subscription Properties dialog box.

Device enrollment process

Just as with preparation for device enrollment, the device enrollment process is different for each device type. Let’s look at how you would enroll each type of device.

Windows device enrollment process

The Windows device enrollment process is the same for Windows 8.1 and Window RT 8.1 devices. Complete the following steps:

  1. In PC settings, select Network, and then select Workplace.
  2. In Enter your user ID to get workplace access or turn on device management, type the user’s email address, and then select Turn on.
  3. In the Allow apps and services from IT admin page, select Turn on.
  4. Install the Company Portal app from the Windows Store.
  5. Start the Company Portal app, and sign in to Windows Intune.

It can take 5 to 10 minutes after enrollment begins before the Company Portal can be accessed.

Note   If your Windows account does not have a public domain and you are using a *.onmicrosoft.com account, you will need to create a new REG_SZ registry key called DiscoveryService with the value manage.microsoft.com in the following registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\MDM

Windows Phone device enrollment process

Just as with the Windows device enrollment process, Windows Phone device enrollment is slightly different for Windows Phone 8 and Windows Phone 8.1. Here are the steps you must complete:

  1. Sign in to Windows Intune by performing one of the following tasks:
  • For Windows Phone 8, on the Start screen, swipe in from the right, and then select settings. Select company apps, and then sign in by with the user’s email address.
  • For Windows Phone 8.1, on the Start screen, swipe in from the right, and then select settings. Select Workplace, and then sign in with the user’s email address.

Note   If your Windows Intune account does not have a public domain and you’re using a *.onmicrosoft.com account, you must manually enter the Windows Intune server address as manage.microsoft.com.

  1. Ensure that the Install company app check box is selected after you have signed in.

iOS device enrollment process

To enroll an iOS device, complete the following steps:

  1. Install the Windows Intune Company Portal app, which is available in the Apple App Store.
  2. Sign in to Windows Intune by using the Windows Intune Company Portal app and your credentials.

After you have signed in to Windows Intune, you will see an exclamation point ("!").

  1. Tap "!" to enroll the device.
  2. Click Install on the Management Profile screen.

Android device enrollment process

Enroll an Android device (including Samsung KNOX) by completing the following steps:

  1. Install the Windows Intune Company Portal app, which is available on Google Play.
  2. Sign in to Windows Intune by using the Windows Intune Company Portal app and your credentials.

Summary

Well, now you know how easy it is to prepare for device enrollment and enroll devices. You can find more about device enrollment preparation and the device enrollment process for each type of device at Mobile Device Enrollment. In my next installment, I’ll discuss how to configure compliance settings for mobile devices by using System Center 2012 R2 Configuration Manager and Windows Intune.

NEXT BLOG POST IN THIS SERIES:  How-to configure mobile device settings