In the video below, I show how to configure Apple Business Manager and Microsoft Intune for automated device enrollment. It includes enrollment for both macOS and iOS devices. This powerful technology allows an MSP to ship devices directly to end-users. Devices can be preconfigured with policies, settings, and applications. The user can boot the device and go from box to production. The configuration provides a great solution that checks many boxes for compliance regulations because corporate data can be separated from personal data on the device. Intune has traditionally been inferior to an MDM solution like JAMF. In the past few years, Microsoft has made many strides in the amount of configuration for Apple devices. The most powerful is this automated deployment. Automated deployment makes things much easier when managing a remote workforce as well without having to have users connect to a VPN. 

Prerequisites for Enrollment

Some prerequisites to setting up this configuration include a Microsoft Intune subscription and an ABM Account. Federation can be set up with ABM and Azure AD to create managed Apple IDs. Federation allows you to automatically create managed Apple IDs. Federation allows users to authenticate with their Azure Active Directory credentials. This works both in pure cloud deployments or hybrid environments with AD Connect.

You will want to set up a MDM push certificate in the customers account. Microsoft has many published articles on this process which can be found here.

Steps

Intune

  • Add MDM Server-Intune
  • Create Enrollment Profile
  • Create Compliance Policies
  • Create Configuration Profiles
  • Add Managed Applications
Apple Business Manager
  • Set up Azure AD Federation
  • Add MDM Server
  • Add Reseller IDs
  • Upload Devices
  • Set up VPP Account
  • Add Company Portal App

Share with the Community