Enrolling iOS device through Company Portal App


As an alternative to enrollment with the Company Portal app, you can leverage the Apple Device Enrollment Program (DEP) or the Apple Configurator tool to bulk enroll the corporate-owned devices. However, in this post we will be describing the steps required to enroll the iOS devices through Company Portal App.

From your apple device (I am using iPhone4 for this demo), launch the App Store application


From the Search field, search for “Company Portal”, you should get the Microsoft Intune Company Portal as first option.


Press the GET button to download and install the Company Portal App

IMG_0002a IMG_0003

Once the installation is completed, you will see a new icon among your listed apps, Open the Company Portal App to launch it.


Press the sign In button to login


Key in the domain username, you may notice that the login page will be automatically redirected to your organizations branded login page to enter the username and password.

IMG_0004b  IMG_0004c

Notice that the company logo or brand name is displayed


After login is successful, the Company Access Setup wizard will start by displaying the Device enrolment and device compliance status. Press Begin to start the enrolment process.


The next couple of screens will show you the benefits and privacy features of enrolling the device.

Press continue twice to run through the information details of enrolling the device .

IMG_0006  IMG_0007

Press Enroll to initialize the device enrolment process


Press sign in to start the device enrolment process


The screen will then jump to the iOS internal management profile installation process. You can see here that the management profile for the domain (flanker) is verified and the same is signed by the Microsoft Intune service IOSProfileSigning.manage.microsoft.com.

To continue, press the Install button, and confirm when asked to Install Now.


The process will setup all the required management services and certificates


Once again the wizard will ask for one final confirmation. Press Install and Done when complete

IMG_0013  IMG_0014


IMG_0015  IMG_0016

Notice that the Company Access Setup displaying the Device enrolment and device compliance status as Successful

press Continue to proceed


Press Done at the company Access Setup Complete screen


The Company Portal App will display the enrolled device under My Devices. You will now have access to Apps and Device Information


pressing the device will display the details of the device enrolled.


The Intune administrator can view the enrolled device listed in the Intune admin portal as well.





iOS device management with Microsoft Intune

Microsoft Intune provides iOS and Mac OS X device enrollment to give access to company email and apps to iPhone, iPad and Mac users. Once users install the Intune company portal app, their devices can be targeted with policy using the Intune administration console.

Before you can manage iOS and Mac devices, you must import an Apple Push Notification service (APNs) certificate from Apple.

Steps to manage iOS and Mac devices with Microsoft Intune

Set up Intune: ensure that the mobile device management authority is set as Microsoft Intune.


Get a certificate signing request: This certificate allows Intune to manage iOS and Mac devices and establishes an accredited and encrypted IP connection with the mobile device management authority services.

1 DownloadRequest

click Download the APNs certificate request. Save the certificate signing request (.csr) file locally.


The .csr file is used to request a trust relationship certificate from the Apple Push Certificates Portal.

Get an Apple Push Notification service certificate: Go to the Apple Push Certificates Portal and sign in with your company Apple ID to create the APNs certificate using the .csr file.

3 Apple Portal

4 AppleLogin

Note: This Apple ID must be used in future to renew your APNs certificate.

Click on Create Certificate to submit the certificate request

5Create Cert

Click on Browse to locate the locally stored certificate signing request (.csr) file and then click Open


Cancel the. json file download notification


Refresh the page and you will find the newly created certificate listed under “Certificates for Third-party serversselect the Certificate you want to download and click Download

8Download Cert

Download the APNs (.pem) certificate and save the file locally. This APNs certificate file is used to establish a trust relationship between the Apple Push Notification server and Intune’s mobile device management authority.

9 Save Cert

Now we need to add the APNs certificate to Intune. click Upload the APNs certificate.

10 upload Certificate

Browse to the locally saved certificate (.pem) file and click Open and then enter your Apple ID. With the APNs certificate, Intune can enroll and manage iOS devices by pushing policy to enrolled mobile devices.

11 Upload

Once the APNs certificate is uploaded successfully, the Intune portal will show the status as “Ready for Enrolment



Now we can inform the users to get access to company resources through the company portal.

Please refer to the “Enrolling iOS device through company portal blog for enabling iOS device management. In this post, we will demonstrate how the end user is going to enroll their own iOS device with Microsoft Intune.


Enabling mobile device enrollment using Microsoft Intune

In order to enroll the mobile devices with Intune, The Cloud administrator must configure Intune as the Mobile Device Management authority, add users and setup the portal for the users to register the devices.

Currently there are three types of Mobile Device Management solutions available with Microsoft, they are: Intune, Configuration Manager with Intune and Office 365 MDM solutions.

This post describes the step by step guidelines required to configure Mobile Device Management solution using Microsoft Intune without System Center Configuration Manager integration.

How to set mobile device management authority:


  • In the Tasks list, click Set Mobile Device Management Authority. The Set MDM Authority dialog box opens.


  • At the confirmation page, Check the box and then click OK to use Microsoft Intune to manage mobile devices.
  • Microsoft Intune is set as the Mobile Device Management authority. Now we can enable device enrollment for devices.



Preparing mobile device management with Microsoft Intune:

  • Add Intune users: The mobile device owner must be added to the account portal before devices can be enrolled. The Azure Active Directory synchronization facilitate to add users in the account portal. You can also add individual users through the Office 365 admin center and use .csv file to bulk add users.

3a. users

  • Create groups (Optional) : Groups in Intune provide great flexibility in managing your devices and users. The Azure Active Directory synchronization enables to use security groups to refine policy deployment by geography, department, or users known to use certain devices. The groups cannot dynamically target device operating system.



  • Add policies for devices (Optional): Policies are groups of settings that control features on devices. Most MDM policies are platform specific. The type of policies available are: Configuration policies – Set platform specific management of device settings, Compliance policies – Monitor and remediate compliance issues for devices, Conditional access policies – Use with compliance issues to enable access to company resources like email and SharePoint.


  • Set device enrollment limit (Optional): This limits the number of mobile devices a user can enroll. To set the limit, click Admin > Mobile Device Management > Enrollment rules. Set the maximum number of devices a user can enroll and then click Save.

5.Enrolment rule

  • Set Company Portal settings: Customize the Intune Company Portal for your company. By providing the Company Name, Department Name, Phone Number, privacy statement URL etc. click Admin > Company Portal and provide custom details.

6.Company portal

  • Set Terms and Conditions: You can publish terms and conditions that your users will see when they first use the company portal from any device, whether or not that device is already enrolled. Click Policy > Terms and Conditions, and then click Add to create a new terms and conditions policy.

7.Terms and condition

Now you can enable device enrollment for the following devices:

  1. Enable iOS management
  2. Enable Android management
  3. Enable Windows Phone management
  4. Enable Windows management


Please refer to the “iOS device management with Microsoft Intune” blog for enabling iOS device management

%d bloggers like this: