Microsoft Intune – Enrollment – How to enroll an Apple iOS/iPadOS Device with Apple Configurator (Setup Assistant)

Tags intune

Self-Help Article (External)

Purpose

This article outlines the process for enrolling an Apple iOS/iPadOS device into Microsoft Intune with Apple Configurator (Setup Assistant). This method is intended for user-assigned devices and enrolls the device with User Affinity, supporting Company Portal and access to company resources.

Requirements

Step-by-Step Procedures

  1. Intune: Review or Create Apple Configurator Enrollment Profile
    A device enrollment policy defines the settings applied during enrollment. These settings are applied only once.
    1. In the Microsoft Intune admin center, go to: Devices > Enrollment
    2. Select the Apple tab
    3. Under Bulk Enrollment Methods, select Apple Configurator
    4. Select Profiles
    5. Review profiles or create new profile
      1. If a profile already exists:
        1. Skip to Step 2.
      2. If a new profile is required:
        1. Select Create Profile
        2. Enter Name and Description (optional)
        3. Select Next 
        4. Go to Settings
        5. For User Affinity, choose Enroll with User Affinity: Use for user-assigned devices. Supports Company Portal and user access to company data.
          1. Optionally allow authentication with Company Portal instead of Apple Setup Assistant.
        6. Select Create
  2. Intune: Add Device Serial Numbers
    Create a list of devices to import into Apple Configurator
    1. Create a csv list without a header using the following format: SerialNumber,DeviceDetails
      1. Example: F7LTWCLBX199,iPad Air 5 - Blue
    2. In Microsoft Intune admin center, go to Devices > Enrollment
    3. Select the Apple tab
    4. Under Bulk Enrollment Methods, select Apple Configurator
    5. Select Devices, and then select Add
    6. Select an enrollment profile configured for Enroll with User Affinity
    7. Upload the .csv file
    8. Under Import Devices, browse to the .csv file and select Add
  3. Intune: Assign a Profile to Device Serial Numbers
    Choose one of the below methods to assign a profile to a device.
    1. Method - Assign from Apple Configurator Devices
      1. In the Microsoft Intune admin center, go to Devices > Enrollment
      2. Select the Apple tab
      3. Under Bulk Enrollment Methods, select Apple Configurator
      4. Select Devices
      5. Select the device(s) to assign
      6. Select Assign policy
      7. Under Assign policy, select the profile configured for Enroll with User Affinity and then select Assign
    2. Method - Assign from Profiles
      1. In the Microsoft Intune admin center, go to Devices > Enrollment
      2. Select the Apple tab
      3. Under Bulk Enrollment Methods, select Apple Configurator
      4. Go to Profiles
      5. Select profile configured for Enroll with User Affinity
      6. In the profile, select Devices
      7. Select Assign
      8. Filter to find device serial numbers you want to assign to the profile
      9. Then select the devices and select Assign
  4. Intune: Export Enrollment Profile
    1. In the Microsoft Intune admin center, go to Devices > Enrollment
    2. Select the Apple tab
    3. Under Bulk Enrollment Methods, select Apple Configurator
    4. Select Profiles
    5. Select a profile configured for Enroll with User Affinity
    6. Select Export Profile
    7. Copy the Profile URL (this will be used in Apple Configurator as the MDM Server URL)
  5. Device: Enroll device with Setup Assistant
    1. On a Mac computer, open Apple Configurator 2.0
    2. In the menu bar, choose Apple Configurator 2.0, then select Preferences
    3. In the preferences pane, select Servers.
    4. Select the plus symbol (+) to launch the MDM Server wizard
    5. Select Next
    6. Enter a name for the MDM server, and in the Server URL field, paste the enrollment URL exported from Intune
    7. Select Next 
      1. A warning may appear stating the server URL is not verified. This is expected for Intune enrollment profiles and can be ignored.
    8. Select Next until the wizard is finished
      Important: 
      - Devices are reset during the enrollment process.
      - Devices must be at the Hello screen when you connect the device.
      - Remove any existing Apple ID or Activation Lock (Find My) before enrollment.
    9. Connect the iOS/iPadOS mobile device to the Mac computer with a USB cable.
    10. Select the iOS/iPadOS device, then select Prepare.
    11. On the Prepare iOS/iPadOS Device pane:
      1. Select Manual, and then click Next
      2. Select Add to Apple School Manager (ASM) if the device should be assigned to ASM; otherwise, leave it unselected
    12. On the Enroll in MDM Server pane, select the server name you created, and then click Next.
    13. On the Supervise Devices pane, select the level of supervision, and then click Next.
    14. On the Create an Organization pane, choose the Organization or create a new organization, and then click Next.
    15. On the Configure iOS/iPadOS Setup Assistant pane, choose the steps to be presented to the user, and then click Prepare.
      1. If prompted, authenticate to update trust settings.
    16. When the iOS/iPadOS device finishes preparing, disconnect the USB cable.
  6. Device: Distribute
    1. The devices are now ready for corporate enrollment. Turn off the devices and distribute them to users. When users turn on their devices, Setup Assistant starts.
    2. After users receive their devices, they must complete Setup Assistant. Devices configured for Enroll with User Affinity can install and run the Company Portal app to download apps and manage devices.
  7. Device: Verify Enrollment Status
    1. Go to: Settings > General > VPN & Device Management
    2. Verify: A management profile (Intune) is present
    3. Confirm: User completes sign-in during setup (User Affinity)
    4. If the profile is present, the device is enrolled and managed.