Microsoft Intune – Enrollment – How to enroll an Apple iOS/iPadOS Device with Apple Configurator (Direct Enrollment)

Tags intune

Self-Help Article (External)

Purpose

This article outlines the process for enrolling an Apple iOS/iPadOS device into Microsoft Intune with Apple Configurator (Direct Enrollment). This method is intended for shared or task-based devices, does not reset the device, enrolls the device without User Affinity, and does not support the Company Portal.

Requirements

Step-by-Step Procedures

  1. Intune: Review or Create Apple Configurator Enrollment Profile
    A device enrollment policy defines the settings applied during enrollment. These settings are applied only once.
    1. In the Microsoft Intune admin center, go to Devices > Enrollment
    2. Select the Apple tab
    3. Under Bulk Enrollment Methods, select Apple Configurator
    4. Select Profiles
    5. Review profiles or create new profile
      1. If a profile already exists:
        1. Skip to Step 2.
      2. If a new profile is required:
        1. Select Create Profile
        2. Enter Name and Description (optional)
        3. Select Next 
        4. Go to Settings
        5. For User Affinity, choose Enroll without User Affinity: Use for shared or task-based devices. Company Portal is not supported.
        6. Select Create​​​​
  2. Intune: Export Enrollment Profile
    Important: An enrollment policy file is only valid for two weeks at which time you must re-create it.
    1. In the Microsoft Intune admin center, go to Devices > Enrollment
    2. Select the Apple tab
    3. Under Bulk Enrollment Methods, select Apple Configurator
    4. Select Profiles
    5. Select a profile configured for Enroll without User affinity
    6. Select Export Profile
    7. Under Direct enrollment, select Download profile, and save the .mobileconfig file
  3. Device: Add Enrollment Profile to Device Using Apple Configurator
    Important:
    - Device is not reset during this process.
    - Device is enrolled without User Affinity. 
    - Company Portal app is not supported.
     - Intended for shared or task-based devices.
    1. Transfer the file to a Mac computer running Apple Configurator 2.0.
    2. Open Apple Configurator 2.0.
    3. Connect the iOS/iPadOS device to the Mac computer with a USB cable.
    4. In Apple Configurator, select the connected iOS/iPadOS device.
    5. Click Add, and then select Profiles
    6. Browse and select the exported .mobileconfig file.
    7. Select Add to install the profile on the device.
      1. If prompted, trust the device on both the Mac and the iOS/iPadOS device
      2. If the device is Unsupervised, the installation requires acceptance on the device.
  4. Device: Install Enrollment Profile on iOS/iPadOS
    1. Ensure the device has completed Setup Assistant and is unlocked.
    2. On the device, when prompted, tap Install for the Management Profile.
    3. Enter the device passcode if prompted.
    4. Review the profile details, then tap Install.
    5. Accept the Remote Management prompt, then tap Trust.
    6. When installation is complete, tap Done.
  5. Device: Verify Enrollment Status
    1. On the device, open Settings.
    2. Go to General > VPN & Device Management.
    3. Verify the management profile is listed.
    4. Confirm policies and configurations begin applying to the device.
      1. Note: Policies and apps may take several minutes to appear
  6. Device: Distribute
    1. Distribute device to the user.