Microsoft Intune - Enrollment - How to enroll an Apple device with Apple School Manager (ASM)

Summary

This article outlines the process for enrolling Apple devices into Microsoft Intune, including the use of Apple School Manager (ASM) for device assignment.

Body

Self-Help Article (External)

Purpose

This article outlines the process for enrolling Apple devices into Microsoft Intune, including the use of Apple School Manager (ASM) for device assignment.

Requirements

Step-by-Step Procedures

Important (Before You Begin): 
Devices not present in Apple School Manager (ASM) cannot be enrolled using this process.
If a device is not present and cannot be imported into ASM using standard methods performed by the STW Book Store staff, use the Apple Configurator enrollment directions.

  1. ASM: Sign in to Apple School Manager
    1. Go to:  https://school.apple.com
    2. Enter: your Managed Apple ID
    3. Complete multi-factor authentication (MFA) if prompted.
    4. You’ll land on the ASM dashboard.
  2. ASM: Assign Device to Intune (MDM Server)
    This step links the device to Intune via Apple Automated Device Enrollment (ADE).
    1. In ASM, click: Devices (left menu)
    2. Search for the device: By Serial Number, Order Number, or Device Name
    3. Choose: device(s)
    4. Click: Edit Device Management (top right).
    5. In the MDM Server / Device Management dropdown: 
      1. Choose: Your Intune MDM server
    6. Click: Continue > Confirm
    7. The device is now assigned to Intune in Apple School Manager.
  3. Intune: Sync Device (Force Sync)
    Devices in ASM will sync to Intune automatically. To force a sync manually, follow the steps below:
    1. Go to the Microsoft Intune Admin Center:  https://intune.microsoft.com
    2. Click: Devices > macOS or iOS/iPadOS > enrollment
    3. Click: Enrollment Program Tokens
    4. Open: Your ASM token
    5. Click: Sync
      Note: Devices may take several minutes to appear even after syncing.
  4. Intune: Verify Device Sync Status
    1. Still in the Microsoft Intune Admin Center
    2. Click: Devices > macOS or iOS/iPadOS > enrollment
    3. Click: Enrollment Program Tokens
    4. Open: Your ASM token
    5. Click: Devices
    6. Search: For the device by Serial Number
    7. If successful, the device should appear in the list.
  5. Intune: Assign Device to Enrollment Profile.
    Important: Assign this before powering on or resetting the device.
    The enrollment profile tells the device how to behave during setup.
    1. Still in the Microsoft Intune Admin Center.
    2. Click: Devices > macOS or iOS/iPadOS > enrollment
    3. Click: Enrollment Program Tokens
    4. Open: Your ASM token
    5. Click: Profiles
    6. Choose: Either an existing profile or Create profile
      1. If creating a profile, follow the wizard to create a profile.
    7. Assign device to enrollment profile: 
      1. Open: The profile
      2. Click: Assign devices
      3. Click: Add device
      4. Search: For the device by Serial Number
      5. Choose: The device
      6. Click: Add
  6. Device: Trigger Enrollment
    Important: Devices that have already completed Apple Setup Assistant must be erased/reset before Automated Device Enrollment (ADE) will occur successfully. ADE enrollment only happens during the initial Apple setup process. After the device is reset and setup begins again, the device will detect the Intune enrollment configuration and display the Remote Management screen for enrollment.
    1. Option A – New/Reset Device
      1. Power on: Device
      2. Connect to: Wi-Fi
      3. Device connects to Apple, detects Intune, shows the Remote Management screen, and enrolls automatically
    2. Option B – Already in use device
      1. iOS/iPad
        1. Go to: Settings > General > Transfer or Reset > Erase All Content and Settings
        2. Upon reboot, device will enroll via ADE.
      2. macOS
        1. Method 1 (macOS Monterey and newer – preferred)
          1. Go to: Apple Menu > System Settings > General > Transfer or Reset > Erase All Content and Settings
          2. Follow the prompts to wipe the device.
          3. Mac will restart.
          4. After reset, the Mac connects to Apple, detects Intune, shows the Remote Management screen, and enrolls automatically.
        2. Method 2 (Older macOS or fallback method)
          1. Restart and hold: Command (⌘) + R
          2. Enter: macOS Recovery
          3. Select: Disk Utility > Erase disk
          4. Then reinstall macOS.
          5. After reset, the Mac connects to Apple, detects Intune, shows the Remote Management screen, and enrolls automatically.
  7. Device: Verify Enrollment Status
    1. On the macOS:
      1. Click: Apple menu > System Settings (or System Preferences on older macOS)
      2. Go to: Privacy & Security
      3. Scroll down to: Profiles (or just “Profiles” directly if visible in sidebar)
      4. Look for an MDM Profile typically named something like: Microsoft Intune Management Profile or MDM Profile
      5. If present, the device is enrolled and managed.
    2. On the iPhone/iPad:
      1. Go to: Settings > General > VPN & Device Management
      2. You should see: Management Profile (Intune)
      3. Also: During setup you should see “Remote Management” screen

 

 

 

 

 

Details

Details

Article ID: 20774
Created
Thu 6/4/26 4:00 PM
Modified
Thu 6/11/26 12:16 PM