Self-Help Article (External)
Intended Audience: IT Staff
Purpose
This article outlines the process for enrolling an Apple iOS/iPadOS device into Microsoft Intune with Apple Configurator (Direct Enrollment). This method is intended for shared or task-based devices, does not reset the device, enrolls the device without User Affinity, and does not support the Company Portal.
Requirements
- Access to Microsoft Intune Admin Center
- Physical access to iOS/iPadOS device
- Device must have Internet connectivity.
- macOS computer running Apple Configurator 2.0
Step-by-Step Procedures
- Intune: Review or Create Apple Configurator Enrollment Profile
A device enrollment policy defines the settings applied during enrollment. These settings are applied only once.
- In the Microsoft Intune admin center, go to Devices > Enrollment
- Select the Apple tab
- Under Bulk Enrollment Methods, select Apple Configurator
- Select Profiles
- Review profiles or create new profile
- If a profile already exists:
- Skip to Step 2.
- If a new profile is required:
- Select Create Profile
- Enter Name and Description (optional)
- Select Next
- Go to Settings
- For User Affinity, choose Enroll without User Affinity: Use for shared or task-based devices. Company Portal is not supported.
- Select Create
- Intune: Export Enrollment Profile
Important: An enrollment policy file is only valid for two weeks at which time you must re-create it.
- In the Microsoft Intune admin center, go to Devices > Enrollment
- Select the Apple tab
- Under Bulk Enrollment Methods, select Apple Configurator
- Select Profiles
- Select a profile configured for Enroll without User affinity
- Select Export Profile
- Under Direct enrollment, select Download profile, and save the .mobileconfig file
- Device: Add Enrollment Profile to Device Using Apple Configurator
Important:
- Device is not reset during this process.
- Device is enrolled without User Affinity.
- Company Portal app is not supported.
- Intended for shared or task-based devices.
- Transfer the file to a Mac computer running Apple Configurator 2.0.
- Open Apple Configurator 2.0.
- Connect the iOS/iPadOS device to the Mac computer with a USB cable.
- In Apple Configurator, select the connected iOS/iPadOS device.
- Click Add, and then select Profiles.
- Browse and select the exported .mobileconfig file.
- Select Add to install the profile on the device.
- If prompted, trust the device on both the Mac and the iOS/iPadOS device
- If the device is Unsupervised, the installation requires acceptance on the device.
- Device: Install Enrollment Profile on iOS/iPadOS
- Ensure the device has completed Setup Assistant and is unlocked.
- On the device, when prompted, tap Install for the Management Profile.
- Enter the device passcode if prompted.
- Review the profile details, then tap Install.
- Accept the Remote Management prompt, then tap Trust.
- When installation is complete, tap Done.
- Device: Verify Enrollment Status
-
On the device, open Settings.
- Go to General > VPN & Device Management.
- Verify the management profile is listed.
- Confirm policies and configurations begin applying to the device.
- Note: Policies and apps may take several minutes to appear
- Device: Distribute
- Distribute device to the user.