The corporate-owned devices purchased through Apple Business Manager or Apple School Manager can be enrolled in Microsoft Intune via Apple automated device enrollment. An ADE enrollment profile is required to enroll the device. A device enrollment profile defines the settings applied to a group of devices during enrollment.
This article will demonstrate how to create an Apple ADE profile. This article assumes you already have ADE prerequisites configured in your Intune tenants. The prerequisites include:
- Apple Automated Device Enrollment Token configured and active
- Apple MDM Push Notification Certificates (APNs) configured.
Create iOS / iPadOS ADE Enrollment Profile
Follow the below steps to create an Automated device enrollment profile for iOS and iPadOS devices.
- Open the Intune admin center and navigate to Devices > iOS/iPadOS > iOS/iPadOS enrollment blade.
- Click on Enrollment Program tokens
- On the Enrollment program tokens page, click on Token name.
- Click on the Profiles > Create profile and select iOS/iPadOS
- On the Create profile > Basics page, provide the following details.
- Name: Enter a suitable name for the enrolment profile
- Description: Enter the brief description to describe the purpose of the profile
On the Management Settings page, provide the following details.
- User affinity: Enroll with User Affinity
- Authentication Method: Setup Assistant with modern authentication
- Install Company portal with VPP: Select the VPP token that you want to use if it’s not selected automatically.
- Supervised: Yes
- Locked Enrollment: Yes
- Sync with computers: Allow All
Scroll down to update the remaining settings.
- Await final configuration: No
- Apply device name template (supervised only) : Yes
- Device Name Template: Update as per your organization’s naming convention. The {{DEVICETYPE}} and {{SERIAL}} variable inserts the device type (e.g. iPad or iPhone) and serial number of the device.
On the Setup Assistant page, show or hide the settings as per your requirements. This will only show/hide the setting during device enrollment. If you want to hide specific settings on a device then you need to use a device restriction policy.
On the Review + create page, review the details and click on the Create button to create the enrollment profile.
You can now see the enrollment profile under the profile blade.
Assign a Device to Enrollment Profile
A device needs to be assigned to an enrollment profile before a user can enroll the device. A device can be enrolled to only one profile and the last assignment removes previous profile assignments.
Follow the below steps to assign a device to an enrollment profile.
- Open Intune admin center and navigate to Devices > iOS/iPadOS > iOS/iPadOS enrollment
- Click on Enrollment Program tokens
- Click on the Token name
- Click on the Profiles blade and then select the enrollment profile
- Click on Manage > Assign devices and then click on +Add Devices
- Search for the device serial number, select the device, and click on Add to assign the device to the enrollment profile.
Wipe a Device to enroll with a new profile
Once a device is assigned to an enrollment profile, you need to wipe the device. The device reboots after receiving the updated policy and its goes through the OOBE screens.
- To wipe a device, navigate to Intune admin center > Devices > All devices
- Search for the device using the device name or serial number
- Click on the device and then click on Wipe from the top menu.
As soon as the device receives an updated policy, it’s rebooted and the user needs to follow the instructions to complete iOS device enrollment.
Related Posts
- Deny M365 Apps access from Untrusted Locations
- How to Restrict Website Access Using Web Content Filter | Intune
- Fix Something went wrong – 2002 error on iOS | Intune
- Configure Home Screen Layout on iOS using Intune
- How to Show or Hide Native Apps on iOS via Intune
- Configure iOS Lock Screen Message through Intune
- Create ADE Enrollment Profile in Microsoft Intune
- Manage iOS Updates on Supervised Devices through Intune
Subscribe to Techuisitive Newsletter
Be the first to know about our new blog posts. Get our newsletters directly in your inbox and stay up to date about Modern Desktop Management technologies & news.