4. Microsoft NDA Confidential
1. Create Windows Intune Subscription
2. Verify Users have Public Domain UPNs and perform AD User Discovery
3. Deploy and Configure AD Directory Synchronization
4. Verify Public Domain
5. Deploy and Configure AD Federated Services (ADFS 2.0)
6. Activate User in Intune (Reset User Password, if not using ADFS)
7. Configure Configuration Manager for Mobile Device Management
8. Verification of Configuration Manager successfully connecting to Windows
Intune Service
17. Platform Certificates or keys
Windows Phone 8 Code signing certificate: All sideloaded apps must be code-signed.
Windows RT
Sideloading Keys: Windows RT devices have to be provisioned with
sideloading keys to enable installation of sideloaded apps.
All sideloaded apps must be code-signed.
iOS Apple Push Notification service certificate
Android None
18.
19. Microsoft NDA Confidential
1. Create Windows Intune Subscription
2. Verify Users have Public Domain UPNs and perform AD User Discovery
3. Deploy and Configure AD Directory Synchronization
4. Verify Public Domain
5. Deploy and Configure AD Federated Services (ADFS 2.0)
6. Activate User in Intune (Reset User Password, if not using ADFS)
7. Configure Configuration Manager for Mobile Device Management
8. Verification of Configuration Manager successfully connecting to Windows
Intune Service
22. • Settings can be be applied to devices managed in Windows Intune and
devices managed through the Exchange Server Connector
• If a device is receiving policy from more than 1 authority, the most
secure value for a setting is applied.
• Reporting available on each setting
• Applicable settings strongly depend on platform
• There are some lists coming up at TechNet
• Fastest way is to use the Wizard in ConfigMgr “Platform Applicability”
23. • Hardware properties for mobile devices are collected through Device
Management as well as Exchange ActiveSync
• Software inventory for apps installed via MDM. For privacy reasons, we do
not collect app inventory for apps installed through other means on the
device
• Inventory is not extensible for mobile devices
24. Retire
• User or Admin initiated
• Disables further MDM app installation and settings management on the
device
Wipe effects depend on the platform and management type (EAS or native)
• iOS and WP8: Complete wipe and reset to factory defaults
• Android: EAS mailbox removal only
• Windows RT: Only EAS mailbox removal if managed
through EAS
25.
26.
27. Windows Phone Dev Center Account to get a Publisher ID
Request with that Publisher ID an Enterprise Code Signing Certificate
Download Windows Phone 8 Company Portal App and sign
Upload the signed Company Portal App & Symantec Certificate in
IntuneConfigMgr and deploy to all users.
Browse on the Device to CompanyApps
Install Company Portal
28. Run Powershell as Administrator
Set-ExecutionPolicy -ExecutionPolicy Unrestricted
cd ‘C:Program Files (x86)Microsoft SDKsWindows
Phonev8.0ToolsMDILXAPCompile’
.BuildMDILXap.ps1 -xapfilename c:pathfilename.xap' -pfxfilename
'c:pathtocertificatecertificatefilename.pfx' -password mypassword
1.Install Certificate from Symantec
2.Export with Private Key (Password)
3.Sign App with Powershell
29.
30. Download an APNs certificate Request
Get a APNs Certificate (via Apple ID)
Upload the APNs certificate into IntuneConfigMgr
Browse on the Apple device to the Windows Intune Portal
31.
32. Get a certificate (for instance internal PKI) to sign your Apps
Sign your Apps with the certificate
Upload the certificate into ConfigMgrIntune
Upload Sideloading key into ConfigMgrIntune
Go on the Windows RT device to “Company Applications”
Install Company Portal
33.
34.
35. • Admin has not configured mobile device management
• Admin has not enabled enrollment for specific device types
• User is trying to enroll several devices at the same time or has more
than 20 mobile devices in the system
• User is not provisioned by their IT admin
• Interesting Log files
DMPUPLOADER
DMPDOWNLOADER
CLOUDUSERSYNC
36. User not licensed to enroll device
User previously licensed but not a
member of device management
collection anymore
Non-zero guid indicates user is licensed
to enroll device
37.
38. • Nice integration with ConfigMgr (Single Pane of Glass of MDM)
Room for improvement regarding UDM
• There are competitors with more features
• Intune is cloud servcie, so features will be added fast