Microsoft Intune: Effortless Web Enrollment for iOS Devices

Key insights

• Web Enrollment in Microsoft Intune simplifies enrolling personal iOS devices, eliminating the need for the Company Portal app and enhancing the user experience.


• Prerequisites: Ensure Microsoft Intune is set as the Mobile Device Management (MDM) authority, have an active Apple MDM Push certificate, and ensure devices run iOS/iPadOS version 15 or later.


• Just-in-Time Registration: Utilizes Apple Single Sign-On (SSO) extension to facilitate device registration. Configure this by creating a profile with specific configuration keys in the Intune admin center.


• Create a Web-Based Enrollment Profile: Involves setting up a new profile for iOS/iPadOS with web-based device enrollment type and assigning it to user groups.


• User Enrollment Process: Users should open Safari, navigate to the specified URL, sign in with their work or school account, follow instructions to download and install the management profile, and ensure Microsoft Authenticator is installed.


• This method offers a streamlined approach for bring-your-own-device (BYOD) scenarios, providing a seamless experience for users while ensuring efficient device management for administrators.

Introduction to Web-Based Enrollment for iOS Devices

Enrolling iOS devices into Microsoft Intune has traditionally required the use of the Company Portal app. However, a new method using web-based enrollment simplifies this process, making it quicker and more seamless. This approach is particularly advantageous for bring-your-own-device (BYOD) scenarios, where users can enroll their devices directly through the Safari browser. In this article, we will explore the steps involved in setting up web-based enrollment, as well as the benefits and challenges associated with this method.

Configuring Web Enrollment in Intune Admin Center

The first step in enabling web-based enrollment for iOS devices is configuring the necessary settings in the Intune Admin Center. This involves ensuring that Microsoft Intune is set as the Mobile Device Management (MDM) authority and verifying that an active Apple MDM Push certificate is configured. Additionally, devices must be running iOS/iPadOS version 15 or later to be compatible with this enrollment method.

Setting Up Just-in-Time Registration

Just-in-Time (JIT) registration is a critical component of web-based enrollment, utilizing the Apple Single Sign-On (SSO) extension to facilitate device registration. This feature provides single sign-on capabilities across Microsoft applications, enhancing the user experience. To configure JIT registration, administrators must create a configuration profile in the Intune admin center, selecting iOS/iPadOS as the platform and choosing the Device features template. Key configuration settings include setting the Extension type to Microsoft Entra ID and adding specific configuration keys, such as device_registration and browser_sso_interaction_enabled. Once the profile is created, it should be assigned to the appropriate user groups and deployed.

Creating a Web-Based Enrollment Profile

After setting up JIT registration, the next step is to create a web-based enrollment profile. This involves navigating to the iOS/iPadOS enrollment section in the Intune admin center and selecting Enrollment types. Administrators must create a new profile, entering a name and description, and choosing Web based device enrollment as the enrollment type. The profile should then be assigned to the desired user groups and finalized by clicking Create. This profile will enable users to enroll their devices through the web-based method.

Preparing Users for Enrollment

Once the web-based enrollment profile is set up, users need to be informed about the enrollment process. They should be instructed to open Safari and navigate to the specified web enrollment URL. After signing in with their work or school account, users will follow on-screen instructions to download and install the management profile. It is essential that the Microsoft Authenticator app is installed on their devices to complete the enrollment process. Providing clear instructions and support during this stage is crucial to ensure a smooth transition for users.

Challenges and Considerations

While web-based enrollment offers a streamlined experience, there are several challenges and considerations to keep in mind. One potential issue is ensuring that all devices meet the necessary prerequisites, such as running the correct iOS/iPadOS version and having the Microsoft Authenticator app installed. Additionally, administrators must carefully manage and assign profiles to the correct user groups, as incorrect assignments can lead to enrollment failures. Balancing these factors requires careful planning and coordination between IT teams and end-users. In conclusion, enrolling iOS devices into Microsoft Intune using web-based enrollment provides a simplified and efficient process for both users and administrators. By following the outlined steps and addressing potential challenges, organizations can enhance their device management capabilities and improve the overall user experience.

Keywords

iOS Intune enrollment web guide device management Apple MDM tutorial mobile security setup