Enroll iOS iPadOS devices in Intune: Complete Guide

Enroll iOS iPadOS devices in Microsoft Intune

This post is a step-by-step guide to enroll iOS iPadOS devices in Intune. Using the Company Portal app, you can register your iOS/iPadOS devices to gain secure access to your organization’s email, files, and apps.

When you enroll iOS iPadOS devices in Intune, it is called a managed device. Intune can manage Apple devices efficiently, provided they fall under the supported devices list. Your organization can assign policies and apps to iOS devices using an MDM solution such as Intune.

The procedure for enrolling an iOS/iPadOS device in Microsoft Intune consists of a series of steps. After successfully enrolling an iOS device, you can apply policies and configuration profiles through the Intune Portal. The enrollment process for Apple iPhone and iPad remains the same. The overall method of enrolling an iOS device is different from that of Windows device enrollment in Intune.

Install and Update Third Party Applications with Patch My PC
Install and Update Third Party Applications with Patch My PC

In this article, I will show you how to manually enroll iOS/iPadOS device in Microsoft Intune. When you have many iOS devices, you can automatically enroll iOS/iPadOS devices by using Apple’s Automated Device Enrollment.

Prerequisites for enrolling iOS iPadOS devices in Intune

If you want to enroll iOS devices in Intune, following are the prerequisites:

  • Your device must be running iOS 14.0 and later.
  • You must Install Company Portal app from App Store.
  • To log in to the company portal, you’ll need a user account with Intune license.
  • Maintain a Wi-Fi connection until all steps are complete.
  • Have access to Safari web browser on your device.

Configure Apple MDM Push Certificate

An Apple MDM Push certificate is required to manage iOS/iPadOS and macOS devices in Microsoft Intune. You can configure Apple MDM push certificate with following steps:

Configure Apple MDM Push Certificate
Configure Apple MDM Push Certificate

On the Configure MDM Push Certificate window, select I agree to give Microsoft permission to send data to Apple. This is a mandatory step.

Configure Apple MDM Push Certificate
Configure Apple MDM Push Certificate

Download the Intune Certificate Signing request

In this step, you have to download the Intune certificate signing request required to create an Apple MDM push certificate. Select Download your CSR to download and save the request file locally. Refer to the above screenshot for more details.

Shortly, the IntuneCSR.csr file will be downloaded and saved to the default location on your computer. We will need this file to request a trust relationship certificate from the Apple Push Certificates Portal.

Download the Intune certificate Signing request
Download the Intune certificate Signing request

Create an Apple MDM Push Certificate

On the Configure MDM Push Certificate window, click Create your MDM push certificate. A new link opens in your default browser and takes you to the Apple Push Certificates Portal.

You must sign in with your company email address Apple ID, and then click Create a Certificate.

Create an Apple MDM push certificate
Create an Apple MDM push certificate

You must accept the Terms of Use to proceed futher.

Create an Apple MDM push certificate
Create an Apple MDM push certificate

On the Create a new MDM Push Certificate page, select Choose File and browse to the Intune certificate signing request file (IntuneCSR.csr), and then choose Upload.

Create a new Apple MDM push certificate
Create a new Apple MDM push certificate

On the Confirmation page, select Download to download the certificate (.pem) file, and save the file locally. The Apple MDM push certificate file is saved with following name: MDM_ Microsoft Corporation_Certificate.pem.

Download Apple MDM push certificate
Download Apple MDM push certificate

Upload Apple MDM Push Certificate

In step, you have two things that you need to configure:

  1. Enter the Apple ID used to create your Apple MDM push certificate.
  2. Upload the Apple MDM Push certificate by clicking Browse icon and upload the MDM_ Microsoft Corporation_Certificate.pem file to Intune. By successfully uploading the Apple MDM push certificate, Intune can enroll and manage Apple devices.
Upload Apple MDM push certificate
Upload Apple MDM push certificate

We see another notification confirming that your MDM push certificate was successfully created.

Upload Apple MDM push certificate
Upload Apple MDM push certificate

After you configure Apple MDM push certificate, the bulk enrollment methods are activated in Intune portal. The Apple bulk enrollment methods include:

  1. Apple configurator
  2. Enrollment Program Tokens

We also see the enrollment options that allow you to manage user enrollment and device enrollment options for iOS and iPadOS devices.

Intune Apple Enrollment Methods
Intune Apple Enrollment Methods

Enroll iOS iPadOS devices in Intune

In this section, we will look at steps to enroll iOS iPadOS devices in Intune. As an Intune admin, you can set up enrollment for iOS/iPadOS and iPadOS devices to access company resources. You can let users enroll personally owned devices, known as “bring your own device” (BYOD) enrollment.

Once again, before you enroll Apple devices in Intune, you must check the prerequisites. You cannot enroll an iOS/iPadOS device if Intune does not support it.

Install the Company Portal App from the App Store

If you had to enroll a Windows device in Intune, you would use a company portal app. Similarly, to enroll iOS/iPadOS device in Intune, you have to install the company portal app on Apple device from App Store.

On your Apple device, launch the App Store and search for “Intune Company Portal” and click Get. You may be asked to enter the passcode or authenticate using face ID to install the app.

Enroll iOS iPadOS devices in Microsoft Intune
Enroll iOS iPadOS devices in Microsoft Intune

Sign in to Company Portal app

On your iOS iPadOS device, launch the Intune Company Portal app and on the sign in screen, enter the Azure AD credentials. If you wonder which account should I enter here, you should create a user in Microsoft 365 Admin Center. This user should be assigned an Intune license.

Sign in to Intune Company Portal
Sign in to Intune Company Portal | Enroll iOS iPadOS devices in Microsoft Intune

When you launch the company portal app, it requests notification access. If you want to allow the company portal app to show notifications, click Allow.

Allow Company Portal Notifications
Allow Company Portal Notifications | Enroll iOS iPadOS devices in Microsoft Intune

Set up iOS/iPadOS Device Access to your company resources

There are few basic steps to set up iOS iPadOS device access to your company resources. You must complete these steps to access your email, devices, Wi-Fi, and apps for work.

After your device is enrolled, it becomes managed and your organization can assign policies and apps to the device via Intune. On the Set-up Organization access page, click Begin.

There are 4 steps included here:

  1. Review privacy information
  2. Download management profile
  3. Install Management Profile
  4. Check Device Settings
Set up iOS/iPadOS Device for Enrollment
Set up iOS/iPadOS Device for Enrollment

The Device Management and Privacy screen shows what your organization can see and cannot see on your device.

What your organization cannot seeWhat your organization can see
View browsing history on this deviceDevice Model and Manufacturer
See your personal emails, documents, contacts, or calendarOperating system and version
Access your passwordsApp inventory and app names
View, edit or delete your photosDevice Owner, Name
See the location of a personal deviceDevice serial number, IMEI

Click Continue on Device Management and your privacy page.

Device Management and Privacy
Device Management and Privacy | Enroll iOS iPadOS devices in Microsoft Intune

Review privacy information is completed, click on Continue to begin Download management profile.

Review Privacy Information
Review Privacy Information

To continue downloading a configuration profile, click Allow.

Download Management Profile
Download Management Profile

The green tick is seen for download management profile step which means it is completed successfully. Click Continue.

Download Management Profile
Download Management Profile

In this step, you have to install the Management Profile that was downloaded in previous step. You will get instructions on how to install management profile on your device screen.

On your iOS/iPadOS device, navigate to Settings > General > VPN & Device Management. Now tap on Management Profile and tap Install.

Install Management Profile
Install Management Profile

On the Install Profile box, click Install.

Install Management Profile
Install Management Profile

You should now see Remote Management window asking you if you trust the profile sources to enroll your iPad into remote management. Click Trust.

Install Management Profile
Install Management Profile

The management profile has been installed successfully on your device. By installing this profile, your iOS/iPadOS device can now access your company apps. Click Done to close the Management Profile window.

Install Management Profile | Enroll iOS devices in Microsoft Intune
Install Management Profile | Enroll iOS devices in Microsoft Intune

Go back to set up organization access window and complete the remaining steps. We see the Install management profile step is completed successfully. Click Continue.

Enroll iOS iPadOS devices in Microsoft Intune
Enroll iOS iPadOS devices in Microsoft Intune

The last step is Checking device settings and this should take a few seconds to complete. Finally, when all the steps are completed, click Done.

Enroll iOS iPadOS devices in Microsoft Intune
Enroll iOS iPadOS devices in Microsoft Intune

This completes the steps to enroll iOS iPadOS devices in Microsoft Intune. Launch the Intune Company Portal app and click on Devices. Here you can see the Device settings status, manufacturer, model, and operating system details.

Enroll iOS iPadOS devices in Microsoft Intune
Enroll iOS iPadOS devices in Microsoft Intune

View Enrolled iOS/iPadOS Devices in Intune

After you enroll iOS iPadOS devices in Intune, you can view those devices using the following steps:

  • Sign in to the Microsoft Intune admin center.
  • Select Devices > iOS/iPadOS devices.
  • In the right pane, you can see the list of all the enrolled iOS/iPadOS devices.
View Enrolled iOS/iPadOS Devices in Intune
View Enrolled iOS/iPadOS Devices in Intune
Need more help?

If you need further assistance on the above article or want to discuss other technical issues, check out some of these options.