Best Guide to Enroll iOS iPadOS devices in Microsoft Intune

This guide covers the steps to enroll iOS iPadOS devices in Microsoft Intune (Endpoint Manager). Enroll your iOS/iPadOS device with the Intune Company Portal app to gain secure access to your organization’s email, files, and apps.

When you enroll your iOS/iPadOS device in Intune, it is called a managed device. Intune can manage Apple devices efficiently provided they fall under supported devices list. Your organization can assign policies and apps to iOS devices using MDM solution such as Intune.

The procedure to enroll iOS/iPadOS device in Microsoft Intune includes a series of steps that needs to be followed. After the successful enrollment of iOS device, you can apply policies and configuration profile from Intune Portal.

The enrollment process for Apple iPhone and iPad remains same. The overall method of enrolling a iOS device is different from that of Windows device enrollment in Intune.

In this article, I will show you how to manually enroll iOS/iPadOS device in Microsoft Intune. When you have many iOS devices, you can automatically enroll iOS/iPadOS devices by using Apple’s Automated Device Enrollment.

High-level Steps for Enrolling iOS devices in Microsoft Intune

An overview of enrolling iOS devices in Intune includes the following steps:

  1. Check the prerequisites and ensure you are using supported iOS devices for enrollment.
  2. Apple MDM Push certificate configuration – Involves downloading the Intune certificate signing request and creating a new push certificate. Later upload this push certificate in Intune portal.
  3. Install the Company Portal app on iOS device from App Store and authenticate.
  4. Set up iOS/iPadOS Device Access to your company resources.
  5. Manage iOS devices from Intune Portal.

Prerequisites for enrolling iOS devices in Intune

If you want to enroll iOS devices in Intune, following are the prerequisites:

  • Your device must be running iOS 13.0 and later.
  • You must Install Company Portal app from App Store.
  • To log in to the company portal, you’ll need a user account with Intune license.
  • Maintain a Wi-Fi connection until all steps are complete.
  • Have access to Safari web browser on your device.

Step 1. Configure Apple MDM Push Certificate

An Apple MDM Push certificate is required to manage iOS/iPadOS and macOS devices in Microsoft Intune. You can configure Apple MDM push certificate with following steps:

Configure Apple MDM Push Certificate
Configure Apple MDM Push Certificate

On the Configure MDM Push Certificate window, select I agree to give Microsoft permission to send data to Apple. This is a mandatory step.

Configure Apple MDM Push Certificate
Configure Apple MDM Push Certificate

Step 2. Download the Intune Certificate Signing request

In this step, you have to download the Intune certificate signing request required to create an Apple MDM push certificate. Select Download your CSR to download and save the request file locally. Refer to the above screenshot for more details.

Shortly, the IntuneCSR.csr file will be downloaded and saved to the default location on your computer. We will need this file to request a trust relationship certificate from the Apple Push Certificates Portal.

Download the Intune certificate Signing request
Download the Intune certificate Signing request

Step 3. Create an Apple MDM Push Certificate

On the Configure MDM Push Certificate window, click Create your MDM push certificate. A new link opens in your default browser and takes you to the Apple Push Certificates Portal.

You must Sign in with your company email address Apple ID, and then click Create a Certificate.

Create an Apple MDM push certificate
Create an Apple MDM push certificate

On the Terms of Use page, click Accept.

Create an Apple MDM push certificate
Create an Apple MDM push certificate

On the Create a new MDM Push Certificate page, select Choose File and browse to the Intune certificate signing request file (IntuneCSR.csr), and then choose Upload.

Create a new Apple MDM push certificate
Create a new Apple MDM push certificate

On the Confirmation page, select Download to download the certificate (.pem) file, and save the file locally. The Apple MDM push certificate file is saved with following name MDM_ Microsoft Corporation_Certificate.pem.

Download Apple MDM push certificate
Download Apple MDM push certificate

Step 4. Upload Apple MDM Push Certificate

In step, you have two things that you need to configure:

  1. Enter the Apple ID used to create your Apple MDM push certificate.
  2. Upload the Apple MDM Push certificate by clicking Browse icon and upload the MDM_ Microsoft Corporation_Certificate.pem file to Intune. By successfully uploading the Apple MDM push certificate, Intune can enroll and manage Apple devices.
Upload Apple MDM push certificate
Upload Apple MDM push certificate

We see another notification confirming that your MDM push certificate was successfully created.

Upload Apple MDM push certificate
Upload Apple MDM push certificate

After you configure Apple MDM push certificate, the bulk enrollment methods are activated in Intune portal. The Apple bulk enrollment methods include:

  1. Apple configurator
  2. Enrollment Program Tokens

We also see the enrollment options that allows you to manage user enrollment and device enrollment options for iOS and iPadOS devices.

Intune Apple Enrollment Methods
Intune Apple Enrollment Methods

Step 5. Enroll iOS iPadOS devices in Microsoft Intune

In this section, we will look at steps to enroll iOS/iPadOS devices in Intune. As an Intune admin, you can set up enrollment for iOS/iPadOS and iPadOS devices to access company resources. You can let users enroll personally owned devices, known as “bring your own device” (BYOD) enrollment.

Once again, before you enroll Apple devices in Intune, you must check the prerequisites. If an iOS/iPadOS device is not supported by Intune, you cannot enroll it.

Step 6. Install Intune Company Portal App from App Store

If you had to enroll a Windows device in Intune, you would use a company portal app. Similarly, to enroll iOS/iPadOS device in Intune, you have to install the company portal app on Apple device from App Store.

On your Apple device, launch the App Store and search for “Intune Company Portal” and click Get. You may be asked to enter the passcode or authenticate using face ID to install the app.

Install Intune Company Portal App from App Store
Install Intune Company Portal App from App Store

Step 7. Sign in to Intune Company Portal

On your iOS iPadOS device, launch the Intune Company Portal app and on the sign in screen, enter the Azure AD credentials. If you wonder which account should I enter here, you should create a user in Microsoft 365 Admin Center. This user should be assigned an Intune license.

Sign in to Intune Company Portal
Sign in to Intune Company Portal | Enroll iOS iPadOS devices in Microsoft Intune

When you launch the company portal app, it requests for notifications access. If you want to allow the company portal app to show notifications, click Allow.

Allow Company Portal Notifications
Allow Company Portal Notifications | Enroll iOS iPadOS devices in Microsoft Intune

Step 8. Set up iOS/iPadOS Device Access to your company resources

There are few basic steps to set up iOS iPadOS device access to your company resources. You must complete these steps to access your email, devices, Wi-Fi, and apps for work.

After your device is enrolled, it becomes managed and your organization can assign policies and apps to the device via Intune. On the Set-up Organization access page, click Begin.

There are 4 steps included here:

  1. Review privacy information
  2. Download management profile
  3. Install Management Profile
  4. Check Device Settings
Set up iOS/iPadOS Device for Enrollment
Set up iOS/iPadOS Device for Enrollment

The Device Management and Privacy screen shows what your organization can see and cannot see on your device.

What your organization cannot seeWhat your organization can see
View browsing history on this deviceDevice Model and Manufacturer
See your personal emails, documents, contacts, or calendarOperating system and version
Access your passwordsApp inventory and app names
View, edit or delete your photosDevice Owner, Name
See the location of a personal deviceDevice serial number, IMEI

Click Continue on Device Management and your privacy page.

Device Management and Privacy
Device Management and Privacy | Enroll iOS iPadOS devices in Microsoft Intune

Review privacy information is completed, click on Continue to begin Download management profile.

Review Privacy Information
Review Privacy Information

To continue downloading a configuration profile, click Allow.

Download Management Profile
Download Management Profile

The green tick is seen for download management profile step which means it is completed successfully. Click Continue.

Download Management Profile
Download Management Profile

In this step, you have to install the Management Profile that was downloaded in previous step. You will get instructions on how to install management profile on your device screen.

On your iOS/iPadOS device, navigate to Settings > General > VPN & Device Management. Now tap on Management Profile and tap Install.

Install Management Profile
Install Management Profile | Enroll iOS iPadOS devices in Microsoft Intune

On the Install Profile box, click Install.

Install Management Profile | Enroll iOS iPadOS devices in Microsoft Intune
Install Management Profile | Enroll iOS iPadOS devices in Microsoft Intune

You should now see Remote Management window asking you if you trust the profile sources to enroll your iPad into remote management. Click Trust.

Install Management Profile | Enroll iOS iPadOS devices in Microsoft Intune
Install Management Profile | Enroll iOS iPadOS devices in Microsoft Intune

The management profile has been installed successfully on your device. By installing this profile, your iOS/iPadOS device can now access your company apps. Click Done to close the Management Profile window.

Install Management Profile | Enroll iOS devices in Microsoft Intune
Install Management Profile | Enroll iOS devices in Microsoft Intune

Go back to set up organization access window and complete the remaining steps. We see the Install management profile step is completed successfully. Click Continue.

Enroll iOS iPadOS devices in Microsoft Intune
Enroll iOS iPadOS devices in Microsoft Intune

The last step is Checking device settings and this should take a few seconds to complete. Finally, when all the steps are completed, click Done.

Enroll iOS iPadOS devices in Microsoft Intune
Enroll iOS iPadOS devices in Microsoft Intune

This completes the steps to enroll iOS iPadOS devices in Microsoft Intune. Launch the Intune Company Portal app and click on Devices. Here you can see the Device settings status, manufacturer, model, operating system details.

Enroll iOS iPadOS devices in Microsoft Intune
Enroll iOS iPadOS devices in Microsoft Intune

View Enrolled iOS/iPadOS Devices in Intune

After you enroll iOS iPadOS devices in Microsoft Intune, you can view those devices using following steps:

  • Sign in to Microsoft Endpoint Manager admin center.
  • Select Devices > iOS/iPadOS devices.
  • In the right pane, you can see the list of all the enrolled iOS/iPadOS devices.
View Enrolled iOS/iPadOS Devices in Intune
View Enrolled iOS/iPadOS Devices in Intune

Leave a Comment