Manage iOS with Windows Intune

January 30, 2013

Hello,

Did you know you can manage iOS, Android, Windows Phone 8 and Windows 8RT through direct management ( without EAS ) using Windows intune ?

Windows Intune is the SaaS Microsoft management Client solution.

Let’s complete the steps for managing a standard Ipad.

First take an Intune 30-day trial account and verify the online help : http://technet.microsoft.com/en-US/library/jj733654.aspx

Log on to the Intune Admin Page : https://login.microsoftonline.com/login.srf?wa=wsignin1.0&rpsnv=2&ct=1359573844&rver=6.1.6206.0&wp=MCMBI&wreply=https:%2F%2Faccount.manage.microsoft.com%2Flanding.aspx%3Ftarget%3D%252fDefault.aspx&lc=1033&id=500516

Open the admin console and set Intune as mobile device management authority.



Now the next steps are described in the help file on the right. You need to create a certificate in order to allow your intune service to communicate with the Apple push notification service.

First download the CSR from the intune portal.


Then use this csr in order to create a apple certificate. Use the following website : https://identity.apple.com/pushcert/

Log on with an Apple ID and use the create certificate in order to create the certificate.


Watch out ! There is a certain procedure that needs to be followed if you create the certificate using IE. Details are provided in the help file or you can just use a Safari browser for the creation of the certificate.

Now browse using your Ios device ( 5.0 or higher ) to https://m.manage.microsoft.com/ in order to enroll the device.


But … The following error occured when browsing to the site :


Solution was to open the Intune portal and verify the the user used to log on is part of the Intune Group. This is not the case default.


Retry and … Success !


Install the profile.




After the correct installation you’ll see a new app on the iOS device, this supplies access to the company portal where you can offer signed application package.


Now the device appears in the intune console.


Now you can enforce all kinds of items like :

-> Enforce passwords

-> Allow camera

-> …

A full list is available at http://onlinehelp.microsoft.com/windowsintune/jj738616.aspx

We’ll perform this next time. Bye.


ExchangeConnector in Config Manager 2012

June 30, 2012

Hello,

Using the exchange connector in config manager allows us to use a single management tool for Windows devices and perform a basic or “light” management of all ActiveSync devices. ( Windows Mobile, iOS, Android, … )

First what do you need ?

  1. A Supported version of exchange
Exchange 2010 SP1 Exchange online (Office365)

See link : http://technet.microsoft.com/en-us/library/gg682077.aspx#BKMK_SupConfigMobileClientReq

  1. The necesarry rights for the connector account

    See link : http://technet.microsoft.com/en-us/library/gg682001.aspx

Also make sure that the account you select is enabled for remote shell. More general information for exchange can be found here http://technet.microsoft.com/en-us/library/dd351136.aspx.

Now let’s install the connector.
Go to the hierarchy and add an exchange server.


Use the correct properties for your environment.


Select an account with the correct rights.



Leave the other options default and complete the wizard.
Now check the logfiles to verify the correct functioning of the connector.
The log can be found at the normal log file location at the site server and is named easdisc.log


Now there were some issues connecting my mobile device with the exchange server.
I revieved a 0x86000C0A error when attempting to sync my (emulated) windows mobile 6.5 Professional.

The error seemed to be related to the fact that my test user was part of an administrative group. The following describes the issue in more detail : http://risualblogs.com/blog/tag/active-sync/

Now i just removed the user from the admin group but I should have a more detailed look for a permanent solution for this issue. Or we could ban the admins from using activeSync 🙂

Now the connector is installed what can we do ?

  • First we can see the device in the devices overview.



We get info about the ActiveSync Client.



And we can perform some actions on the specific device.

  • Second we can create reports about the connecting devices.

Device Management -> Count of mobile devices by OS


  • Third we can create policies for the mobile devices through the config manager console



We can define the following area’s. Changes will be reflected by modifying the default exchange policy.
For instance we can require a 4-digit PIN code for our device.


We can also perform a remote Wipe of the device. This can be triggered in 2 ways :

-> using the sccm console


-> using the application catalog web site


-> (using the exchange tools )

According to me this allows for a basic management of a large collection of devices throug one single management console. Step 1 before proceeding to a “in depth” management solutions for mobile devices.

Kind regs

Gino D


%d bloggers like this: