mardi 5 mars 2013

[SCCM 2012 & Intune] Mobile management - Part 2: Configure SCCM 2012 for iOS devices

In part 1 of this series, we configured connector between SCCM 2012 SP1 and Intune.

Now that Active Directory, Windows Intune and SCCM are properly configured to communicate, I propose to enroll an iOS device.


1. Request an Apple Push Certificate

In the Configuration Manager console, open the Administration workspace
Expand Hierarchy Configuration and select Windows Intune Subscriptions.
Click on Create APNs certificate request

Provide a path on your computer for the request file
Click on Download

The Windows Intune web page appears.
Sign in.

The window disappears and your certificate request is generated.
Open the Apple Push Certificate Portal link or go to

Sign in on the Apple Push Certificates Portal

Accept the Terms of use

Provide the path to the certificate request file previously generated
Click on Upload

On my own experience, the portal provides a .json file. Just ignore that file and go back to the portal home (

You now see your certificate.
Click on Download and save your .pem file.

For more information about MDM with Apple, go to

2. Enable iOS platform

In Windows Intune Subscriptions, select your Windows Intune Subscription
Click on Properties

Open the iOS tab
Select Enable iOS platform
Provide the certificate downloaded previously from the Apple portal

3. Enroll an iOS device

Lets start by testUser2, the user with configuration mistakes (see part 1)
Open your browser on (not but, on my experience, this are two different portals)

 If you connect for the first time, portal will request you to update your password.

And the Crash !! testUser2 exists in Windows Intune so you can connect on the portal but that user is not defined as an authorized user.
The enrollment fails !!

Lets start again with testUser1
Open your browser on


Update your password if requested and sign in
Click on Install

The profile installation window appears
Click on Install

Click on Install Now


Click on Install


Click on Done to finish installation

Click on here to open the Company portal
or open a session on

You can notice that the application Company Portal just appears on your device.
If you click on it, your browser opens the Windows Intune portal (

In my next post, I will show you how to deploy an application on a mobile device.

See you soon

6 commentaires:

  1. Good guide. However, do you have to do Part 1 before you do part 2?

    1. Hi Kristian,

      Thank you for your comment.

      Yes, I confirm that you have to configure Windows Intune connector on your SCCM environment and next, you can configure your iOS devices.
      You can also configure directly Windows Intune for iOS device without SCCM but that's a totally different story (cloud only mode).


    2. Thanks for the fast answer. I've writing my bachelorthesis on Intune and SCCM. How they work togheter is a big part of it.
      These guides has helped me alot.

      For this I'm going to give you a thanks at the end.

    3. Great !!

      Thanks a lot ;o)

  2. Hi,
    This is the first time I am contacting you, please try to help me figure out whats wrong in my lab setup.
    Why I cant enroll my device .
    I setup a lab environment for MDM with Config Mrg 2012 R2.
    My public domain is verified, UNP looks good under AD.
    On end user side, I downloaded the Windows Intune Company Portal App.
    I cant enroll my iOS device. I got Unanticipated error.

    1. Hi, Could you tell exactly what step is working bad ?

      Before downloading compagny portal application, you need to link SCCM 2012 with intune... Everything is described in part 1 and part 2