Hi, Where does the "management profile" come from? Is it the same as the configuration profile set up in Intune? If yes, how does the company portal app determine which is the correct configuration to install? Thanks.
Good question, it is not a configuration profile visible in Intune, it is the profile that allows Intune to manage the macOS device. YOu get similar if you manage the macOS with another tool such as JAmf. It is basically saying "Hey with this I let this tool manage this device"
When I tried to enroll Apple devices, I see the "Enrollment types" option is greyed out. Only "Apple MDM Push Certificate" option is available. Could you please let me know how I can proceed?
Hi good question, you see that option if you haven't configured an Apple Push Certificate yet, I explain and show the steps of that in a previous video, have you configured that yet? it is a requirement
Hi! I want personal cell phones not to be enrolled, and I understand that I would have to activate "block" in personally owned, but it is not clear to me, how Intune identifies that the cell phone is personal? I mean, the user will register through the Company Portal app with their company ID on a personal cell phone right? ..
That is a great question, but anything enrolled manually through Company Portal and not through Apple Business Manager is considered personal, even if enrolled with a company ID.
Intune will end support for user enrollment with Company Portal shortly after the release of iOS/iPadOS 18, because Apple will no longer support profile-based Apple User Enrollment. From what I understand the Account driven user enrollment: Also referred to as account-based enrollment is the new way to enroll BYOD iOS devices.
Thanks a lot! I read that too, this video will age bad! :) will have to look into that and probably replace this video with account-based driven enrollment.
@@IntuneVitaDoctrina yeah, that would be great if you can make a video on that. There is very little info out there on Account driven user enrollment and MS documentation is not the most clear on this topic, probably because so much is changing so fast. Is also not easy to get clarity on what the difference is between all the enrollment options. I did read that some would prefer (device-based) web enrollment over account-driven enrollment as the latter one requires Apple Business Manager, to sync AppleIDs. Not sure though what the limitations would be on web-based enrolment.
Good question! when you enroll, adding a MDM profile to your iOS device you can see WHAT it can access on your device. If it is Personally Enrolled as in my video, you cannot see or do much. Mostly device info, maybe free space, model, apps installed by Intune (not your personal apps) etc.. Here is a link showing some more: learn.microsoft.com/en-us/mem/intune/user-help/what-info-can-your-company-see-when-you-enroll-your-device-in-intune
True, forgot to mention it in the video. You install this: apps.apple.com/us/app/apple-configurator/id1037126344?mt=12 on an iOS device with camera You start the app and login to you ABM account, then reset a macOS device and during startup hold the iOS device and scan the device and it will be imported into ABM If bigger company, you get them imported to ABM when you buy hardware if you add your reseller into ABM
@@IntuneVitaDoctrina Thank you please let me know how user knows about company ABM account please explain what is user experience enrolling device using apple configurator
The beauty is that the user doesn't have to know anything; The Apple Configurator should be done by us technicians and not the end user. You get the device registered in Apple Business Manager, in ABM you can add your MDMD (Intune in this case) and then assign the device in ABM to that MDM server. When a device is reset (has to have T2 chip, all 2019 and later models got that) it will contact your MDM (Intune) and if setup correctly there all is automated, Apple Zero touch deployment, it is pretty sweet :)
I was looking for a few, then I remembered had a broken camera iPhoneX lying around, so I started that one, and then used TeamViewer free version to remote into it. Not great but it worked ok. so no emulator used in these videos.
hellow, thank you so much for the video, one I want to install the profile, it says verification failed, your apple id or password is incorrect, but I tested many times and am sure the password is correct.
Did you follow my two previous videos, to create an Apple ID ruclips.net/video/KPNzYMraobM/видео.html&ab_channel=Intune%26VitaDoctrina (well seems you already got one) and more importantly used that AppleID to configure Push certificates etc? in this video ruclips.net/video/w0qU_bZMTx8/видео.html&ab_channel=Intune%26VitaDoctrina
@@IntuneVitaDoctrina My assumption is OP has created an apple ID for the push certificate and is now trying to enroll a device using another account, hence the reason for the failure. Another issue with creating individual apple ID's without federation is that they all have to set their own passwords and if they forget that password you can't change it for them. So using apple business manager with federation enable is the correct method imho
Hi,
Where does the "management profile" come from? Is it the same as the configuration profile set up in Intune? If yes, how does the company portal app determine which is the correct configuration to install? Thanks.
Good question, it is not a configuration profile visible in Intune, it is the profile that allows Intune to manage the macOS device. YOu get similar if you manage the macOS with another tool such as JAmf. It is basically saying "Hey with this I let this tool manage this device"
When I tried to enroll Apple devices, I see the "Enrollment types" option is greyed out. Only "Apple MDM Push Certificate" option is available. Could you please let me know how I can proceed?
Hi good question, you see that option if you haven't configured an Apple Push Certificate yet, I explain and show the steps of that in a previous video, have you configured that yet? it is a requirement
Hi! I want personal cell phones not to be enrolled, and I understand that I would have to activate "block" in personally owned, but it is not clear to me, how Intune identifies that the cell phone is personal? I mean, the user will register through the Company Portal app with their company ID on a personal cell phone right? ..
That is a great question, but anything enrolled manually through Company Portal and not through Apple Business Manager is considered personal, even if enrolled with a company ID.
Intune will end support for user enrollment with Company Portal shortly after the release of iOS/iPadOS 18, because Apple will no longer support profile-based Apple User Enrollment. From what I understand the Account driven user enrollment: Also referred to as account-based enrollment is the new way to enroll BYOD iOS devices.
Thanks a lot! I read that too, this video will age bad! :) will have to look into that and probably replace this video with account-based driven enrollment.
@@IntuneVitaDoctrina yeah, that would be great if you can make a video on that. There is very little info out there on Account driven user enrollment and MS documentation is not the most clear on this topic, probably because so much is changing so fast.
Is also not easy to get clarity on what the difference is between all the enrollment options. I did read that some would prefer (device-based) web enrollment over account-driven enrollment as the latter one requires Apple Business Manager, to sync AppleIDs. Not sure though what the limitations would be on web-based enrolment.
Any news on a video for account user enrolled. This is deprecated 😢
But if I do that microsoft will have access over my device? Or just few segments of my device or how? Thanks
Good question! when you enroll, adding a MDM profile to your iOS device you can see WHAT it can access on your device. If it is Personally Enrolled as in my video, you cannot see or do much.
Mostly device info, maybe free space, model, apps installed by Intune (not your personal apps) etc..
Here is a link showing some more:
learn.microsoft.com/en-us/mem/intune/user-help/what-info-can-your-company-see-when-you-enroll-your-device-in-intune
@@IntuneVitaDoctrina Thanks !
kindly share apple configurator video related which scenarios will be used and commonly used enrollment
True, forgot to mention it in the video.
You install this: apps.apple.com/us/app/apple-configurator/id1037126344?mt=12 on an iOS device with camera
You start the app and login to you ABM account, then reset a macOS device and during startup hold the iOS device and scan the device and it will be imported into ABM
If bigger company, you get them imported to ABM when you buy hardware if you add your reseller into ABM
@@IntuneVitaDoctrina Thank you please let me know how user knows about company ABM account please explain what is user experience enrolling device using apple configurator
The beauty is that the user doesn't have to know anything; The Apple Configurator should be done by us technicians and not the end user.
You get the device registered in Apple Business Manager, in ABM you can add your MDMD (Intune in this case) and then assign the device in ABM to that MDM server.
When a device is reset (has to have T2 chip, all 2019 and later models got that) it will contact your MDM (Intune) and if setup correctly there all is automated, Apple Zero touch deployment, it is pretty sweet :)
Hi there, which iOS emulator are you using?
I was looking for a few, then I remembered had a broken camera iPhoneX lying around, so I started that one, and then used TeamViewer free version to remote into it. Not great but it worked ok. so no emulator used in these videos.
hellow, thank you so much for the video, one I want to install the profile, it says verification failed, your apple id or password is incorrect, but I tested many times and am sure the password is correct.
Difficult one, and it is the same appleID/password you used to setup in Intune? if you reset the password and try again?
+8:21 my phone show "This apple ID is not supported. Please try signing in with a managed apple ID.
Did you follow my two previous videos, to create an Apple ID ruclips.net/video/KPNzYMraobM/видео.html&ab_channel=Intune%26VitaDoctrina (well seems you already got one) and more importantly used that AppleID to configure Push certificates etc? in this video ruclips.net/video/w0qU_bZMTx8/видео.html&ab_channel=Intune%26VitaDoctrina
@@IntuneVitaDoctrina My assumption is OP has created an apple ID for the push certificate and is now trying to enroll a device using another account, hence the reason for the failure. Another issue with creating individual apple ID's without federation is that they all have to set their own passwords and if they forget that password you can't change it for them. So using apple business manager with federation enable is the correct method imho