To add devices in Apple Business Manager there are a two options. You can either purchase a device directly from Apple or from a participating Apple Authorised Reseller and they will add the device to your Apple Business Manager. The other way is by using Apple Configurator 2 with a MDM solution. BIn this blog I will show how you can configure Apple Configurator with Intune to enroll devices in Apple Business Manager.
Before you can add devices you first need Setup Apple Business Manager with Intune. To perform the enrollment you will need a MacOS computer with Apple Configurator 2 installed and a cable to connect a device (e.g. iPhone, iPad, etc) to your Mac. In this post I will use a Mac Mini and a Lightning cable to connect a first gen Apple SE to enroll in Intune.
The Setup consists out of a few steps:
- Create an Apple Configurator Enrollment Profile
- Setup Apple Configurator 2
- Prepare and add the iPhone
Apple Configurator Enrollment Profile
Before you start with these steps you first need to setup Apple Business Manager with Intune. During this step we’re going to configure the Apple Configurator profile. This profile will be used by the Apple Configurator to enroll devices in Apple Business Manager.
1. Go to “Devices” -> “iOS/iPadOS” -> “iOS/iPadOS enrollment” or press here. Select “Apple Configurator” to setup a new profile.
2. In the navigation pane select “Profiles” and press “+Create” to add a new enrollment profile.
3. Enter a Name and description and press “Next” to continue.
4. Select the settings you want to use for the enrollment and press “Next”
|User affinity||Here you can choose to use if you want to affiliate the device with an user to allow access to company data and email or not.|
|Select where users must authenticate||Only if you choose user affiliation you need to select where the users need to authenticate (Company Portal or Apple Setup Assistant).|
5. Review the settings and press “Create” to create the enrollment profile.
6. After the enrollment profile has been created you will see an overview with all Apple Configurator profiles. Select the created profile.
7. Press “Export Profile” and copy the Profile URL. This you will need to setup the Apple Configurator app.
Setup Apple Configurator 2
During this step we’re going to configure Apple Configurator. During this setup we will add the following settings to Apple Configurator: a supervision identity, MDM server and a Wi-Fi profile for devices without a SIM card. These steps will all be performed on the MacOS computer.
1. Install Apple Configurator 2 on your MacOS device this is a free application which can be installed using the App Store on your Mac. Look for “Apple configurator 2”
2. Start Apple Configurator 2 and select “preferences”
3. Select “Organizations” in the top and press “+” to add a supervision identity.
4. Press “Next” to continue.
5. Enter your credentials for Apple Business Manager and press “Next
6. Select “Generate a new supervision identity” and press “Done”. This will create a self-signed root certificate.
7. A popup will appear to enter your credential to allow the creation of the certificate on your computer. Enter your computer credentials and press “Update Settings”
8. The supervision Identity has now been created. Select the “Servers” button to the MDM server.
9. Press the “+” sign to add a new MDM server.
10. Press “Next” to continue.
11. Enter the name of the user profile you’ve created in Intune in the “Name” field and past the Profile URL in the “Host name or URL:” field. Press “Next” to finish.
12. The MDM server has now been added to Apple Configurator. Close the preferences window. Next step is to add a Wi-Fi profile.
13. Select “File” -> “New Profile”
14. Select in the Navigation menu “Wi-Fi” and press “Configure”.
15. Enter the configuration data for the Wi-Fi Connection and close the screen.
16. Save the Wi-Fi profile. The configuration of Apple Configurator is now finished.
Prepare and add the iPhone
Before we can prepare the device with Apple Configurator we need to import the serial of the device and Assign a policy to the device in Intune.
1. Create a comma separated CSV containing two rows. The first row contains the serials of the device you want to import and the second row contains the description.
2. Go to “Devices” -> “iOS/iPadOS” -> “iOS/iPadOS enrollment” -> “Apple Configurator” or press here. Select “Devices” and press “+Add” to add devices.
3. Select the created “enrollment profile” and select the csv file containing the devices. Press “Add” to upload the devices.
4. When the upload is finished the device will be displayed in the “Devices” overview. The device is now ready to be enrolled with Apple Configurator.
5. Connect the device to the Mac and start Apple Configurator 2. Select the connected device and press “Prepare”.
6. Use the default settings and press “Next”.
7. Select the configured profile and press “Next”.
8. Select the organization you want to use to supervise the added device and press “Next” to continue.
9. Select the steps you want to show to the user to configure and press “Next” to continue.
10. Select the Wi-Fi profile you’ve previously configured. This will be used to communicate with Apple Business Manager and Intune. Press “Prepare” to start the process.
11. The preparation process will now start. This will take some minutes to complete.
The device will be visible in Apple Business Manager. One of the changes is the addition of a new MDM server called “Apple Configurator 2”. As you can see it has 1 device connected. This is the device we just enrolled.
When we take a look at devices, we see the new enrolled device “iPhone SE”. The source of the device is “Apple Configurator”. The device management of the device can also be changed by pressing “Edit Device Management”.
This way you can the enrollment from manual to Automated Device Enrollment.
End user Experience
After you turn the device on a few steps need to be performed by the end user before the device can be used. You will need to setup language, region and network. Once the homescreen is displayed the user needs to sign-in to Itunes to install the Company Portal and other apps. After the Company Portal has been installed the user needs to sign-in to the company portal to enroll the device and set the primary user.
Once the user has enrolled the device, the “Primary user” en “Enrolled by” will change to the enrolled user.