How to Manage Mobile Devices with Windows Intune
In a previous article, I gave an introduction to Windows Intune, Microsoft’s cloud-based client management solution, and how it allows you to manage your Windows 8 clients in your company. While there I only discussed managing Windows 8 clients, in this article I’ll walk you through the necessary steps on how to manage any mobile device using Windows Intune.
Now, by “any mobile device” I should add that I mean the following:
- Windows 8 RT (eg. Microsoft Surface)
- iOS-based devices (as of OS 4.x)
- Android-based devices (as of OS 2.4) – this still relies on Exchange ActiveSync
Note: Natively managing mobile devices is only possible as of Windows Intune Wave D, which went live in mid-December 2012. Microsoft recently announced that if you already had a subscription before that date, you will be migrated to Wave D sometime around mid-February 2013.
Mobile Device Management with Intune
Although most steps are similar to the standard Windows 8 client management, there are a few configurations to be done in the Windows Intune Administration Portal first. Another thing to note is this portal is using Silverlight, which doesn’t run in IE10 on Windows 8 RT.
Part 1: Enabling Mobile Device Management
- Logon to the Intune Administration console.
- Go to Administration/Mobile Device Management.
- In the upper right corner, under the Task pane choose Set Mobile Device Management Authority. A small popup will appear informing you a script is being launched in background to change these configuration settings. Close this.
- Once this step is complete, the different mobile device “groups” are available.
Part 2: Configuring Windows 8 RT device management
In this part, I’ll walk you through the required steps to configure Windows 8 RT device management.
- Select Windows 8 RT Mobile Device Management Setup.
- To allow automatic Windows Intune enrollment server detection, enter your chosen DNS created domain alias (the field domain name is a bit misleading for this configuration) in the foreseen field — for instance, Intuneenrollment.mycompany.com. You can apparently validate this by using the Test-Autodetection. (It didn’t really work for me while writing this article, but the message says it could take up to 72 hours.)
- While the next step — add sideloading key — looks really easy, I have to be honest, it is way more complex than it sounds. (Perhaps I’ll dedicate a future article on this topic alone!)
Let me explain the background of sideloading. Sideloading is the mechanism that allows you to install apps on your Windows 8 device. There is some confusion with the Windows 8 apps developer key. That key can be received for free by Microsoft, and it is required on any Windows 8 device on which you are developing Windows 8.
However, that’s NOT the key you need here. The sideloading activation key you need in this field is only available as part of a Microsoft Volume Licensing contract, which includes Software Assurance benefits. When you have access to the Volume License management portal, search for “Enterprise Sideloading” — that should reveal your key. Another option is buying this key outside of your VL contract. But there’s a slight catch: It is only available in packs of 100 and can be quite costly per pack.
- The last step in part 2, configuring your Windows 8 RT device management, is an optional one. However, I do recommend using it in production environments, being the addition of a Code-Signing Certificate. This certificate is used to secure your in-house developed apps and shows the end-user that this is a secure application owned by your organization. Such certificate can be obtained from about any public certificate authority like Verisign, Thawte, Comodo, etc. Now, that’s it from the Intune Administration Portal!
Part 3: Enrolling the Windows 8 RT device
The last part is executed on the Windows 8 RT device itself, which is to a certain degree different than the process of enrolling a Windows 8 device. Where before you had to go to the Windows Store on a plain Windows 8 device to install the Company Portal, your Windows RT device has this built-in already. To do this:
- From the RT device, fire up the charm bar, and search for “Company Apps” under Settings, then start it up.
- When asked, enter your Windows Intune user account settings, and log on.
- If device enrollment DNS settings were not configured in the previous step, this logon attempt will fail. No worries! Simply choose Enter More Information.
- Be sure to use the following server address, as shown below: enterpriseenrollment-s.manage.microsoft.com
- The next step, “connecting to your company network,” may take some time. Just be patient and don’t cancel this step.
- After you’ve successfully connected, you will be prompted to install the management app. Simply click on the provided link.
- This will redirect you to the Microsoft Store, where you can download and install the Company App (similar to plain Windows 8 devices).
- Once installed, fire up this app from your Start Screen.
- From here, you could install new published apps by your company from within the Intune portal, get IT contact details (if entered in Intune Portal), and most importantly, you can see your device is categorized under the “devices” group. This means it is now being managed by Windows Intune.
- To verify the device is indeed being managed by Windows Intune, let’s get back to the Intune Admin Portal/System Overview/Mobile Device Summary.
- Beside the Mobile Device Summary, you’ll see a “Total: 1 Mobil Devices” link. Go ahead and click on that, and you’re redirected to the device’s detailed information page, as shown below.
As you can see, we can be sure it is being managed as supposed to.
In a follow-up article, I’ll dive more into management details, such as installing apps on the Windows RT device from within Windows Intune, configuring policies, and more.
To learn more about what Microsoft has in store for Windows Intune, System Center 2012, and Windows Azure, check out our article Microsoft Updates Cloud OS Strategy.
More in Windows 8
How to Achieve World-Class Windows Patching Like a Pro
Aug 3, 2021 | Michael Reinders
Microsoft’s PrintNightmare Patch Not Effective Against Vulnerability
Jul 7, 2021 | Brad Sams
How to use the Windows Recovery Environment
Apr 21, 2021 | Michael Reinders
Microsoft’s New Browser Ships in January with New Icon and More Privacy
Nov 4, 2019 | Brad Sams
Microsoft Edge Takes Another Step Towards General Availability
Aug 20, 2019 | Brad Sams
Patch Tuesday August 2019
Aug 15, 2019 | Russell Smith
Most popular on petri