Update 2018/08/14Microsoft has announced that on September 1, 2019, they will retire the hybrid MDM service offering. If you have SCCM in Hybrid mode, plan your migration to Intune Standalone. If you’re planning to do Mobile Device Management, please see our new post on that topic
Managing Mobile devices is a challenge that all SCCM admins will face in the near future. With the rise of BYOD (Bring Your Own Device), businesses need to have control over every asset used by their employees. With the various mobile operating systems (iOS, Windows Phone, Windows RT, Android), this task can be overwhelming but it’s not as complicated than it looks. You just need to understand the main concepts and apply the right method to each operating systems.
Mobile Device Management has been introduced with SCCM 2012 SP1 and many enhancements have been made with the R2 release. Microsoft has also released new features in the past weeks which make the solution even better. It’s simply the most complete solution if you manage your devices through SCCM 2012 and have to manage mobile devices. We’ve compiled the full list of features in the Features List section of this post.
A Microsoft Intune subscription is needed in order to enroll mobile devices which then sync data with Configuration Manager. Operational tasks occur in the SCCM console which provides unified management across both on-premises and in the cloud devices.
The blog post series will describe everything about SCCM 2012 Mobile Device Management with Intune, from the beginning of the implementation of the various operational tasks.
This blog post will continue to grow so be sure to come back often.
Download and own part 1 to 8 of the blog series in a single PDF file. Use our products page or use the download button below. This blog post won’t be updated, only the document will be.[purchase_link id=”3885″ style=”button” color=”gray” text=”Add to Cart | Mobile Device Management guide” price=”yes”]
SCCM 2012 Mobile Device Management blog series
- Part 1 | Preparing Intune environment for Mobile Device Management
- Part 2 | Configuring Active Directory and Create Users for Intune
- Part 3 | Configuring SCCM 2012 Intune integration
- Part 4 | How to enroll an iOS device in SCCM
- Part 5 | How to enroll an Android device in SCCM
- Part 6 | How to enroll Windows Phone 8.1 device in SCCM
- Part 7 | Compliance Settings for Mobile Devices in SCCM
- Part 8 | Understanding Devices Ownership and Wipe option in SCCM 2012
- Part 9 | Deploy an iOS Application with Intune and SCCM
- Part 10 | How to set up MAC OSX Compliance Policy for Microsoft Intune Client with SCCM
- Part 11 | Use the Intune Troubleshooting Portal
SCCM 2012 SP1
- The client settings group to configure mobile device enrollment settings is no longer named Mobile Devices but Enrollment
- Mobile devices that are enrolled by Configuration Manager SP1 now use the client policy polling interval setting in the Client Policy client setting group and no longer use the polling interval in the renamed Enrollment client setting group
- You can enroll mobile devices that run Windows Phone 8, Windows RT, and iOS when you use the Windows Intune connector
- Users who have mobile devices that are enrolled with Intune and Android devices that are managed by the Exchange Server connector can install apps from the company portal. The company portal is the Application Catalog equivalent for these mobile devices
- The new Retire option for mobile devices in the Configuration Manager console is supported only for mobile devices that are enrolled by Microsoft Intune
SCCM 2012 R2
- Users can enroll Android devices by using the company portal app which will be available on Google Play. The management agent gives you the more management capabilities (SCCM 2012 R2)
- Users can enroll iOS devices by using the iOS company portal app which will be available in the App store. The company portal app will allow users to perform more actions
- Devices that run Windows RT, iOS and Android now support a deployment purpose of Required
- Wipe and retire functions now include the option to only remove company content from devices
- You can configure enrolled devices as company-owned or personal-owned. Company-owned allows you to get software inventory on on all mobile devices
- You can use Microsoft Intune to manage Windows 8.1 devices that are not joined to the domain and do not have the Configuration Manager client installed
- Extensions for Intune allow you to integrate new mobile device management capabilities into the Configuration Manager console
Intune Standalone Update – November 19th, 2014
- Enhanced user interface for Intune administration console
- Ability to restrict access to Exchange on-premises email based upon device enrollment
- Bulk enrollment of devices using a single service account
- Lockdown of Supervised iOS devices and devices using Samsung KNOX with Kiosk mode
- Targeting of policies and apps by device groups
- Ability to report on and allow or block a specific set of applications
- Enforcement of application install or uninstall
- Deployment of certificates, email, VPN and WiFi profiles
- Ability to push free store apps to iOS devices
- More convenient access to internal corporate resources using per-app VPN configurations for iOS devices
- Remote pin reset for Windows Phone 8.1 devices
- Multi-factor authentication at enrollment for Windows 8.1 and Windows Phone 8.1 devices
- Ability to restrict administrator access to a specific set of user and device groups
- Updated Intune Company Portal apps to support customizable terms and conditions
- Enhanced user interface for Intune Company Portal website
Intune Standalone Update – December 9th, 2014
- Mobile Application Management
- Conditional Access to Exchange Online
- Deep Management of the Office Mobile Apps on iOS and Android
- Managed Browser
- Managed PDF View, AV Player and Image Viewer apps
- Bulk enrollment of iOS devices using Apple Configurator
- Microsoft Intune Home Page
- Mobile client supported configuration
- Full list of compliance settings for mobile devices
- Detailed information about data sent and stored in Windows Intune
- Hotfix to extends the client notification component
- Intune Status Page
- SCCM 2012 Mobile Device Management SP1 New features
- SCCM 2012 Mobile Device Management R2 New features
- Intune November 2014 Standalone Update
- Technet Virtual Lab
- What Happens if You Add a Personal Device to the Company Portal
- How to Manage Mobile Devices by Using Configuration Manager and Microsoft Intune
- SCCM 2012 R Cumulative Update 4 fixes and performance enhancements
- Certificates requirement for Microsoft Intune
- Microsoft Intune FAQ
Pingback: Complete SCCM Installation Guide and Configuration
Is there an updated version of this guide ?
Thanks for the guides. I have just one question. On an enrolled iOS device, how can you get the s/mime email signing and encryption to work. It doesn’t seem to work no matter how much we try. Some of the sccm settings even render other email accounts unable to sign/encrypt messages but none of the configuration items we tried actually made it possible to use an imported certificate for signing.
When you talk about email signing and encryption, do you mean SSL? You can set the SSL thru email profile.
Do you have a email profile?
yes we have an email profile. The profile itself is working but switching on SSL doesn’t work at all. We have an imported cert on the iphone, we have the management profile active with ssl switched on but on the advanced mail settings for signature or encryption no certificate is found.
Your guides are lifesavers for the first time user trying to teach myself everything about SCCM and InTune… I am currently stuck trying to lock down iPhones like I have Windows Phones lockdowns. Configuration Baselines do not work and we are using DEP – I have a support ticket with Microsoft and get a different answer every week.
Is there anything you can do to help me – I work for a county government and our Sheriff department wants iPhones we are going to order 150 if we can get it to work.
Thanks for the comment. When you say lockdown, are you saying in kiosk mode?
Do you have configured a deployment profile for DEP?
Pingback: Step 5. Intune connector | Aazani
Thank you for putting together such a comprehensive list! Do you have any thoughts around InTune compared to third party MDMs and various OS-centric features?
Thank you for compiling this information. Knowing that “You can use Microsoft Intune to manage Windows 8.1 devices that are not joined to the domain and do not have the Configuration Manager client installed” was a key point for our organization.