This post will show you how to add an Intune subscription to ConfigMgr for Hybrid MDM and enable enrollment for iOS devices.
To see the benefits of using Intune with ConfigMgr rather than standalone, Microsoft has a good post Choose between Microsoft Intune standalone and hybrid mobile device management with System Center Configuration Manager
My current on-prem environment looks like this:
- ConfigMgr Current Branch version 1606.
- User collection created with users whose devices can be enrolled
- Custom domain add and verified in Office 365 admin portal
- Azure AD Connect set up to synchronize my user accounts to Azure AD. Steps to set this up are here
- Intune subscription (You can get a 30 day trial subscription here)
First step to add the Intune subscription is to go into Cloud Services then right click Microsoft Intune Subscriptions and select Add Microsoft Intune Subscription
Have a read of the Getting Started and click Next.
Sign in with your Intune account
Have a read and if you agree, click the checkbox. Note that you can’t change this back unless you contact Microsoft Support.
Enter in your Intune username and password
Once you’re signed in, click on Next
Select the user collection with users whose devices can be enrolled. You can configure your company name and any other settings you like and click Next
Fill in any other information you would like and click Next
Specify a company logo if you like and click Next.
Select the user that you would like to be the Device Enrollment Manager. You can see more info here
If you would like to use MFA, select the enable checkbox and Next.
Confirm your settings and click Next.
Once its finished click Close. You can view the Cloudusersync.log to make sure the role was set up successfully and look out for any errors.
Next we will create an APN. The Apple Push Notification service (APNs) certificate is used to establish a trust relationship between the management service, Intune, and enrolled iOS mobile devices
Next we will login to the APN certificate portal with an Apple ID. The link is here
Click on Create Certificate
Click Accept if you accept the terms and conditions.
Upload the certificate you created earlier.
Now Download the certificate
Now we will configure the iOS platform.
Click Enable and browse to the certificate you downloaded before and click Ok.