Walk through the initial configuration of a new Intune tenant to enable enrolling the first device.
- [Teacher] When you initially set up Intune, there's a number of steps that you'll need to take just to make sure that Intune can manage mobile devices. For example, there's some steps you need to take to manage Apple devices, some separate steps for Android for work devices, and even a few more steps if you want to manage Windows 10 devices. I've already gone ahead and completed these steps, but we'll walk through what the basics are, the things you need to watch out for, so that you know what to do if you're setting this up for the first time. All of these settings that we're going to talk about are found under the device enrollment section.
For Apple enrollment in particular, you need to create something called an MDM Push Certificate. This is a special certificate that's used for Intune and Apple to be able to send push notifications to your device. In order to do this you download a file called a CSR, or a certificate signing request, from Intune and then you have to upload this to an Apple portal. In order to do this you'll first need to create an account with Apple, it's free of charge, and then you'll be able to create these Apple APNS certificates. The really important thing to know here is you should create a generic account that other people in your organization will be able to use.
Don't use your personal account, because if you leave the organization the company will never be able to get rid of that account because this APNS certificate is tied to it. Once you upload that certificate they'll give you back a file that you upload to Intune, and it's good for a year. It's really important to know that these certificates are only good for a year, and it's really, really important that you remember to redo this before it expires. Once this is here, you'll be ready to manage Apple devices. Android for work devices as well as Windows devices have a couple of settings that you'll need to set up as well, and those same screens will walk you through that process.
The summary of the terms is a quick summary that shows up at the top. We'll just call it Quick Summary. You'll see what it looks like when we enroll a device. And the Terms and Conditions is all the different things that your users need to read and accept before they can enroll the device. Typically you'll have to work with your organization's HR and maybe Legal and Compliance Departments to come up with these, but this will be a good place holder. We'll create this.
And then we'll assign this to all of our users so that when we go to enroll a device they'll all have to accept this. A couple other things to mention here, device categories is another useful feature. If maybe you have a scenario where some people bring their own device, their personal device, and then other users are issued a company-owned device, you can use this so they can choose the type of device, and you can apply different policies. Or you might say that you create these categories because within the realm of company-issued devices, maybe you have some that are used for shipping and receiving, and some that are used for manufacturing, and you need different policies for those.
So you can create these categories, and when you go to enroll the device that list of categories will be shown for the user to select from. And then finally, I usually like to mention device enrollment managers. Device enrollment managers are specific accounts that can enroll lots of devices. This is really helpful if you have, perhaps, a support team that unboxes your corporate-issued devices, and you want them pre-enrolled with Intune. They might need to enroll hundreds or even thousands of devices, and this makes sure that those devices aren't tied to their personal user account and don't count against their quota within Intune.
Once you've set all these different things up, you're ready to create configuration and compliance policies which we'll take a look at shortly, and start enrolling devices.
- Authentication options with Azure AD
- Configuring Azure AD Connect for sync and authentication
- Securing remote access with the Azure Application Proxy
- Managing apps and devices with Intune
- Building and deploying a basic Intune policy for iOS or Android
- Protecting data beyond the firewall with Azure Information Protection (AIP)
- Configuring AIP classification labels and protection
- Integrating Exchange and SharePoint with AIP
- Managing risk with Advanced Threat Analytics
- Connecting Office 365 to cloud app security