Publish corporate applications to iOS using Configuration Manager and Intune

Publish corporate applications using Intune and Configuration Manager.

John Savill

December 17, 2016

3 Min Read
Publish corporate applications to iOS using Configuration Manager and Intune

Q. How can I publish corporate applications to an iOS device using Configuration Manager via Intune?
Dept - Intune

A. Intune enables full management of mobile devices including iOS, Android and Windows Phone. Often organizations wish to deploy applications to these devices and ensure corporate data stays within the corporate applications, not being able to leak into personal applications on the device. In this walkthrough I will go through all the steps required to enable this for iOS using Intune and performing the actual configuration using Configuration Manager (which connects to Intune).

First make sure you have connected Intune to your Configuration Manager instance via the Administration workspace - Cloud Services - Microsoft Intune Subscription. As part of this connection you can configure logos and contact details. Once the connection is established select the Intune subscription and from the Home tab select Create APNs certificate request which enables a certificate request to be generated that is saved to a file. This is then uploaded to the Apply Push Certificate Portal and then the certificate downloaded. There is no charge for this certificate and it enables deployment to iOS devices.

Still selecting the Intune subscription select Configure Platforms from the Home tab and select iOS. Check the box to enable iOS enrollment and select the certificate you downloaded from the Apple site. Note you can also select Android and other platforms to enable enrollment.

The next step is to create a Configuration Item and Configuration Baseline for iOS which will block corporate data being used in personal applications.

  1. Select the Assets and Compliance workspace

  2. Select Compliance Settings - Configuration Items

  3. Select Create Configuration Item. Select a name and set the target device to be iOS and Mac OS X from the list of device types and click Next

  4. For the platforms select iPhone and iPad and click Next

  5. For the list of device settings select Data Protection and click Next

  6. Set the Open documents in managed apps in other unmanaged apps to Disabled and optionally enable unmanaged apps to open data in managed apps to Enabled. Make sure Remediate noncompliant settings is checked and click Next

  7. Click Next to all remaining questions

  8. Select Compliance Settings - Configuration Baselines

  9. Select Create Configuration Baseline

  10. Enter a name for the baseline and add the configuration item that was created and click OK

  11. Right click the new baseline and select Deploy. Select the target collection (e.g. All Mobile Devices) and check the Remediate noncompliant rules when supported. Click OK

You are now ready to actually publish applications which will be via the Apple Store.

  1. Open the Software Library workspace

  2. Open Application Manager - Application Management Policies

  3. Select Create Application Management Policy

  4. Enter a name and click Next

  5. Select the Platform as IOS and the policy type as General then click Next

  6. Configure all required settings. Critical settings are:
    Allow app to transfer data to other apps: Policy Managed Apps
    Prevent "Save As" : Yes
    Require simple PIN for access :

  7. Click Next

  8. Once complete click Close. You may choose to create different policies for different applications

  9. Select Application Management - Applications

  10. Select Create Application

  11. For the application type select App Package for iOS from App Store and enter the URL for Outlook, e.g. https://itunes.apple.com/us/app/microsoft-outlook-email-calendar/id951937596?mt=8. Click Next

  12. Click Next and enter any specific details then click Next until complete

  13. Repeat the process for additional applications

  14. Right click on the application and select Deploy

  15. Specify a collection, e.g. All Mobile Devices under Device Collections and click Next

  16. Click next to all the sections until you get to Application Management. Select the application management policy previously created

  17. Click Next to all other dialogs until complete

Enrolled iOS devices will now have the applications available via the Company Portal application once enrolled and data (including clipboard) will not be able to leave the corporate deployed applications to personal applications.

I have a video walking through this at https://youtu.be/wfWoLLx8WeA.

For more details on device enrollment see https://technet.microsoft.com/en-us/library/jj884158.aspx.

About the Author

John Savill

John Savill

https://savilltech.net

See more from John Savill
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up

You May Also Like

Editor's Choice

the interface of the PowerShell search tool with a hand holding a magnifying glass on a background of a blue sky and clouds in the shape of gears
PowerShell
How I Built My Own PowerShell Multi-File Search Tool
How I Built My Own PowerShell Multi-File Search Tool

Oct 22, 2024

burnout gif featuring a mannequin surrounded by office technology on fire
Career Tips
Am I Burned Out? How To Identify and Address Burnout in IT
Am I Burned Out? How To Identify and Address Burnout in IT

Oct 24, 2024

MLOps
Ops and More
Choosing Between Cloud and On-Prem MLOps: What's Best for Your Needs?
Choosing Between Cloud and On-Prem MLOps: What's Best for Your Needs?

Oct 23, 2024

Exclusive ITPro Resources
See all ITPro Resources

Featured Technical Explainers

AI chip
Cloud Computing
Cloud vs. On-Prem AI Accelerators: Choosing the Best Fit for Your AI Workloads
Cloud vs. On-Prem AI Accelerators: Choosing the Best Fit for Your AI Workloads
SaaS concept on a tablet
Cloud Computing
Why SaaS Backup Matters: Protecting Data Beyond Vendor Guarantees
Why SaaS Backup Matters: Protecting Data Beyond Vendor Guarantees
DevOps logo on top of code
DevOps
DevOps: Key to Faster, More Efficient Government Software Development
DevOps: Key to Faster, More Efficient Government Software Development
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up

Recent What Is

cartoon shows a person next to a checklist and several icons that represent disaster scenarios
Disaster Recovery
BCDR Basics: A Quick Reference Guide for Business Continuity & Disaster RecoveryBCDR Basics: A Quick Reference Guide for IT Pros
technology interface with a person's hand drawing gears and cogs
PowerShell
Introduction To PowerShell Environment VariablesIntroduction To PowerShell Environment Variables