New iOS Android macOS Mobile Enrollment Options with Intune

Let’s check the Mobile device management options with Microsoft Endpoint Manager (MEM).

Intune Enrollment options(iOS, Android, macOS Mobile Enrollment) are discussed in the Ignite 2019 sessions.

More details about the Microsoft Ignite sessions are given below.

Index
Android Enrollment Options
Intune Data Protection Policies
Fully Managed Android Device
Android OEM Configuration Options – Fully Managed
Templates are Downloaded Automatically from Vendors
iOS and iPadOS Management
Settings iOS iPadOS Policies from MEM Intune Portal
macOS devices Management with MEM Intune
Deploy Script to macOS devices with Intune
Office ProPlus Management with Intune
Session – iOS Android macOS Mobile Enrollment
New iOS Android macOS Mobile Enrollment Options with Intune – Table.1

NOTE! – The following details are taken from What’s new in Microsoft Endpoint Manager, including Microsoft Intune and Configuration Manager (Part 1 of 2) Ignite session by Paul Mayfield, Terrell Cox, and Micro-Scott.

Patch My PC

Ignite 2019 Coverage

  1. Microsoft Endpoint Management SCCM Intune Windows Updates (this post)
  2. Microsoft Endpoint Manager is the future of SCCM Intune MEMMI MEMCM
  3. iOS Android macOS Mobile Enrollment Options with Intune
  4. Basics of Windows Dynamic Update Explained Update Management
  5. WVD End User Experience Availability Updates
  6. MSIX Updates from Ignite Reliability Network Disk-space
  7. Microsoft Learning Certification Exams Updates
  8. On-Prem WVD Options Azure Quantum Qualys Scan Integration
  9. Intune Reporting Strategies Advanced Reporting

Android Enrollment Options

Android management options with Intune.

Adaptiva
  • Flexible deployment scenarios
  • Zero-touch and Knox Mobile Enrollment
    • BYOD (Personally Owned)
      • Intune APP (App protection – MAM only scenario) – Corp Data and Apps
      • Android Enrollment (AE) Work Profile – Deploying Certs and WiFi Profiles
    • Company Owned
      • AE Dedicated (KIOS Devices)
      • AE Fully Managed (Knowledge Workers)
  • Management of OEM-specific features beyond the Android platform
  • Customizable end-user experience with Microsoft Launcher
New iOS Android macOS Mobile Enrollment Options with Intune - Fig.1
New iOS Android macOS Mobile Enrollment Options with Intune – Fig.1

Intune Data Protection Policies

  • Comprehensive security and data protection
  • Configurable Enrollment
  • User Enrollment and Intune App Protection Policies (best user experience for office apps)
  • Smart card “derived” credentials give passwordless resource access (advanced scenarios)
New iOS Android macOS Mobile Enrollment Options with Intune - Fig.2
New iOS Android macOS Mobile Enrollment Options with Intune – Fig.2

Fully Managed Android Device

  • 11 apps provisioned
  • Factory reset is disabled
  • Android Device Policy – Native Management Client
  • Google Play Provisioned apps – Web applications as well
New iOS Android macOS Mobile Enrollment Options with Intune - Fig.3
New iOS Android macOS Mobile Enrollment Options with Intune – Fig.3

Android OEM Configuration Options – Fully Managed

Android App – Associated App – Out of Box Configuration options OEMConfig

New iOS Android macOS Mobile Enrollment Options with Intune - Fig.4
New iOS Android macOS Mobile Enrollment Options with Intune – Fig.4

Templates are Downloaded Automatically from Vendors

Android Configuration Out of Box Options. These Templates are downloaded automatically from vendors.

New iOS Android macOS Mobile Enrollment Options with Intune - Fig.5
New iOS Android macOS Mobile Enrollment Options with Intune – Fig.5

iOS and iPadOS Management

  • Multiple Deployment Options
  • Best-in-class configurable enrollments
    • BYOD
      • Intune APP (App Protection Policies)
      • User Enrollment (Public Preview – Apple released with iOS 13)
    • Company Owned?
      • Device Enrollment (Classic MDM enrollment with Intune Company Portal)
      • Automated Device Enrollment (Apple DEP)
  • Device Configuration and Management
  • Current iOS management applies to iPadOS devices
New iOS Android macOS Mobile Enrollment Options with Intune - Fig.6
New iOS Android macOS Mobile Enrollment Options with Intune – Fig.6

Settings iOS iPadOS Policies from MEM Intune Portal

The same set of policies for iOS and iPadOS. However, there are some changes in the Intune policy settings UI. See the options below:

  • All Enrollment Types
  • Device Enrollments and Automated Device Enrollments
  • Automated Device Enrollment

NOTE! – Policies can be configured – Groups based on Enrollment type

All Enrollment Types – These settings work for devices enrolled in Intune through device enrollment or user enrollment and devices registered using Apple School Manager or Apple Business Manager with automated device enrollment (formerly DEP). This includes all supervised devices.

Device enrollment and automated device enrollment – These settings work for devices enrolled in Intune through device enrollment and for devices registered using Apple School Manager or Apple Business Manager with automatic device enrollment (formerly DEP). This includes all supervised devices.

Automated device enrollment – These settings work for supervised devices enrolled in Intune using Apple School Manager or Apple Business Manager with automatic device enrollment (formerly DEP). This includes devices supervised through Apple Configurator.

New iOS Android macOS Mobile Enrollment Options with Intune - Fig.7
New iOS Android macOSMobile Enrollment Options with Intune – Fig.7

macOS devices Management with MEM Intune

  • App deployment, device configuration, certificates, VPN, WiFI
  • Protection with device wipe, encryption, Defender ATP
  • Limit access to compliant Macs
  • Complex management support is available with Jamf

NOTE! – Two management options for macOS management – Intune & Jamf Management.

New iOS Android macOS Mobile Enrollment Options with Intune - Fig.8
New iOS Android macOS Mobile Enrollment Options with Intune – Fig.8

Deploy Script to macOS devices with Intune

The Microsoft Endpoint Manager team is developing a solution to deploy scripts to macOS devices without using Jamf. This feature is demoed in the Ignite 2019 session (linked below).

NOTE! – The macOS script deployment option will be available next year (2020). I didn’t hear about any concrete timelines.

Two agents will be installed on macOS devices to enable this macOS scripting feature. This additional agent is similar to the framework of the “Intune Management Extension for Windows devices.”

  • Intune Company portal
  • macOS Scripting Agent (macOS sidecar agent)
New iOS Android macOS Mobile Enrollment Options with Intune - Fig.9
New iOS Android macOS Mobile Enrollment Options with Intune – Fig.9

Office ProPlus Management with Intune

macOS and Windows office proplus management are already available. Configure Office policies using Intune administrative templates!!

New iOS Android macOS Mobile Enrollment Options with Intune - Fig.10
New iOS Android macOS Mobile Enrollment Options with Intune – Fig.10

Session – iOS Android macOS Mobile Enrollment

  • Ignite session What’s new in Microsoft Endpoint Manager, including Microsoft Intune and Configuration Manager (Part 1 of 2)

Resources

We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

1 thought on “New iOS Android macOS Mobile Enrollment Options with Intune”

  1. Anoop, thanks for this blog post but where can I find more info for ‘Zero-touch and Knox Mobile Enrollment’ please. if you can point me in right direction. Thanks

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.