Share via

Mobile device management with Intune and Configuration Manager 2012

  • Article

This blog is all about integration between configmanager 2012 and Intune to manage and deploy application on mobile device. We have our setting, users and app saved at cloud in extremely secured way. We would definitely like to be trusted by our customer and partners in terms of cloud, Devices and Security handling. To achieve that, we understand the importance and take our extreme steps to maintain privacy. Let’s get started with the steps of integration.

  Part 2 is published for configuring the client settings, do look at that too.

1) Register to Windowsintune.com as a trial account

 

 

2) Add Cloud UPN that you got after above registration, in my case, its Chandan.bharti@chandanbharti.onmicrosoft.com. So my UPN is chandanbharti.onmicrosoft.com

Open active directory domain and trust--> Properties, and add the UPN

 

 

3) Change UPN for the existing users in AD

Go to active directory users and Computers, and change the UPN for the users that needs to access the portal later. You can script it to make change if you have many users. That way to avoid any manual work

 

 

4) After you are done with AD, if you log in to https://account.manage.microsoft.com/ with your credentials, you have to Install and configure the Directory Synchronization tool.

Download the tool from https://g.microsoftonline.com/0BX10en/571 and install it. Installation would take 10 min to complete. Below is a run through directory sync configuration.

 

Enter the credential that you used to log into Intune subscription.

 

 

In the next screen, you have Domain credential, Basically domain Admin in form of domain\user

 

 

Rest are going to be straight forward options. Also let the passwords sync. This process takes 10 min, Monitor the event log to check if sync has gone well and what has synced,

 

5) In Configmanager 2012 console, create a collection for the users that you would like as target

In my case, I have created collection "My Intune UserCollection"

 

6) Add the subscription that you created now in your configmanager console

 

Sign in with your Intune account that you are registered with

 

 

 

 

 

Next, you are asked to configure your settings. I have created collection "My Intune UserCollection" as a target.

 

 

 

For the moment, I am selecting Android device, Reason being, Android has no certificate requirement. But others have, for one month trial account, you don’t need certificate for Windows phone 8 as well. We will make use of this at later point, for now let's go next with below setting as shown.

 

 

This needs the support team contact information (Optional)

 

 

 

7)  Add the site system role "Windows Intune Connector" on your site server.

 

 

 

You can monitor the log file if the installation was a successful . Log File:  Connectorsetup.log

 

This is to be done in CAS

 

Looks like role is setup successfully.

 

Remaining steps are for creations of apps and deployment to user collection.

Basic steps are

a) Create application for Company portal

b) Create application for the mobile app

c) Deploy these application

 

Let’s start:

 

8) Download below tool for the purpose that is defined below. Basically this contains your sample apps and company portal.

https://www.microsoft.com/en-sg/download/details.aspx?id=39079

 

I have installed it at C:\Program Files (x86)\Microsoft\Support Tool for Windows Intune Trial management of Windows Phone\Support Tool

 

 

Install it on configmanager server.

 

 

9) Now create an application for windows phone (*.xap) with the normal method

 

 

 

 

We have targeted company portal to the user collection that we created

 

 

 

Now we have to add the application in Intune subscription that we already created.  Remember you were told not check the box for windows phone 8 at above line.  Notice below, it’s unchecked. But that’s not what we want. but not our end goal.

 

 

 

10) Open cmd prompt run as administrator and cd to location where support tool is installed.

C:\Program Files (x86)\Microsoft\Support Tool for Windows Intune Trial management of Windows Phone\Support Tool

 

This is to activate your trial certificate for Windows phone 8. Run below command

 

 

C:\Program Files (x86)\Microsoft\Support Tool for Windows Intune Trial management of Windows Phone\Support Tool>ConfigureWP8Settings_Field.vbs <SiteServerName> querysspmodelname

 

 

Output: Operation completed successfully

 

 

 

Now we are going to save settings using company portal ID. This ID is your application ID from the console. Also termed as Company Portal ID

 

ScopeId_5A69269C-EFC8-4996-AD73-FCABAECD20CC/Application_0904feff-40b7-8844f38a6760a58b

 

C:\Program Files (x86)\Microsoft\Support Tool for Windows Intune Trial management of Windows Phone\Support Tool>ConfigureWP8Settings_Field.vbs <SiteServerName>

savesettings ScopeId_5A69269C-EFC8-4996-AD73-FCABAECD20CC/Application_0904feff-7c83-40b7-8844-f38a6760a58b

 

 

 

Now if you visit intune subscription properties back,

 

 

Notice, Windows Phone 8 Enrollment is enabled.

 

****Optional****

Optional step: Only when you have certificate for device in production scenario.

 

Command line to codesign the application:  If you have certificate for windows Phone 8 in production scenario, You may have to code sign the company portal application.

c:\Windows\System32>XapSignTool.exe sign /f "<Certificate file.PFX>" /p <Password> "<Path of company portal or application ex. ssp.xap>"

 

Now to check if application is signed, go to properties of Xap file and check Digital Signature tab for the file.

Idea of company portal is to show LOB application, contact info for the company, you can create your own company portal as well. The one that you download from Microsoft is just a sample.

  ****Optional****

 

 

11) Create an application for windows phone. Select below option.

 

 

I have selected the one from below location that’s where my support tool is installed

 

\\CM12CAS\c$\Program Files (x86)\Microsoft\Support Tool for Windows Intune Trial management of Windows Phone\Sample Apps\ClickMeV1.1.xap

 

Finish the wizard

 

And deploy this application to user collection that was created at the initial stage.

 

With Intune subscription, we have cloud DP created automatically. Distribute it to the cloud DP

 

 

Once distributed. You need to look at the log "outgoingcontentmanager.log" if the content is successfully distributed to cloud DP.

 

 

Now you can deploy the application to the user collection, Remember option of available or required is based on the supportability for the devices. Leave it available for now.

 

Creating an application from windows app store

============================================

 

Go to Microsoft  store for apps and pick up the URL

 

 

 

My app address is:

https://apps.microsoft.com/windows/en-us/app/tour-spain/258839b5-88ed-4154-bf83-93912dc03257

In configmanager console, just create a new application from windows store as shown below. And location should have the URL of the application that you copied above,

 

 

Complete the wizard

 

Deploy the application, you don’t need to distribute it to the DP, because it’s from cloud and is already distributed

 

Here completes you server side configuration and activities.

 

Now we are going to enroll the devices and application. Your Intune solution is in cloud

================================================

 

12) Add account in windows phone 8,  

Go to settings -->Workplace-->Add account

 Add the user name that we migrated from AD to Intune

Click next and add the server name. For the demo, the server name is going to be. Server name: enterpriseenrollment-s.manage.microsoft.com

User name is going to be in format of user@chandanbharti.onmicrosoft.com

 

This is how it may look

 

 

You should see the device under mobile device in the Configmanager 2012 console :)

 

 

And we should be good. We are all set to manage our mobile devices on cloud :)

I am going to sleep now, when i wake up. i will post another one for  compliance settings that you can configure for mobile devices  and i am sure, you are going to enjoy reading that.

Any Feedbacks or comments are welcome!!

Few important stuffs that you need to know on reliability on support we have for intune You can follow the link to understand overall process with support involved. https://technet.microsoft.com/en-US/library/dn646963.aspx

-Chandan Bharti, Premier Field Engineer-Microsoft

Comments

  • Anonymous
    January 01, 2003
    great point. thanks Sudheesh. i will update that too.
  • Anonymous
    August 20, 2014
    Hope you remember the steps to integrate Intune with configmanager
    This is part 2 in the series. My
  • Anonymous
    September 13, 2014
    Good article Chandan. I think you missed one step to activate the AD sync from the management console. It will be good if you can add it. And also to give a warning not to SET MDM in intune admin console , as it will become windows Intune only and that subscription cannot be used with ConfigMgr integration. This is just a suggestion to make this complete ...Thanks
  • Anonymous
    November 01, 2015
    Could you comment on how you have created the user collection (direct or query membership). If you query the membership for an AD group, do you have to sync the AD group also with AAD Connect?