S03E07 - Enrolling Apple devices to Intune (I.T)

Рет қаралды 28,390

Күн бұрын

Пікірлер: 47

@thereflecs 2 жыл бұрын

Great video! Just had my first personal experience with this. The experience is far from flawless. I can remove the Management profile as a user myself by using the "-" button below the profiles. After that I needed to re register the device in ABM for it to be able to get enrolled again. I see in your video (17:32) the "-" button at the bottom of the window isn't greyed out aswell. The Firewall profile is greyed out. I believe this is a major issue. Also Intune tells me the device is supervised, but I cannot use the supervised mode functionalities from Intune. (like Restart, Shutdown and Lost Mode).

@ThiagoBeier Жыл бұрын

Thanks for the detailed video, is there a way to skip the "create a computer account" at 15:55 ? get the device enrolled at ABM > Intune > profile and skip this part so user is not "root" in the system and we continue to manage the device from intune?

@majorblazer9055 2 жыл бұрын

User profile can be AAD backed now with Xcreds an opensource program

@dmitrykravtsov853 Жыл бұрын

Your hint is like a breath of clean air! Thank you very much man!

@eg4am1 3 жыл бұрын

Excellent Ben & Steve. I have done everything as you have shown in the video, my MacBook pro is showing in Enrollment program tokens and also in Apple business manager. When I boot the device it tries to connect to our MDM server in Azure but I get an error "Unable to connect to MDM server" any ideas why this might be?

@chrislamonte8554 2 жыл бұрын

did you ever find a solution to this? we are having the same error.

@eg4am1 2 жыл бұрын

@@chrislamonte8554 I deleted all the connections and tokens and started again. It worked. Though we have now moved to Jamf which is miles better at managing apple devices

@laxmanwadhwa8175 Жыл бұрын

What about the Mac App Store applications? They seem to be greyed out after this type of enrolment??

@MikeFerguson1 3 жыл бұрын

Hey, @10:10 the blur of the serials doesn't quite show up in time, just FYI!!

@iliassoukallaris7274 3 жыл бұрын

Hi guys, can you share how you sideloaded apple configurator 2 to the iphone? Would be really helpful.

@chrislamonte8554 3 жыл бұрын

Do you have to already have a mac to set-up the company portal before you can begin enrolling brand new macs? In S03E05 you guys already had a mac that you were logged into before you did the company portal, but in this video the mac you're using is brand new.

@IntuneTraining 3 жыл бұрын

There have been recent changes to how MAC enrollment can be done. Check out the docs for more guidance docs.microsoft.com/en-us/mem/intune/user-help/enroll-your-device-in-intune-macos-cp docs.microsoft.com/en-us/mem/intune/enrollment/macos-enroll

@RoelofdeGroot 3 жыл бұрын

Thanks for the videos on covering macOS! Oh and a pro tip: Command - Ctrl - Space 😉

@jonathanp6508 3 жыл бұрын

Thanks guys, Did you guys make a video how to enroll IOS devices ?

@IntuneTraining 3 жыл бұрын

Not yet, it's on our back log

@DaleHiltner 2 жыл бұрын

I have followed all the steps and it didn't work. Configured the Enrollment Program Token and Created the Enrollment profile for the macOS. I then erased content and settings on the MAC mini OS v.12.4, and added it to ABM via the configurator app. I then assigned the MDM server in to the device in ABM, did a sync in Intune and the device showed up in in device list under the Enrollment Program Token. I then assigned the macOS enrollment profile to the device. Then I powered on the mac and never got the Remote Management screen during setup. How did it work for you guys? Is there a group somewhere that I need to assign the device to?

@sachutharaman 2 жыл бұрын

I'm also stuck at the same place now, Did you find any solution?

@babitahopal5100 3 жыл бұрын

hi, is there anyway that it can automate too with the installing the Office365

@IntuneVitaDoctrina 3 жыл бұрын

Gréât vidéo, nice to see apple on the screen and all the steps 🙏

@jaredfoley7010 Жыл бұрын

Do you have any advice on enrolling a Mac VM into ABM that we can use for Intune testing?

@foremostj 3 жыл бұрын

Do you know if microsoft/apple are planning to implement a solution similar to jamf that will allow the use of an AAD account to authenticate/sign in to a macbook?

@Schnitzer325ci 3 жыл бұрын

I think the only option would be hybrid. I know you can use an AD account to sign in once the Mac has been domain joined.

@RamanSingh-uf4bb 3 жыл бұрын

Is a device reset required for this method? what is process if the devices are already enrolled into inTune? basically trying to get devices added ABM so they can be enrolled properly, so we can push out ISO updates.

@jimcopeland4011 2 жыл бұрын

Is there any way to do patch management via Intune for MacOS devices? I don't see a way out of the box, but I do see the ability to create custom template profiles. Perhaps something can be scripted?

@XriddimXkillaX 3 жыл бұрын

Hey ya'll, I'm running into an 500 error when the device is trying to enroll. Intune can see it and has a profile but only one Mac has been able to successfully join the server. Any idea where I could look?

@DLSC2374 3 жыл бұрын

if you enrolling devices in ADE you will need to get them enrolled through apple is that correct

@Gus247365 Жыл бұрын

Thank you guys - very helpful!!!

@billymedia177 3 жыл бұрын

Why does it tell you to create a computer account? I would think i should be signing into my azure AD account like windows. I dont want my users creating an account. Would be too much for them. Is there a way I can skip that?

@samwu8285 2 жыл бұрын

After my MacBook is enrolled to MDM server, I can still delete the management profile by pressing minus "-" icon without any restrictions. The Apple ID I used is a standard user profile. Any idea how to prevent standard user from doing this?

@DankLordvsGames 2 жыл бұрын

The enrollment token profile can be set to "Locked enrollment" to stop this.

@DaleHiltner 2 жыл бұрын

Thanks so much for this video. I'm a total visual guy so reading all the documentation just confused the hell out of me. You answered all the questions that was holding me back after reading the documentation. Question: In the previous episode we created the companyportal-installer package and created a LOB app in Intune. That LOB app was assigned to a group however the device that needed to be in that group didn't exist in Intune yet. Then in this episode, after enrolling the device into ABM and after allowing it to sync over to Intune, I didn't see you add the mac device to the Intune group so that the company portal app could install. Was that a missed step and, if using groups to install a package, don't we need to add the mac to that group for company portal install?

@Dreas204 2 жыл бұрын

I am actually having the same question. Seems like a missing step

@PaulShadwell 3 жыл бұрын

Also, how do you add an existing device that a user is already using?

@IntuneTraining 3 жыл бұрын

Currently the work flow is only to reset a device back to factory with the latest beta of both macOS and iOS

@davveedoff 3 жыл бұрын

@@IntuneTraining what about using an emulator for iOS ? (don't want to wipe my phone..)

@IntuneTraining 3 жыл бұрын

We haven't found an emulator that works for the workflows we are testing.

@ronikuggz3362 2 жыл бұрын

Hi guys just a quick question, how will you control admin credentials for it? will it be AAD cred or do you need to create a local admin account?

@christianjrgensen6466 3 жыл бұрын

This is brilliant! Will the Apple Configurator be available for iOS/iPhones aswell after beta? Or will you still be forced to sideload the app?

@IntuneTraining 3 жыл бұрын

I assume it will be in the app store for iOS devices, but we are not in a position to commit to the direction for the Apple roadmap

@schiefvancleef 3 жыл бұрын

The Apple Configurator App will be available at the Public iOS/iPadOS AppStore, as well as the Apple Configurator 2 App at the Mac AppStore.

@Dreas204 2 жыл бұрын

@@schiefvancleef Unfortunately, I personally dont see Configurator 2 at all

@PaulShadwell 3 жыл бұрын

This is great. I've been trying to find this. I'm disappointed that it's so complicated. I used to be able to add devices by just adding the serial number into the Apple Business Manager.

@schiefvancleef 3 жыл бұрын

Adding a SN# in Apple Business Manager is possible as well. The shown Method (manually adding a Mac) is similiar to the current process of adding iOS/iPaOS Devices MANUALLY with Apple Configurator 2. Thats why you should always buy your Apple HW at a official (and certified) Apple (Enterprise) Reseller. He can add SN# for you retroactive, so you dońt need to MANUALLY add Device with Apple Configurator 2 (iOS/iPadOS) or Apple Configurator App (iOS). Adding devices manually also has the disadvantage that the user has a grace period of 30 days during which he can still remove the manually added devices from the Apple Business Manager or Automated Device Enrollment. Only after the 31st day does the device behave as if it had always been registered. Do´nt forget: Apple has built this way in afterwards. Scaling is not desired here. That is why we are also talking about a MANUAL approach here.