Your video is hands down the ultimate guide for managing Apple devices in Microsoft Intune, especially for the education sector. It’s by far the best resource I’ve seen, offering invaluable help for educators without extensive know-how. Thank you for making this complex process so accessible!
As an MSP how do you manage multiple clients with Apple business manager. Do you have a tenant for each customer within the apple business manager platform? Or a central apple business manager for all customers?
My advice would be for each client to have their own Apple Business Manager - but either works. It might make your relationship with your client more “sticky”.
Thanks for the great video, very helpful. I managed to enrol a device, apps installed automatically on the iPhone, however they are not showing under managed apps for that device. Everything works as expected, I can see under status that the apps have installed but not showing under managed apps as they are in your video. Any ideas why?
Excellent please let me possible to IOS device as simulator app device reset has to performed before or after apple configuration app installation . what account we have to use for apple configuration app login
Apple Configurator doesn't work on anything earlier than iOS 16. Unable to enroll company's old iPad Air 2's. :( I don't have access to a Mac so I assume there is no other work around? I know I can enroll via Company Portal app but doesn't allow me to enroll in "Shared Mode".
Excellent video, Jonathan. Thank you for sharing your knowledge and showing us these steps. After you add the iPhone to ABM with the configurator app, "Erase iPhone" displays on the screen. Your video doesn't say what to do with this, you just say to assign the profile and then power the device on. If the device is already on and displaying "Erase iPhone", what step do we need to take to ensure the profile is received by the device? I have been beating my head against the wall multiple times with this step and I cannot get my devices to receive the profile from Intune because they're stuck on the "Erase iPhone" screen. Thank you for any help you can provide!
หลายเดือนก่อน
I have the exact same problem. Later in the video, he says to turn the iPhone back on. So I restarted my iPad and I had to configure it again. I'm still stuck on the same place. Did you find your answer?
หลายเดือนก่อน
Nevermind. I searched through the comments and found it. Seems that you just have to be patient and wait for way too long. :P
I follow exactly the step you provided, all work fine except that into Apple Business Manager, the equipment entered into INTUNE and correctly program are not showing at all into the Apple side. Except I see a page empty in the section equipment asking to enter our number of client of apple, but I don't have this, how to I get one or where?
หลายเดือนก่อน +1
Great video! We are a non-profit and had outsourced the iPad management. Since I came into the picture, and we setup M365 across the organisation, we asked the company to transfer me the info. They were doing it through Mirador MDM and I couldn't wrap my head around how to do this. It's so much simpler with InTune (Thanks to your video!) and all in the same environment that we pay for already.
Is there no way to import a list of serial numbers or IMEI numbers into ABM? We have 150 phones out in the wild, whats the best way to enrol these as company devices?
I’ve had success with Mac OS device management without enrolling in Apple Business Manager. After creating the necessary Apple certificate I just install the Mac version of Company Portal and configure some apps in Intune to be installed or advertised in the Portal. Compliance policies also work and it’s possible to rename and reassign Macs using Intune. The limitation of this is you cannot add or force install Mac App Store apps. But if you can download pkg or dmg files for your apps you can push them to the Macs. Anyway I learned quite a bit about Business Manager and iOS configuration in your video. Thank you.
The downside of not enrolling them in ABM is that a stolen device can simply be wiped and set up afresh without your configuration. The big benefit of enrolment is control of the devices no matter what happens to them.
Great video, Jonathan. I get to point where my iPad says "This iPad has been assigned to MDM server" and there is button that says "Erase iPad". I assigned DEP and everything just like you did but nothing happens. Click "Erase iPad" doesn't do anything. Any advice? same happening with my iPhone
Really appreciate this video, I have worked with a couple different MDMs and new to Intunes, we just upgraded 365 plans this week. Been digging through documentation and different youtube videos. Your videos really explain what I needed short sweet to the point.
Your video didn't show the part after you used Apple configurator, when the device displayed the "Erase iPhone" screen. My device shows up in ABM and sync to Intune, but stays on a "Ready to Enroll" status. How do you get past the "Erase iPhone" screen after using Apple configurator? I've tried restarting the phone, I've tried the "Erase iPhone", but the phone doesn't grab the auto enrollment OOBE. Thoughts?
@@thomaslipp742 Hey dude, yeah I managed to resolve it. First I'll say what I was doing wrong - when I would see the "Erase iPhone" screen, I would remove the iPhone from ABM and Intune and start over since I thought it wasn't a normal screen to see. However, it is normal to see the "Erase iPhone screen. What fixed it for me was when you see the "Erase iPhone" screen, wait about 15-20 minutes after you've sync'd the iPhone to Intune and don't touch anything. After 15-20 minutes, you can go ahead and Erase the iPhone. You should see the normal setup experience, except this time after you connect to WiFi, you should see the "Remote Management" screen popup to "Enroll this iPhone". Let me know if that works for you.
หลายเดือนก่อน
@@TyKLPS @bearded365guy That's it? Nothing else? It didn't work for me I waited more than 30 minutes and when I clicked "Erase iPhone", it cleared everything, restarted then just went on to the basic config setup. I had to go through it all to then wipe it and start over. It's frustrating since I'm almost there!
I was able to follow along, up to the point of VPP. I do not have Payments and Billing in my ABM under preferences. I did just create my APM account. How do I get the Payments and Billing?
Thank you - this looks to be everything I needed in order to understand the ABM setup HOWEVER.. I have something needing clarification; Does each device user need a MS BP license? cos they ain't cheap!
such a useful video - i went through this about 7 years ago - not much has changed (was using meraki mdm) - great tip on the apple configurator 2 - at the time we had to buy a mac to use configurator - glad its now on ios.
Thank you but I’m having a problem after creating push and then when you say I am still logged in to ABM I get told this account can’t sign in to ABM Please can anyone shed any light on- thank you
Finally one of the best guide to enrol apple devices into Intune. I have been struggling to find a nice and easy guide on how to achieve this and this is by far the best tutorial out there. Any chance you have one tutorial for android devices. Also I have a question in relation to this. What is the point of the managed apple ID for the apple devices if everything is deployed through ABM in Intune, I am struggling to understand the role that managed apple ID plays in all of this.
Hi Jonathan, Thank you for your amazing videos. We've office365 license with intune capabilities. Do we need extra licenses to link intune with our ASM?
@@bearded365guy subbed with notis I work IT for nursing homes and one of my bosses is looking towards implementing android kiosk systems so I’ll be looking forward to this
I canno tell you hoe many rabbit holes I went down trying to get to the end goal. I had all the pieces in place but could not get the devices to enrol to apple school. This has been a life saver. Any guide on getting MacOS added to apple school in the same way? I have some added from or reseller but not all so will need to enrol them much like this method
Great tutorial and thank you! Can you give advice on Profiles for MacOS instead iOS, because there is no company portal to be used in Authentication Method, i gues we have to choose Setup Assistand with modern Authentication but i get a msg "For devices running macOS 10.15 and later. You must deploy Company Portal to users as a required app to allow for device registration with Microsoft Entra ID. " Not sure how to do that.
@@bearded365guy lol that’s okay Jonathan, much appreciated will await for the video, you really do provide such informative and supportive guidance to M365 Administrators
Your explanation of the topic made it very easy to understand. There is always something new to learn with your videos!!! I am interested in learning more about how third party email filtering works with online exchange, and what is the best email filter system out there at the moment, even though we have provided so many policies and restrictions. We are still receiving a lot of spam email. Could you make a video demonstrating how third party email filtering works with online exchange?
Thank you for this video. Getting Intune set up for iOS devices has been on my to-do list for a while now, and finding this video motivated me to finally sit down and do it. Currently using JAMF Now for my iOS devices, and while very happy with it, considering a switch over to Intune since it's effectively free with M365 BP, whereas JAMF is now costing $4 per device/month, which adds up to about $3-4K a year for my two tenants. I will say this though-- based on what I'm seeing so far, pushing configuration profiles and apps to the devices through Intune is SO much more complicated than with the Blueprints JAMF Now uses. But the potential cost savings will make me keep testing this and likely switch if I can get it figured out well enough.
Pushing apps to iOS devices with Jonathan’s method here works flawlessly, IMHO. Pair this process with an App Protection policy + and conditional access policy for an effective MAM solution.
I provide my end users with a temporary passcode to sign into the authenticator app to be Passwordless but it sounds like they need to sign into the company portal app before the authenticator app will be installed. What’s the workaround here?
Excellent video, thanks. I am trying to migrate from apple Profile Manager, so working out at what point to move App management over to Intune without losing purchased app that were assigned on the old MDM is the last piece of the puzzle for me. This video helped a lot though. 👍
Really great information, nice and straightforward as always thanks Jonathan I may deploying this currently, and the memory refresh with the updated Intune portal is extremely welcome.
Thank you Jonathan for this new nice video. But while trying to add an Enrollment Program token, you didn't mention some prerequisites such as the D-U-N-S number provided by Apple. And this process is cumbersome to implement... Fortunately, Apple devices can still be managed, without Apple Business Manager !!!
Your video is hands down the ultimate guide for managing Apple devices in Microsoft Intune, especially for the education sector. It’s by far the best resource I’ve seen, offering invaluable help for educators without extensive know-how. Thank you for making this complex process so accessible!
As an MSP how do you manage multiple clients with Apple business manager. Do you have a tenant for each customer within the apple business manager platform? Or a central apple business manager for all customers?
My advice would be for each client to have their own Apple Business Manager - but either works. It might make your relationship with your client more “sticky”.
Great video, 1 point for me is my token did not show when creating my profile until I added the Intune Company Portal as one of my apps
yep , same here
I installed the VPP token on AMB but when I get to the enrollment profile I do not have an option to select that VPP. Could you advise?
Thanks for the great video, very helpful. I managed to enrol a device, apps installed automatically on the iPhone, however they are not showing under managed apps for that device. Everything works as expected, I can see under status that the apps have installed but not showing under managed apps as they are in your video. Any ideas why?
How do you get around the DUNS number in Business Manager for companies outside the United States?
We're not in the USA and we have a DUNS number.,
@@bearded365guy I got the DUNS number, but when filling out the form for business manager gives an error that it's not a US based DUNS.
Excellent please let me possible to IOS device as simulator app device reset has to performed before or after apple configuration app installation . what account we have to use for apple configuration app login
This is a great video! can we enroll devices in ABM without performing a reset?
Same Question.
Apple Configurator doesn't work on anything earlier than iOS 16. Unable to enroll company's old iPad Air 2's. :( I don't have access to a Mac so I assume there is no other work around? I know I can enroll via Company Portal app but doesn't allow me to enroll in "Shared Mode".
Excellent video, Jonathan. Thank you for sharing your knowledge and showing us these steps.
After you add the iPhone to ABM with the configurator app, "Erase iPhone" displays on the screen. Your video doesn't say what to do with this, you just say to assign the profile and then power the device on. If the device is already on and displaying "Erase iPhone", what step do we need to take to ensure the profile is received by the device? I have been beating my head against the wall multiple times with this step and I cannot get my devices to receive the profile from Intune because they're stuck on the "Erase iPhone" screen.
Thank you for any help you can provide!
I have the exact same problem. Later in the video, he says to turn the iPhone back on. So I restarted my iPad and I had to configure it again. I'm still stuck on the same place. Did you find your answer?
Nevermind. I searched through the comments and found it. Seems that you just have to be patient and wait for way too long. :P
I follow exactly the step you provided, all work fine except that into Apple Business Manager, the equipment entered into INTUNE and correctly program are not showing at all into the Apple side. Except I see a page empty in the section equipment asking to enter our number of client of apple, but I don't have this, how to I get one or where?
Great video! We are a non-profit and had outsourced the iPad management. Since I came into the picture, and we setup M365 across the organisation, we asked the company to transfer me the info. They were doing it through Mirador MDM and I couldn't wrap my head around how to do this. It's so much simpler with InTune (Thanks to your video!) and all in the same environment that we pay for already.
This video didn’t talk about installing defender in iOS device, should it be included in the apps list so it could deploy automatically?
More videos to come about Defender.
Thanks, Jonathan! It’s a great video that makes everything easy to understand. I really appreciate your effort.
Is there no way to import a list of serial numbers or IMEI numbers into ABM? We have 150 phones out in the wild, whats the best way to enrol these as company devices?
Awesome video! I have followed the tutorial but the MDM server I created is not appearing as a content token?! Any Ideas?
I’ve had success with Mac OS device management without enrolling in Apple Business Manager. After creating the necessary Apple certificate I just install the Mac version of Company Portal and configure some apps in Intune to be installed or advertised in the Portal. Compliance policies also work and it’s possible to rename and reassign Macs using Intune. The limitation of this is you cannot add or force install Mac App Store apps. But if you can download pkg or dmg files for your apps you can push them to the Macs. Anyway I learned quite a bit about Business Manager and iOS configuration in your video. Thank you.
The downside of not enrolling them in ABM is that a stolen device can simply be wiped and set up afresh without your configuration. The big benefit of enrolment is control of the devices no matter what happens to them.
Great video, Jonathan. I get to point where my iPad says "This iPad has been assigned to MDM server" and there is button that says "Erase iPad". I assigned DEP and everything just like you did but nothing happens. Click "Erase iPad" doesn't do anything. Any advice? same happening with my iPhone
I'm also having this issue. Have you found a work around?
Really appreciate this video, I have worked with a couple different MDMs and new to Intunes, we just upgraded 365 plans this week. Been digging through documentation and different youtube videos. Your videos really explain what I needed short sweet to the point.
Your video didn't show the part after you used Apple configurator, when the device displayed the "Erase iPhone" screen. My device shows up in ABM and sync to Intune, but stays on a "Ready to Enroll" status. How do you get past the "Erase iPhone" screen after using Apple configurator? I've tried restarting the phone, I've tried the "Erase iPhone", but the phone doesn't grab the auto enrollment OOBE. Thoughts?
I'm running into the exact same issue. Tried the same steps but keep getting stuck in a loop.
Did you end up solving this issue?
@@thomaslipp742 Hey dude, yeah I managed to resolve it. First I'll say what I was doing wrong - when I would see the "Erase iPhone" screen, I would remove the iPhone from ABM and Intune and start over since I thought it wasn't a normal screen to see. However, it is normal to see the "Erase iPhone screen. What fixed it for me was when you see the "Erase iPhone" screen, wait about 15-20 minutes after you've sync'd the iPhone to Intune and don't touch anything. After 15-20 minutes, you can go ahead and Erase the iPhone. You should see the normal setup experience, except this time after you connect to WiFi, you should see the "Remote Management" screen popup to "Enroll this iPhone". Let me know if that works for you.
@@TyKLPS @bearded365guy That's it? Nothing else? It didn't work for me I waited more than 30 minutes and when I clicked "Erase iPhone", it cleared everything, restarted then just went on to the basic config setup. I had to go through it all to then wipe it and start over. It's frustrating since I'm almost there!
At 13:39, my device didn't show on devices but it's under Enrollment program tokens. How would I get it to show under devices?
Great Video, but I do not have the Payment and Billing option available to me under my profile. How do I enable this?
You'll probably need the admin to upgrade your permissions
@@hiramclaytor2526 I'm the admin and just signed up for a brandnew apple business account, but the Payment and billing isn't there.
you have to go to Apps and Books to register
I was able to follow along, up to the point of VPP. I do not have Payments and Billing in my ABM under preferences. I did just create my APM account. How do I get the Payments and Billing?
NM, found the issue. You need to first sign up for Apps & Books.
Really help video. Looking to test new enrollment profiles for iPadOS but am not sure how to direct devices for the DEP to the new profile. Any ideas?
Thank you - this looks to be everything I needed in order to understand the ABM setup HOWEVER.. I have something needing clarification; Does each device user need a MS BP license? cos they ain't cheap!
Man this is so useful. I have sysadmins that don't know what they are doing and just handing off macbooks like hot potatoes. Thank you for this.
Are you one of them? Because that would explain why you're watching the video. Otherwise, you would be teaching your sysadmins.
Hi, can you enroll an existing iOS device without using the Apple Configurator App?
such a useful video - i went through this about 7 years ago - not much has changed (was using meraki mdm) - great tip on the apple configurator 2 - at the time we had to buy a mac to use configurator - glad its now on ios.
Yes, you can still do it on a Mac! But an app on the iPhone is so much more helpful!
Thank you but I’m having a problem after creating push and then when you say I am still logged in to ABM I get told this account can’t sign in to ABM
Please can anyone shed any light on- thank you
Starting an endpoint role in 2 days and your videos were very helpful. You deserve more views.
Thanks!
Thanks for the video also love your accent 10/10 friendliness
Finally one of the best guide to enrol apple devices into Intune. I have been struggling to find a nice and easy guide on how to achieve this and this is by far the best tutorial out there. Any chance you have one tutorial for android devices. Also I have a question in relation to this. What is the point of the managed apple ID for the apple devices if everything is deployed through ABM in Intune, I am struggling to understand the role that managed apple ID plays in all of this.
The beauty is, you don’t need the managed Apple ID on the devices.
Hi Jonathan, Thank you for your amazing videos. We've office365 license with intune capabilities. Do we need extra licenses to link intune with our ASM?
I went through the comments and got my answer, thank you.
Are you able to do the same but with android? Or have you before
It’s on the list of videos for me to do over the next couple of months
@@bearded365guy subbed with notis I work IT for nursing homes and one of my bosses is looking towards implementing android kiosk systems so I’ll be looking forward to this
I canno tell you hoe many rabbit holes I went down trying to get to the end goal. I had all the pieces in place but could not get the devices to enrol to apple school. This has been a life saver. Any guide on getting MacOS added to apple school in the same way? I have some added from or reseller but not all so will need to enrol them much like this method
Got a interview about Intune, just needed a refresher and this was amazing!
Great tutorial and thank you!
Can you give advice on Profiles for MacOS instead iOS, because there is no company portal to be used in Authentication Method, i gues we have to choose Setup Assistand with modern Authentication but i get a msg "For devices running macOS 10.15 and later. You must deploy Company Portal to users as a required app to allow for device registration with Microsoft Entra ID. "
Not sure how to do that.
Excellent and informative video as always Jonathan, please could you do one on Managing Android Corporate Devices in Microsoft Intune, thank you
Oh no, please, not Android!!
@@bearded365guy Im curious why not? I am looking for the same information at the moment.
Sorry, i was just joking. Yes, that video is planned.
@@bearded365guy lol that’s okay Jonathan, much appreciated will await for the video, you really do provide such informative and supportive guidance to M365 Administrators
@@bearded365guy I totally fell for it. I thought there is a huge security flaw or something😆Looking forward to that video.
This is a really, really, really, really, great guide.
Does it require every user that's enrolling to have a 365BP licence or just one user within the tenant?
As this is about ABM/Intune integration, users will need an Intune lic.
Please help for country without support for Apple Business Manager
@@m_leBrave Where are you?
Your explanation of the topic made it very easy to understand. There is always something new to learn with your videos!!!
I am interested in learning more about how third party email filtering works with online exchange, and what is the best email filter system out there at the moment, even though we have provided so many policies and restrictions. We are still receiving a lot of spam email. Could you make a video demonstrating how third party email filtering works with online exchange?
Defender for Office 365!
The business Premium sub has everything you want.
Hello Jonathan, it is a great training video, thanks a lot!
U are the MAN, Thanks
Brilliant guide, thanks Jonathan!
Thank you for this video. Getting Intune set up for iOS devices has been on my to-do list for a while now, and finding this video motivated me to finally sit down and do it. Currently using JAMF Now for my iOS devices, and while very happy with it, considering a switch over to Intune since it's effectively free with M365 BP, whereas JAMF is now costing $4 per device/month, which adds up to about $3-4K a year for my two tenants.
I will say this though-- based on what I'm seeing so far, pushing configuration profiles and apps to the devices through Intune is SO much more complicated than with the Blueprints JAMF Now uses. But the potential cost savings will make me keep testing this and likely switch if I can get it figured out well enough.
There are some good improvements for Apple device coming to Intune later this year too
That’s a good money saving!
Pushing apps to iOS devices with Jonathan’s method here works flawlessly, IMHO. Pair this process with an App Protection policy + and conditional access policy for an effective MAM solution.
I provide my end users with a temporary passcode to sign into the authenticator app to be Passwordless but it sounds like they need to sign into the company portal app before the authenticator app will be installed. What’s the workaround here?
Excellent video, thanks. I am trying to migrate from apple Profile Manager, so working out at what point to move App management over to Intune without losing purchased app that were assigned on the old MDM is the last piece of the puzzle for me. This video helped a lot though. 👍
You are the best. This was extremely helpful and much easier than reading the back and forth of Microsoft and Apple's documentation.
Thank you so much, Jonathan. This is incredibly helpful!
Excellent video.. Also I feel its better to highlight you need company's DUNS for ABM.
Really great information, nice and straightforward as always thanks Jonathan I may deploying this currently, and the memory refresh with the updated Intune portal is extremely welcome.
Thank you Jonathan for this new nice video.
But while trying to add an Enrollment Program token, you didn't mention some prerequisites such as the D-U-N-S number provided by Apple.
And this process is cumbersome to implement...
Fortunately, Apple devices can still be managed, without Apple Business Manager !!!
We've always found it straightforward enough.
You just made my life exponentially easier. Thank you, sir! 🙏
You are the best. The. Best.
Apple specialist here - great video - don't use Intune for Macs. Just don't.
Use Jamf instead?
its simple.. just 2k steps.