top of page
Writer's pictureALIF Consulting

How to configure an Apple Intune work profile

Updated: May 17

In this blog article, I'll demonstrate how to set up an Apple Work Profile using Intune. Creating an Apple Enterprise Work Profile and activating Apple's work profile in Intune are the first steps in the process. After completing these processes, we accept deploying a few Apple programs from the App Store to the Work profile. Apple device management is possible with Microsoft Intune, which uses a variety of options. In this blog, I'll walk you through the process of configuring Intune and utilizing Apple Configurator to enable Apple.


Describe the Apple Configurator

In your company or school, Apple Configurator makes it simple to install iPad, iPhone, iPod touch, and Apple TV devices.

Use Apple Configurator to swiftly set up several USB-connected devices with the settings, programs, and information you select for your students, staff, or clients.

Thanks to its adaptable, device-centric architecture, you may quickly and simply configure one or hundreds of devices with the help of Apple Configurator. Simply choose one or more devices, then do anything with them. You can update software, install applications and configuration profiles, rename and change the background on devices, export device data and documents, and do much more using Apple Configurator. Any device may be examined to view information, including its console log, hardware addresses, installed applications and profiles, and serial number.

  • The following prerequisites must be met for the steps to work.

  • A device running iOS 14.0 or later; • A Microsoft EMS license (E3 or E5); and • An Azure tenant.

  • Download the Company Portal from the App Store.

  • Keep a Wi-Fi connection active until all procedures are finished.

  • Your device must have the Safari web browser.

  • Access to iOS/iPadOS devices physically

Device serial numbers (for setup assistant enrollment only), an Apple MDM push certificate, USB connection cords, and a macOS machine running Apple Configurator 2.0


Create a device profile in Apple Configurator

The variables used during enrollment are specified by a device enrolment profile. These changes only take effect once. Create an enrollment profile by following these instructions to enrol iOS/iPadOS devices in Apple Configurator.

Select Devices > iOS/iPadOS > iOS/iPadOS enrolment > Apple Configurator in the Microsoft Endpoint Manager admin centre.

  • Select Create > Profiles.

  • For administrative reasons, type a name and description for the profile under Create Enrolment Profile on the Basics page. These facts are hidden from users. To create a dynamic group in Azure Active Directory, utilize the Name field. To assign devices with this enrolment profile, specify the enrollmentProfileName option using the profile name. Learn more about the dynamic groups in Azure Active Directory.

How to configure an Apple Intune work profile
  1. To see the Settings page, click Next.

  2. Select whether devices with this profile must enrol with or without a designated user under User Affinity.

  3. Enrol with user affinity - Select this option if you wish to utilize the corporate portal for services like installing applications on devices that belong to users.

  4. Enroll without User Affinity – Select this option for devices not linked to a specific user. Use this for gadgets that operate without requiring access to local user data.

  5. Select the Company Portal under "Select where users must authenticate."

  6. Select Next

  7. To save the profile, click Create

Enrollment in Setup Assistant

  • Device serial numbers must be added to Intune before we may begin enrolling devices.

  • Make a two-column, headerless, comma-separated value (.csv) list.

  • The serial number should go in the left column, and the information should be on the right. The list may currently have a maximum of 5,000 rows.

  • This is how the.csv list appears in a text editor: F7TLWCLBX196, device information

  • Device information: DLXQPCWVGHMJ

  • Select Devices > iOS/iPadOS > iOS/iPadOS enrolment > Apple Configurator > Devices > Add from the Microsoft Endpoint Manager admin centre.

  • To apply an enrollment profile to the serial numbers you are importing, choose one. Select Overwrite information for existing identifiers if you want the new serial number details to replace all previous ones.

  • Browse to the CSV file containing the serial numbers, then click Add under Import Devices.


Publish the profile

  • Once the profile has been built, it must be exported from Intune as a URL and loaded into Apple Configurator.

  • Select Devices > iOS/iPadOS > iOS/iPadOS enrolment > Apple Configurator > Profiles > Select the profile you want to export from the Microsoft Endpoint Manager admin centre.

  • Select Export Profile from the profile.

  • Get the Profile URL.

  • Then, you may specify the Intune profile used by iOS/iPadOS devices by adding it to the Apple Configurator.


  1. To see the Settings page, click Next.

  2. Select whether devices with this profile must enrol with or without a designated user under User Affinity.

  3. Enrol with user affinity - Select this option if you wish to utilize the corporate portal for services like installing applications on devices that belong to users.

  4. Enrol without User Affinity – Select this option for devices that are not linked to a specific user. Use this for gadgets that operate without requiring access to local user data.

  5. Select the Company Portal under "Select where users must authenticate."

  6. Select Next

  7. To save the profile, click Create.

Apple configurator iphones

How Can Businesses Benefit from This Feature

Enhanced Device Management

Apple Intune offers businesses a streamlined approach to managing Apple devices. With a centralized platform, IT departments can easily oversee device settings and app installations and enforce security policies, reducing administrative workload and ensuring consistency.


Increased Security

Intune allows businesses to implement robust security measures, including device encryption, compliance policies, and remote wipe capabilities. These features help safeguard sensitive corporate data against unauthorized access and security breaches.


Seamless Integration

Intune integrates smoothly with other Microsoft services, such as Azure Active Directory and Office 365. This creates a cohesive ecosystem for managing user identities, devices, and applications, enhancing overall productivity and security.


Support for BYOD

Intune supports Bring Your Own Device (BYOD) policies, enabling employees to use their personal devices for work. This flexibility can improve employee satisfaction and reduce hardware costs while maintaining security through Intune’s management features.


Scalability

Intune’s cloud-based architecture makes it easy for businesses to scale device management up or down as needed. Whether managing a few devices or a large fleet, businesses can adapt without worrying about infrastructure constraints.


Securing Data in the Work Profile

Corporate Email and Contacts

Intune ensures that corporate email accounts and contact information are secured within the work profile. This protects sensitive communication and personal data from unauthorized access.


Documents and Files

Corporate documents and files stored on Apple devices can be secured with Intune. This includes files created or accessed through managed apps, keeping sensitive information within the work profile and preventing sharing with unmanaged apps.


Application Data

Data generated or used by managed applications is secured within the work profile. This encompasses app-specific settings, user data, and cached information, ensuring corporate data remains protected even if the device is compromised.


Network Access

Intune enforces secure network configurations, such as VPN settings, ensuring that all data transmitted to and from the device is encrypted. This protects data in transit from being intercepted or accessed without authorization.


Browser and Web Data

Managed browser policies in Intune secure browsing activities, preventing access to unauthorized websites and ensuring web data remained within the secure work profile. This helps protect against phishing attacks and other web-based threats.


Configuration and Settings

Intune allows businesses to manage device configurations and settings, such as password policies and encryption standards. By enforcing these settings, companies can ensure all data on the device is secured according to compliance requirements.


Recent Posts

See All

Comentarios


bottom of page