cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Intune Android & iOS enrollment - need some guidance

WarreVlieghe
Copper Contributor

‎Jan 14 2021 05:56 AM - edited ‎Jan 14 2021 05:56 AM

‎Jan 14 2021 05:56 AM - edited ‎Jan 14 2021 05:56 AM

Intune Android & iOS enrollment - need some guidance

Hi all,

 

I need to set up and roll out Intune for an organisation and I'm having some trouble figuring things out.

 

I'm looking for the best way to enroll personal mobile (Android & iOS) devices. I want users to be able to sign into the Outlook app on their personal device with their work account, but without having to "enroll" their device - I want to apply app policies (like requiring a PIN to open the app etc.) but without giving Intune full control over the device. I want users to feel like they still have full control over their device. I've already tried this with some MAM policies, but users were reluctant to give the Company Portal app all those permissions regarding wiping the device etc.

I've done some research on the MAM-WE method, but can't really seem to find a real guide on how to do this stuff.

 

Is this possible, and if yes, is there anyone who could point me in the right direction?

 

Thanks a lot!

 

Kind regards,

Warre

1,603 Views
0 Likes
2 Replies
Reply
2 Replies
JanBakkerOrphaned

‎Jan 14 2021 02:10 PM

‎Jan 14 2021 02:10 PM

Re: Intune Android & iOS enrollment - need some guidance

You can manage that with MAM for iOS and Android, but the difference might confuse you. In order to make it work on Android, the Company portal needs to be installed on the device. But there is no need to start the app and enroll. In fact, you could prevent that using enrollment restrictions.

For iOS Company Portal is not needed.

MAM is your way to go....
1 Like
Reply
MoZZa

‎Jan 18 2021 12:31 PM

‎Jan 18 2021 12:31 PM

Re: Intune Android & iOS enrollment - need some guidance

Hi @WarreVlieghe ,

I have just (95%) completed a rollout of Corp Android devices (COFM) and iOS Supervised Devcies.

We also have enabled staff to enroll their personal devices in order to install M365 apps (only the ones we can cover with App Protection Policies) on them. This has been very successful.

The most important parts are.
1. Enrollment Restrictions - Block users from enrolling Personal devices.

2. Comms and documentation showing them how to do it.

 

Obviously you have the policies to sort, but once in place your users will be able to Register their devices to use the apps you make available to them.
In both the 'Droid and iOS steps, the users will HAVE to Postpone enrollement. But when they do this, the apps you make available will be shown in the company portal.

For Android they need to install the Company Portal app. This acts as a Broker app and for iOS devices, they will have to install MS Authenticator & Company Portal, but there is no need to even open the Authenticator app as it will be their broker app.

 

Hope that helps.

1 Like
Reply