Intune: iOS Wireless Profile with embedded credentials

It’s something that isn’t recommended but sometimes there’s not really much you can do otherwise – we have a set of iPad minis which are shared between multiple pupils and at the moment they are on Meraki MDM, connected to the 8021X Enterprise wireless network using a username/password which is set via the MDM profile. I really want to move these devices to Intune but you can’t create a WiFi profile with embedded credentials on Intune – presumably this was never an option for obvious reasons.

The only other option I can see is to set up SCEP and have the devices issued with certificates, and then use those to authenticate, presumably I’d also need to enable device writeback so that the NPS server can see the devices in AD. Due to the way our AD is configured (single forest with lots of domains, synced to multiple Azure AD tenancies) device writeback is unsupported, so let’s look at embedding the credentials into Intune instead. Continue reading “Intune: iOS Wireless Profile with embedded credentials”

Intune Part 2 – Autopilot/Win10 – Applications

Today I’m going to look at deploying applications to devices managed by Intune. Back in part 1 I looked at enrolling devices, setting up Autopilot, some basic configuration policies and also created a few Azure AD groups containing the devices.

There’s quite a lot of different application types in Intune, covering iOS, Android and Windows devices. As this series is focussed on Windows I’m not going to look at the iOS or Android ones at this time.

This post will go through the steps for installing/deploying the following:

  • Microsoft 365 Apps – Hassle free Office 365 deployment,
  • Microsoft Store Apps – primarily Store for Business/Education apps, including linking Intune to the Store for Business/Education,  but you can also deploy without setting up the Business/Education store.
  • Web Apps – essentially shortcuts to a website
  • Windows Applications (Win32) – your traditional Windows apps which come with a setup.exe or setup.msi.

Continue reading “Intune Part 2 – Autopilot/Win10 – Applications”

Intune Part 1 – Autopilot/Win10

Once the user has put their credentials in they’ll see this screen while all the profiles and apps you’ve configured set themselves up. Neat.

As we plan to move towards 1:1 mobile device deployment I decided to take a look at how this would actually work – I don’t want to be unboxing devices and having my team run each one through an OS Deploy task sequence. Pretty much all our services have moved to the cloud (“My Documents” are in OneDrive, “Shared drives” are in Teams) I thought it’d be a good idea to look at Intune and Autopilot, with the devices being Azure AD domain joined, rather than local AD or hybrid. In this post I’ll go through what I’ve done and how far I’ve got things set up.

As a pre-requisite you’ll need to have either a fully cloud based domain, or have set up AzureAD Connect to sync your user accounts. On our network we have AADConnect syncing the user accounts and ADFS for authentication, with password writeback enabled to support self-service password reset.

My aim here is to be able to hand the sealed box to the end user, for them to unwrap, power up and configure without any intervention from us.

The Intune admin centre can be accessed through the Azure portal, or directly at https://endpoint.microsoft.com/ Continue reading “Intune Part 1 – Autopilot/Win10”