Intune: Manage non-DEP iOS devices via AC2 DEP enrolment

I often refer to DEP as “Autopilot for iPads”, and Autopilot as “DEP for Windows”. The Device Enrolment Program allows you to register your devices with Apple so that when they are reset and go through activation, any DEP-assigned configuration is enforced onto the device.

DEP (and Volume Purchasing Program) have since been rebranded into Apple School Manager (or Apple Business Manager), which I think is a good move by Apple as I find it a lot easier than having to remember the special VPP store URL whenever I want to get some new apps, and having to remember the DEP URL to alter any device assignments.

Assigning devices to DEP is something that traditionally the reseller/supplier needed to do – you’d give them your DEP ID when placing the order and put their reseller ID into your DEP portal, and the devices would appear – however you can now add other devices yourself using Apple Configurator 2. This is particularly useful for older devices that you didn’t get set up on DEP, or if someone else in the organisation has randomly purchased some devices without speaking to you first from a supplier you don’t have an existing relationship with. You’ll need a Mac computer to run this – I use a Mac Mini – and it’ll need to be a fairly recent version. In this post I’ll go through how to set up AC2 to add devices to DEP, and then get them in to Intune for management. I’ll be referring to Apple School Manager in this post but the steps for Apple Business Manager are the same.

Continue reading “Intune: Manage non-DEP iOS devices via AC2 DEP enrolment”

Intune: iOS Wireless Profile with embedded credentials

It’s something that isn’t recommended but sometimes there’s not really much you can do otherwise – we have a set of iPad minis which are shared between multiple pupils and at the moment they are on Meraki MDM, connected to the 8021X Enterprise wireless network using a username/password which is set via the MDM profile. I really want to move these devices to Intune but you can’t create a WiFi profile with embedded credentials on Intune – presumably this was never an option for obvious reasons.

The only other option I can see is to set up SCEP and have the devices issued with certificates, and then use those to authenticate, presumably I’d also need to enable device writeback so that the NPS server can see the devices in AD. Due to the way our AD is configured (single forest with lots of domains, synced to multiple Azure AD tenancies) device writeback is unsupported, so let’s look at embedding the credentials into Intune instead. Continue reading “Intune: iOS Wireless Profile with embedded credentials”