In an earlier blog post, I discussed the different types of enrollment options for iOS/iPadOS devices in Intune. If you haven't seen that post, I suggest reading it to get a clearer understanding of Different types of iOS/iPadOS Enrollment In Intune. This blog aims to explain how to set up Device enrollment using the company portal enrollment type and what the user experience is like.
I have authored a blog that details Web-Based Device Enrollment where both enrollment types are nearly identical, differing only in the enrollment method. For this type of enrollment, users must download the company portal app from the iOS/iPadOS store before beginning the process.
This is the standard BYOD enrollment, offering extensive management options for the admin to oversee the device by implementing device restrictions, compliance policies, and management features. There is no separation of user data and corporate data; both types of data are stored in the same location or container.
If there are no enrollment type set then iOS/iPadOS device use this type of enrollment as defaultTable Of Content
Prerequisites for Device enrollment with Company Portal.
Devices with iOS/iPadOS version 4.0 and above.
Steps to ConfigureDevice Enrollment with Company Portal Enrollment Type.
Step 1: Log in to Microsoft Intune admin center https://intune.microsoft.com navigate to Devices and select iOS/iPadOS
Step 2: Select iOS/iPadOS enrollment and select enrollment types.
Step 3: Tap on Create Profile and select iOS/iPadOS to create an enrollment-type profile.
Step 4: Enter the name for the enrollment type as required and the description if needed ( for demonstration purposes I had only entered a name for the profile as it is mandatory ) and tap on Next to continue
Step 5: Select Device enrollment with the Company portal and tap Next
Step 6: Select a group or all users as required, in this example, I will be using a group, tap Select to add the group or users and tap Next to continue
Step 7: Verify the settings and select Create to complete the profile creation.
Now the Enrollment Type profile is created.
Let's take a look at end-user experiences.
Step 1: Download the Company Portal app from the App Store, open the app, and tap on Sign in
this will open the sign-in page enter your work account and password and complete MFA if required
Step 2: In the company portal tap on OK and tap Allow to enable notification and start Begin to continue the enrollment process.
Step 3: Navigate to the Settings app select Profile Download, tap Install on the install profile, input your device passcode tap on Done, and tap Install on the next two options tap on Trust to start profile installation, and tap Done once the profile installation completed.
Step 4: Tap on Continue to resume the enrollment process once completed device will check for all configurations and compliance check
To check the status of the profile installation, go to General, select VPN & Device Management, and tap on Management Profile.
On the administrative side, the admin has control over the entire device, enabling remote commands such as Wipe and retire. This kind of enrollment allows for the wiping of personal devices (which may pose a potential risk), but it is up to the organization to determine how the device and data should be managed.
How to Remove the Management Profile
Users can remove the management profile by tapping the Remove Management Option, the user needs to provide the device passcode tap on Done, and tap on Remove all the applications and data associated which is almost the Retire option.
Users can even initiate the retirement of their respective device by tapping the Remove Device option from the Device menu in the Company Portal App
Conclusion
In summary, the Company Portal enrollment option for iOS/iPadOS devices in Intune offers a strong and versatile solution for BYOD situations. Although it necessitates users downloading the Company Portal app from the iOS/iPadOS store, it provides administrators with significant control over device management, such as enforcing device restrictions, compliance policies, and other management features. However, it's crucial to recognize that this enrollment does not distinguish between user and corporate data, resulting in both being stored together. Grasping these essential points can assist admins in managing devices efficiently while ensuring a seamless user experience.