Enrolling Windows Phone into Config Manager/Intune
System Center Configuration Manager 2012 gives us the ability to manage mobile devices(phones, tablets, laptops) over the internet via integrating with Microsoft Intune. This is extremely useful for IT administrators to manage mobile users’ devices. Gone are the days where one person uses just one device; we now have smartphones & tablets that need to be managed in the same way as desktops and laptops. Integrating Configuration Manager 2012 with Intune gives us the ability to deploy applications, compliance settings, view reports, view hardware inventory, and much more, all over the internet.
This post will go over how to enroll Windows Phone 8.1 into a Config Manager/Intune hybrid scenario. The general process for enrollment is very similar to enrolling in an Intune standalone model.
Before we enroll our Windows Phone 8.1 device into Intune, we will need to complete a few prerequisites.
1. The first thing we will need to do within the Configuration Manager console is create & deploy the Company Portal app. This is the app that end users will access on the device to then be able to install apps which have been deployed by their IT staff.
The required ‘.xap’ file for the Company Portal app can be found at Windows Intune Company Portal for Windows Phone - https://www.microsoft.com/en-us/download/details.aspx?id=36060
The process for creating & deploying any mobile application is more or less the same as deploying an application for on-prem devices.
Choose the ‘Windows Phone app package (*.xap)’ application type * browse to the location of the company portal xap file
NOTE: ‘.xap’ is the file type for all Windows Phone app packages
2. Type ‘Company Portal’ for the app name. All other values can stay default. Add a category if necessary. In my lab, I have a category named ‘Mobile – Windows Phone’.
3. Finish through the rest of the app creation
4. Once the app is created, we can go ahead and deploy it to our Intune user collection. Right click on Company Portal – Deploy. On the General page, choose the appropriate collections which holds the users have access to Intune(basically, users who have Intune licenses). On the Content page, choose the ‘manage.microsoft.com’ cloud distribution point.
NOTE: The ‘manage.microsoft.com’ distribution point is NOT the same as the ‘Cloud Distribution Point’ option within ConfigMgr. The ‘manage.microsoft.com’ distribution point is specific to Intune, and all mobile apps should be distributed specifically to it.
5. Continue through the rest of the app deploy wizard.
The last thing we will want to do before enabling enrollment of Windows Phone is to add it as an operating system within our Intune subscription.
6. In the ConfigMgr console, navigate to Administration – Cloud Services – Windows Intune Subscriptions. Right click the subscription & hit Properties. If you have not yet created an Intune subscription, you can go ahead and create one now (should be an option in the top left of the console). Click the Windows Phone tab, and check the box for ‘Enable Windows Phone enrollment.’ In the .pfx file section, browse to the location of the Symantec cert for Windows Phone.
Note that you will need to purchase this cert if you don’t already have it. An alternative to purchasing the cert is to use the ‘Support Tool for Windows Intune Trial Management of Window Phone,’ which can be found here -https://www.microsoft.com/en-us/download/details.aspx?id=39079. The download site will go through the install steps to help you get started with managing Windows Phone 8 with Intune. The tool will allow you to enroll and deploy a few sample apps to Windows Phone
Lastly, browse to the Company Portal app which we created earlier
All prereqs are done! Now we can go ahead and enroll the device
Here is our Windows Phone 8.1 device –
7. Enrollment of WP8.1 can be done via WP8.1 Settings. Navigate to Settings – Workplace. Click on Workplace & hit ‘Add an Account’
8. Type in a username of a user who has access to your Intune environment. When you hit ‘Sign In’, you will see a text across the top of the screen saying ‘We’re looking for your settings….’
Once authentication is successful, you’ll see a text across the top of the screen saying ‘and we’ve found them!’ This verifies that the device has found the Intune subscription.
9. The next page will display your company’s Intune sign in page. Sign in with a user who has access to Intune
10. If the sign in in successful, you will be directed to the Account Added page. On this page, you will want to keep the box for ‘Install company app’ checked. This will install the Company Portal app that we created earlier.
11. Hit Done, and you will see your company’s subscription listed.
The next thing we want to do is verify that the Company Portal application was installed successfully
12. Check the list of apps on the device, and you should see Company Portal listed there. (it may take a minute or two after the device is enrolled for Company Portal to show up)
Now, let’s open up the Company Portal app
13. On the first page, you will see a list of apps that have been deployed to the device. This could be either custom applications deployed by your IT staff, or links to applications in the Windows Phone store.
Scroll to the next page & you will see a list of all devices the current user has enrolled into Intune
On the next page, you will see the IT staff contact info(if this information was included during the Intune subscription setup)
We can also verify successful enrollment within the Config Manager console
14. Navigate to Assets & Compliance – Devices. Here, you will see the WP8.1 which was enrolled
Also, similar to any other device, we can get hadware inventory information from movile devices. Right click on the Windows Phone device, Start – Resource Explorer
Click on Hardware
Under Device Information, you will see details regarding this specific device. In this example, I enrolled a Lumia 520 phone.
Here is a collection which you can use in your ConfigMgr environment which will query all Windows Phones (both 8 & 8.1)
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.OperatingSystemNameandVersion like "%Windows Phone%"
And there you go – the device has been successfully enrolled! Now you can deploy apps, compliance settings, email profiles, view reports, etc for this user/device.
Teju Shyamsundar
Premier Field Engineer @ Microsoft