SETTING UP APPLE BUSINESS MANAGER – PART 3


In the last post in the series, I showed you how to create the Apple Push Certificate required for device management in Intune.

In this part I will focus on the Apple enrolment token. Before you can enroll iOS/iPadOS devices via ABM, you need an Automated Device Enrollment (ADE) token. This token lets Intune sync information about your automatically enrolled devices. It also allows Intune to upload enrollment profiles to Apple, and to assign devices to those profiles. This token will need to be renewed once a year.

Login to MEM admin center and go to Devices\iOS/iPadOS\iOS/iPadOS enrollment. Click Enrollment program tokens.

Click Add to start the process

Check the I agree checkbox. This will light up the Download your public key link. Click the link to download a .pem file.

Since we are using the ABM, click the link to Create a token via Apple Business Manager.

In ABM, click Settings\Device Management Settings and then the Add MDM server button.

Enter a MDM Server Name and ensure the Allow this MDM Server to release devices checkbox is ticked.

Click the Choose File… button and upload the .pem file. Click Save.

You’ll be informed that download a new server token will reset any existing tokens. This is OK since we are creating a new token so click the Download Server Token button. The token will be in .p7m format.

Go back to the Add enrollment program token blade in Intune and enter the Apple ID used to create the token and upload the Apple token. Click the Next button.

Click through the wizard to create and the token will show up with a status of Active in the console.

Now click on the token itself – so I click on the SCCM Solutions Intune Server token. We need to create an enrolment profile which will be pushed to the device when it automatically enrols. We are going to come back to this in the next blog post as we are going to create a Volume Purchase Programme token, which we will use in this profile.

Look out for part 4 coming very soon.

2 comments

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s