Initial situation
Our client like many others allows its users to use iMac and iPad for daily tasks. All types of application installation or changes must be done manually on each device. This individual management poses a problem in terms of time, tracking and security.
Goal
The client's objectives were to be able to access enterprise applications and data, secure access to their devices, distribute different applications and OS versions, and have an inventory of their devices.
Concept
We have set up Microsoft Azure, Microsoft Endpoint Manager (Intune), and Apple Business Manager.
Apple Business Manager is a service provided by Apple that enables you to deploy Apple devices and applications in your organization. By leveraging Apple Business Manager (ABM), you can automatically enroll devices in Microsoft Endpoint Manager (Intune) using Automated Device Enrollment (ADE). In other words, it provides similar functionality to that provided by Windows Autopilot for enrolling devices Windows.
We have integrated Apple Business Manager (ABM) with Azure Active DirectoryWe have integrated Apple Business Manager (ABM) with Azure AD to authenticate to ABM using an account. We also set up the synchronization of Azure AD accounts with ABM, which will be managed Apple IDs from then on.
This is a first step to fully integrate ABM with Microsoft Endpoint Manager/Intune, so that we can perform automatic enrollment of macOS/iOS/iPadOS devices.
Here is a Macroscopic view of the integration of the different components for this project
Preparation
-
- D-U-N-S number
- Checking the contacts
- Creation of various accounts
Enrollment
ABM configuration
-
- Checking the domain
- Configure and enable federation between Azure and Apple
- Authentication test
Configuration of the synchronization between Azure AD and ABM
Result
- Automated Device Registration (ADR):
The customer can easily enroll a large number of Apple devices (iPhone, iPad, MacBook, etc.) without the IT administrator ever touching the devices. When the organization orders Apple devices from a participating reseller (or Apple itself or a mobile operator), the devices can be immediately added to ABM by the reseller. When a connection is created between Microsoft Intune and ABM, the IT administrator can synchronize these devices automatically and assign an enrollment profile to these devices. This allows the organization to order these Apple devices and simply ship them directly to users. When these devices arrive to users, they can simply turn on their device and the out-of-the-box experience will guide them through the enrollment process.
- Supervision:
The customer now has a global view of all his Apple devices. The management and supervision of devices, users, applications and configuration is now done centrally
- Volume Purchase Program (VPP):
The customer now has the ability to purchase multiple licenses for an application to be used on Apple devices (iPhone, iPad, MacBook, etc.). Application purchase information can be synchronized with Microsoft Intune, which will help track usage. This helps to effectively manage apps within the organization and control app spending.
- Managed Apple ID:
Managed Apple IDs are similar to Apple IDs, except that they are owned and managed by the customer. With ABM, an organization can create and manage these accounts on a large scale for users requiring administrative access to ABM. It eliminates the need for personal accounts for work and creates credentials in bulk.
We share your challenges, we accompany your changes
If you have a question or a suggestion, we are at your disposal to answer it by email or by phone.
Sign up
Receive notifications about our latest projects
*Only professional emails can be subscribed to this newsletter