This article will explain how to enrol Single and Shared iOS devices onto NHSmail Intune.
The enrolment process consists of 2 phases:
- Phase 1 – This is completed by LAs and the steps are outlined in this article
- Phase 2 – This is completed by end users (or LAs on behalf of end users) once Phase 1 is successfully completed. Please see the Quick Start End User Guide for step-by-step instructions on how to do this.
1. Creating User Enrolment Profiles
Once the ABM link has been established, enrolment profiles can then be created. These enrolment profiles define the experience and settings applied to a group of devices during the enrolment phase.
1. Navigate to: Devices > Apple> iOS/iPadOS > iOS/iPadOS enrolment > Enrolment program tokens to connect your ABM instance to Intune.
4. Enter the relevant Profile Name.
2. User Enrolment Affinity Options
Intune provides two different enrolment methods for Apple devices. The key differences between the two options are highlighted as follows:
- Enrol with User Affinity:
- This option allows users to enrol using their Azure AD nhs.net credentials and is designed for a single user use case.
- Enrol Without User Affinity
- This option is shared/kiosk mode device mode and does not require the Company Portal app.
3. iOS Single User Device Enrolment
The following section details the steps to enrol devices with User Affinity.
1. Select Enrol with User Affinity for single user devices and ensure all details are completed as shown on the screenshot below, and then select Review + save.
2. Configure the Apple Setup Assistant.
3. Next, open the ABM Tenant and select ‘Devices’. Search for the devices you’d like to move.
4. Once device has been selected, click ‘Assign to the following MDM’ (your MDM token).
5. Once device has been assigned a completion notification should appear.
6. Once the device has been assigned to Intune this should update on the MDM servers Page in ABM.
7. Once you have confirmed that the device has updated (and is showing) on the MDM Servers page, open the Intune Enrolment Program Token page and Sync the devices.
8. Assign the devices to the profile you have created to complete the link
4. iOS Shared Devices Enrolment
The process for setting up ‘shared mode’ for iOS and iPadOS is similar to that of a user affinity profile. Whilst the same device enrolment process is followed, it is necessary to create a separate Enrolment Profile for Shared Devices.
The process below describes the steps required to enrol a shared iOS/iPadOS device via an Intune Enrolment profile:
1. Select the Enrol without User Affinity option, then enter your ‘<ODS>-SharedDevice-{{DEVICETYPE}}-{{SERIAL}}’
2. Please change Passcode, Apple ID, Touch ID, Apple Pay and Device to Migration to ‘Hide’; you can choose to disable more settings if required.
Please visit the IOS Enrolment and Management document for more details.
Last Reviewed Date | 14/03/2024 |