This article provides an overview of the ABM (Apple Business Manager) link and VPP (Volume Purchase Program) token connection that needs to occur with NHSmail Intune.
1. ABM Link Connection to NHSmail Intune
The ABM link is a connection between the ABM tenant and NHSmail Intune. All organisations onboarded onto the NHSmail Intune platform who wish to enrol iOS/iPadOS devices will need to ensure that their ABM is linked to NHSmail Intune to enrol devices.
1.1 ABM Link Prerequisites
The following are some of the key points to note before linking your ABM tenant to NHSmail Intune:
|Organisations wanting to enrol Apple devices (iOS iPhones and iPadOS iPads) will require those devices to exist in an Apple Business Manager (ABM) instance already.|
|Organisations will be required to associate their vendor management portals with Intune (e.g., connect ABM with NHSmail Intune)|
|When connecting your organisation’s ABM into NHSmail Intune, the Apple ID used to connect into Intune should have either the Administrator role or the Device Enrolment Manager (DEM) role assigned to it in ABM.
Note: Please do not have both roles assigned to the Apple ID being used to connect into Intune as this may cause a conflict.
|“Locations” terms and conditions should be accepted to enable deployment of applications.|
|Domain verification should be pre-configured (if required, Apple does enable the use of a default domain)|
|Management of Apple Business Manager (ABM) for iPads and iPhones is to be maintained by LAs (including Apple IDs).|
|The NHSmail Intune platform does not support the management of any Apple devices which are not enrolled into ABM.|
|When onboarding a Multi Org and you are adopting the Model 2 approach, LAs will need to configure multiple MDM servers within a single ABM tenant which allows the organisation to segregate the devices into “containers”.|
1.2 Request Support with the ABM Connection
LAs can connect their ABM into NHSmail without needing to request support, although it is recommended that LAs request a session with the Intune Live Service Team who will be able to assist with the connection and ensure that it is done correctly.
Please raise a service request via Helpdesk Self-Service if you would like support from the Intune Live Service Team with connecting your organisation’s ABM into NHSmail Intune. LAs should select ‘Onboard Apple Business Manager (ABM) for Apple Devices’, from the list of possible service requests to do this.
If you are happy to proceed with the ABM link into NHSmail Intune without support, you will need to follow the step-by-step instructions below and read all important notes to ensure that the connection is successful.
1.3 Steps to link your ABM into NHSmail Intune
Please follow the steps below if you wish to link your organisation’s ABM into NHSmail without assistance:
Once this has been completed successfully, you should be able to enrol your iOS/iPadOS devices.
2. VPP Token
Location tokens are volume purchase licences that were commonly known as Volume Purchase Program (VPP) tokens. Location tokens are used to assign and manage licences purchased using Apple Business Manager.
Content Managers can purchase and associate licences with location tokens they have permissions to in Apple Business Manager. These location tokens are then downloaded from Apple Business Manager and uploaded in Microsoft Intune. Microsoft Intune supports uploading multiple location tokens per tenant. Each token is valid for one year.
Microsoft Intune can help organisations manage apps purchased through the VPP program by:
- Synchronizing location tokens that are downloaded from Apple Business Manager.
- Tracking how many licences are available and have been used for purchased apps.
- Monitor app installs up to the number of licences you own.
2.1 Adding A New Location
2.2 VPP Token Connection to NHSmail Intune
This will be required to connect your ABM VPP licences into Intune. As part of the enrolment process users are required to have Company Portal VPP licences available.
a. The “Apple ID” can be the same Apple ID used to connect your ABM to Intune.
b. Export a VPP token file from ABM and import into Intune.
a. Take Control of token from another MDM = No
b. Country/Region = United Kingdom
c. Automatic Updates = Yes
d. Select the tick box to complete the connection process
Click on Apps and books > Search for Intune > Select Intune Company Portal > Select Licence quantity.
|Last Reviewed Date||11/08/2022|