Office 365 MDM Enrollment ProcessAlex Fields
I added an account named “clouduser1” for the purposes of this demo. Before enabling MDM for this user, I added the email account to my iPhone.
The reason I did this is so that we can see the enrollment process for a user who may have previously configured their device for company Email. You can also just skip right to the app store and download the Microsoft Intune Company Portal app to get started with the process straight away.
Follow along with the images below to see what the process looks like–it is fairly painless, if a little long (can’t we reduce the number of screens we have to step through here, Microsoft?)!
First, I opened my email and found this little message waiting for me, so I tapped on Get started now.
Following the link, I was able to download the app from the store.
After it was installed, I opened it up, and signed into the account.
Then I was able to step through several screens, starting with Begin.
After that it seems like you just need to tap on Continue, Enroll, or similar a bunch of times.
I thought I already said Install!
Oops! Just kidding–not done. Open.
Oh, that was just the first of these. Continue.
Ah-ha! This next step would not be necessary, except that the Email account already existed on the phone. It seems that some of the MDM policies can only be applied when the Email is first added? In any case, it explains here that you have to go into your phone’s settings and remove the Email account before continuing.
Check Compliance once you’ve done that, and you should be able to Continue.
Oh yeah, except that you’ll still need to enter your Email password the first time you open your Email application.
Okay, that’s everything. You are now Mobile Device MANAGED, Mr. iPhone.
In my opinion, this is a ridiculously cumbersome process, so you’ll want to be deliberate about rolling it out to people. Also, note that a full MDM (Intune) may have enough carrots included to warrant this kind of thing, but the default MDM features “included” with Office 365 plans may not be worth it, and you could be better off with a simple EAS policy, instead.