Enrolling Personal iOS devices in Intune

Apple iOS personal devices that access organization e-mail, apps, and other data are called Bring-Your-Own-Devices or BYOD.  BYOD devices are administered by Intune with a "light touch".  Only University data and apps on these devices are being administered by Intune, and Intune has no access to personal apps and data to protect user's privacy. This separation is achieved through a "work partition." This work partition separates the work-related data and security settings from the personal data on the Intune-enrolled device. The work partition lives on a separate part of the device so that the user's personal data stay private and unaffected by work. 

Note:  If you have installed apps that access University of Windsor data, such as Outlook, OneDrive, Teams, etc., these apps must be uninstalled before enrolling your device, and re-installed after enrolling so the app and data will be placed in the work partition.  

To enroll your personal Apple iOS device in Intune, follow the steps outlined below:

  1. Download the Intune Company Portal app from the App Store.
  2. Sign in with your UWindsor account. If you have the Microsoft Authenticator app installed, it will list your UWindsor account automatically.
  3. On the "Set up access" screen, click Begin.
  4. On the "Select Device and enrollment type" screen, select I own this device and Secure work-related apps and data only.
  5. On the "Device Management and Privacy" screen, review the list of device information that can be seen by the organization.
  6. The download Microsoft Authenticator screen appears, if you already have Authenticator, you won't see this screen. Skip to step #9.
  7. Tap download from App Store, when the App Store opens, install the app.  Return to Company Portal and hit continue.
  8. After you install Microsoft Authenticator, you won't need to do anything else with the app, however we recommend you use it for multifactor authentication.  See (KBA #) for more information.
  9. On the "Device Management and Privacy" screen, read through the list of device information the organization can and can't see, then tap Continue.
  10. Safari opens the Company Portal website. When prompted to download the configuration profile, tap Allow.

    The next steps will differ depending on your iOS version. Follow the steps for your iOS version.

    a. iOS 12.2 and later:  When the download is complete, tap Close, then continue to step 11.
    b. iOS 12.1 and earlier: When the download is complete, you are automatically redirected to the Settings app. Skip to step 12.

  11. When prompted to open the Company Portal app, tap Open. Read through the information on the "How to install management profile" screen.
  12. Go to the Settings app, tap in Enroll in University of Windsor or Profile Downloaded - if neither option appears, go to General and select the VPN & Device Management option to view installed profiles. If you still don't see the profile, try downloading it again.
  13. On the "User Enrollment" screen, tap Enroll my iPhone/iPad.
  14. Enter the device password, then tap Install.
  15. On the sign-in screen, enter your credentials and tap Sign In.
  16. A success message will appear on the screen briefly. 
  17. Return to the Company Portal app. Company Portal will begin to sync and set up your device. Company Portal might prompt you to update additional device settings. If it does, tap Continue.
  18. You'll know that the setup is complete when all items in the list show a green checkmark. Tap Done.


Article ID: 151335
Wed 11/8/23 4:14 PM
Thu 12/21/23 8:41 AM

Related Articles (2)

In order for the Apple iOS smartphone or tablet (iPhone/iPad) to be deemed as compliant, it must meet a number of requirements. Non-compliant devices will not be able to access most of University systems and data.
The article walks users through enrolling a University iOS device with Intune.