Managing Apple Devices in the Enterprise (2024)

A general introduction to the course and the instructor.

This lesson is a brief overview of the course, the key topics, and the structure.

To be successful in this course, students will need access to Apple Business Manager and Microsoft Intune Plan 1.  This lesson briefly covers how to get started with both.

This lesson provides students with a high-level introduction to mobile device management concepts.

In this lesson, students learn specifically about Apple's MDM Framework, the technology built into every Apple operating system that enables device management.

Declarative Device Management is a next-generation form of MDM.  This lesson provides a brief overview of this new specification and how it differs from the Apple Push Notification model it replaces.

In this lesson, students learn about the different device ownership models and how ownership impacts the various functions and features available for device management.

This lesson introduces students to the various ways that devices can be enrolled in mobile device management.

This lecture introduces students to Apple Business Manager.  Students are encouraged to sign-up for this solution if their company doesn't already have access to this service.

This lesson introduces students to Managed Apple IDs and how they differ from traditional Apple IDs.

This lesson provides students with an overview of the Apple Business Manager interface, touches on organizational setup options, and covers the basics for manually creating accounts, groups, and locations.

In this lesson, we demonstrate how to generate an Apple Push Notification certificate and configure Microsoft Intune for the APN service.

In this lesson we demonstrate how to create a new Intune MDM Server in Apple Business Manager and then connect it to the DEP service in Microsoft Intune.

In this lesson we configure our connection between Apple Business Manager and Microsoft Entra ID to enable Federation.

In this lesson students learn how to enable Federation for creating Managed Apple IDs at your custom domain, resolve AppleID conflicts, and enable Directory Sync.

In this lesson we discuss device assignment for Automated Device Enrollment and demonstrate how to automatically onboard newly purchased devices into Apple Business Manager.

In this lesson we demonstrate how to manually add a device to Apple Business Manager when it was not purchased from Apple directly or through an authorized third-party reseller.

In this lesson students learn how to redeem apps and books using Apple Business Manager in preparation for Managed Distribution later in the course.

In this lesson we demonstrate how to apply restrictions to Apple Services for your Managed Apple IDs including how to control access to iCloud Drive, Messages, FaceTime, and more.

In this lecture we cover the general best practices for planning a phased rollout of device management with Microsoft Intune.

In this lesson, students are introduced to the concept of User Affinity and how they align with various deployment methods and models.

This lecture briefly reviews the licensing structure and associated costs for Microsoft Intune.

This lecture introduces students to the Mobile App Management (MAM) solution within Microsoft Intune.

In this demonstration, students will learn how to navigate the Intune Admin Center.

In this demonstration, students learn how to configure an enrollment profile for User Enrollment and then step through the User Enrollment onboarding process on a personal iPhone.

This demonstration introduces students to the process of adding an iPad to Intune using the Direct Device Enrollment method.  Enrollment Profile priority is also briefly discussed.

In this demonstration, students are introduced to Automated Device Enrollment.  Using a MacBook Air, we step through the customized Setup Assistant process.

This lesson briefly demonstrates how to create a security group in Microsoft Intune for managing assigned devices by user.

Devices that are company owned, specifically those without User Affinity, may need to be assigned to device groups for device management.  This lesson briefly shows how to create a security group for devices and how to add a managed, supervised device to the new group.

In this lecture, students are introduced to Managed Distribution, the method for purchasing and assigning Apps and Books licenses to devices or users.

In this demonstration, students step through the final integration between Apple Business Manager and Microsoft Intune -- Apps and Books (VPP).

In this lesson, students learn how to customize and configure the Company Portal for their organization.  Customizations include themes, contact info, app availability, and more.

In this demonstration, students will learn how to configure a built-in Microsoft 365 app to appear in Company Portal as an optional install for end-users.

In this lesson, students will learn how to add multiple Apps to Company Portal with the intent set to available so end-users can install company Apps in a self-service manner.

In this lesson we introduce students to App Configuration policies and apply a biometric requirement as an additional layer of security for signing into Outlook on the iPhone.

In this lesson students learn the entire managed distribution pipeline from purchasing an App via Apple Business Manager through assigning it to a device group in Intune, installing it, and finally how to revoke the license for re-use by another device.

In this lecture, students are introduced to issues around conflicting app intents based on user and device assignment groups.

In this demonstration, students will learn how to import and deploy an Ad-Hoc line of business app to company owned iPads outside of the App Store.

In this demonstration students are introduced to 'packaging' a custom application for macOS.

In this lesson students will create a custom shell script that installs the Company Portal application for macOS.

In this lecture, students are introduced to configuration profiles for device management.

In this demonstration, students will configure a basic passcode policy and then deploy it to all managed devices.

This demonstration briefly discusses the topic of Scope Tags and how they are created and applied to objects in Microsoft Intune.

In this lesson we demonstrate the expected behavior when two different configuration profiles attempt to set the same payload setting.

This lesson demonstrates how to determine which payloads will apply to which devices based on how the device was enrolled and if it is supervised or not.

In this lesson students explore using policy sets.  We demonstrate how to create them and why you would want to use these.

This lesson briefly covers policy filters.  Students are introduced to filters and are shown how to create them, how to apply them, and the use cases for them.

In this lesson we download a custom *.mobileconfig profile from Microsoft's GitHub repo and import it into Microsoft Intune.

This lecture addresses at a high level, some of the configuration considerations that organizations may need to address to fully support Apple devices and services on enterprise networks.

This lecture discusses TCP and UDP ports used by Apple devices and services for firewall configuration on corporate networks.

This lecture details the various enterprise network authentication and encryption protocols supported on Apple devices.

This lesson demonstrates how to configure an enterprise Wi-Fi payload for your organization.

In this lecture, students are introduced to the Content Caching service available for configuration in macOS.

In this demonstration, students learn how to convert a Mac into a caching appliance and maintain it using data collected through Activity Monitor.

This lecture introduces students to the various built-in security features of Apple platforms.

In this lecture, we briefly touch on the key aspects of a solid endpoint enterprise security strategy.

This lecture briefly explains the Microsoft Zero Trust security model.

In this lecture students learn about SIP (System Integrity Protection) in macOS.

In this lesson, students become familiar with the security settings available in the Mac OS Recovery environment.

In this lecture, students are introduced to Gatekeeper and XProtect.

This lecture introduces students to the concepts of Device Ownership and FileVault.  Secure Tokens, Bootstrap Tokens, and Recovery Keys are also discussed.

In this lesson we demonstrate how to configure FileVault disk encryption using a managed/supervised Mac with Intune.

This lecture briefly covers the structure and purpose of digital certificates and how they can be used in MDM deployments.

In this demonstration, students learn how to configure a profile payload that delivers a digital certificate.

In this lecture, students learn about Apple's approach to Software Upgrades and Updates and how these can be managed using an MDM like Intune.

In this demonstration students will learn how to configure both iOS and macOS Software Update behavior on managed/supervised devices using Intune.

This lesson briefly discusses the practice of binding a Mac to an on premises Active Directory domain for authentication.

In this demonstration students learn how to configure a Network Server for authentication to an on premises Active Directory Domain.

In this demonstration we configure the enterprise SSO plug-in for macOS to allow applications like Safari to use single-sign-on through our Entra ID credentials.

In this demonstration students are introduced to the brand new Platform SSO for Microsoft Intune.  We apply this configuration to a Mac that has already been signed into using a local account, merge that local account with your Entra ID credentials, and configure SSO from the login window.

In this lecture we kick off the most exciting part of the course -- class projects.  Students will prepare to complete six specific projects that touch on the most common types of Apple device deployment.

In this lesson students learn about the first project, the scenario and configuration goals to complete the project.

In this lesson, students will create a security group for the mobile app management project pilot users.

In this lesson students create the required app protection policy to enable mobile app management for BYOD to the project's security specifications.

In this demonstration we test our configuration on an employee owned iPhone to see if the protection policy we created meets the requirements of the project.

This lesson introduces students to the configuration goals for project two - user enrollment using the account driven enrollment type.

In this lesson, students create a pilot group for the BYOD users participating in testing for project two.

In this lesson students learn how to configure the enrollment profile and the required json file for enabling account driven user enrollment.

In this lesson students revisit the setup of Federation and Directory Sync via Apple Business Manager as a requirement for Account Driven User Enrollment.

In this lesson, students update the MAM protection policy from project one to also apply to BYOD enrolled devices for project two.

In this lesson students configure built-in apps for automatic and optional deployment to managed devices enrolled with User Affinity.

In this lesson students configure a VPN payload for their organization.

In this lesson students create and assign passcode policies for the BYOD group.

In this lesson, students will create a BYOD policy set containing all of our configurations and apps.  Then they will apply that to our BYOD group.

In this lesson we test our configuration of Account Driven User Enrollment to ensure that we meet all of the requirements for project two.

In this lesson we address two issues with our setup.  User enrollment limitations for passcode policy and the Company Portal app.

Updated - a better/easier way to manage Apps on employee owned, account driven user enrolled devices.