Our reliance on mobile devices has become indispensable, enabling us to stay connected and productive, even when we're away from the office. Whether you use your smartphone, tablet, or laptop, harnessing the power of these devices for work is a tremendous advantage. However, it's crucial to ensure that your device is securely integrated with your organization's systems, and that's where Microsoft Intune comes into play.
Enrolling Your Device with Microsoft Intune
Before you can fully utilize Microsoft 365 services on your mobile device, you may need to enroll it in Microsoft Intune using the Company Portal app. This step is essential for both employees who want to access work email, calendars, and documents securely and organizations that need to safeguard critical data and meet compliance requirements.
Once your organization's admin creates and deploys a mobile device management policy, every licensed Microsoft 365 user in your organization that the policy applies to will receive an enrollment message when they sign into Microsoft 365 from their mobile device. This message kickstarts the enrollment process, securing your device's connection to the corporate network.
What Information Can Your Organization See?
Privacy is a paramount concern for everyone, and Microsoft Intune respects that. When you enroll your device, your organization can access specific device information, such as the device model and serial number. However, it's important to understand what your organization can and cannot see:
Things Your Organization Can't See:
Calling and web browsing history
Email and text messages
Contacts
Calendar
Passwords
Pictures, including content in the photos app or camera roll
Files
Things Your Organization Can Always See:
Device owner
Device name
Device serial number
Device model
Device manufacturer
Operating system and version
Device IMEI
App inventory and app names
Additional Insights
Here are some other aspects of device management you might find useful:
Phone Number: Depending on your device type, your organization may have access to your phone number to facilitate communication or locate lost corporate-owned devices.
Device Storage Space: If you encounter issues with app installations, support may check your device's storage to identify any space-related problems.
Location: Your organization can only view the location of corporate-owned devices. This feature can be helpful for tracking lost devices.
Network Information: For Android devices, network information may be used to enforce specific location-based policies.
Managed Apps
An app is considered "managed" when it's installed via the Company Portal app or automatically pushed to your device by your organization. This ensures that the organization can monitor and manage these apps effectively, without compromising your personal data.
Enrolling Your Android Device
Enrolling your Android or iOS device in Microsoft Intune is a straightforward process:
Install the Intune Company Portal app from Google Play
Open the Intune Company Portal app and sign in with your work or school account.
On the Company Access Setup screen, review the tasks required to enroll your device. Then tap BEGIN.
On the privacy information screen, review the list of items that your organization can and can't see on your device. Then tap CONTINUE.
Review the Google terms for creating a work profile. Accept the terms to continue. The appearance of this screen varies based on OS version.
Review the Samsung Knox privacy policy. Select Agree to continue (This screen only appears if you're using a Samsung device)
Wait a few minutes while your work profile is set up. Then select Next.
On the Company Access Setup screen, confirm that the profile has been created. Then tap CONTINUE to proceed to the next enrollment task.
Wait while the app registers your device. When prompted to, sign in with your work account.
On the Company Access Setup screen, confirm that the work profile is active. Then tap CONTINUE to proceed to the next enrollment task.
In the Company Portal app, review the list of settings your organization requires. Update the settings on your device if necessary. Tap RESOLVE to open the setting on your device. After you're done updating settings, tap CONFIRM DEVICE SETTINGS.
When setup and enrollment are complete, you are sent back to the setup list, where you should see a green checkmark next to each enrollment task. Tap DONE.
Optionally, when prompted to view suggested work apps in Google Play, tap OPEN. If you're not ready to install apps, you can do it later by going to the Google Play app in your work profile.
You can also access available apps from the Company Portal menu > Get Apps. Install the apps you need for work or school.
Enrolling Your iOS/iPadOS device
Prerequisites:
Device running iOS 14.0 and later.
Maintain a Wi-Fi connection until all steps are complete.
Have access to Safari web browser on your device.
Install the Company Portal app from the App Store
Open the Company Portal app and sign in with your work or school account.
When prompted to receive Company Portal notifications, tap Allow. Company Portal uses notifications to alert you if, for example, your device settings need to be updated.
On the Set up access screen, select Begin.
The Select device and enrollment type screen appears and prompts for your device type.
Tap (Organization) owns this device if you received your device from your organization. Then skip to Secure entire device in this article to finish setup.
Tap I own this device if you're using a personal device that you brought from home. Then continue to the next step. If you don't see this screen, skip to Secure entire device to finish setup.
6. Choose how to protect the data on your device once it's enrolled.
Tap Secure entire device to secure all apps and data on the device. Then go to Secure entire device to finish setup.
Tap Secure work-related apps and data only to secure only the apps and data you access with your work account. Then go to Secure work-related apps and data.
Secure entire device
On the Device management and privacy screen, read through the list of device information your organization can and can't see. Then tap Continue.
Safari opens the Company Portal website on your device. When prompted to download the configuration profile, tap Allow. If you're on a device running:
iOS 12.2 and later: When the download is complete, tap Close. Then continue to step 3.
iOS 12.1 and earlier: When the download is complete, you are automatically redirected to the Settings app. Skip to step 4.
If you accidentally tap Ignore, refresh the page. You'll be prompted to open the Company Portal app. Once you're there, tap Download again.
Note: You must install the management profile as described in the next steps within 8 minutes of downloading it. If you don't, the profile will be removed and you'll have to restart enrollment.
3. When prompted to open Company Portal, tap Open. Read through the information on the How to install Management Profile screen.
4. Go to the Settings app and tap Enroll in < organization name > or Profile Downloaded.
If neither options appear, go to General and select the VPN & device management option to view installed profiles. If you still don't see the profile, try downloading it again.
5. Tap Install.
6. Enter your device password. Then tap Install.
7. The next screen is a standard system warning about device management. To continue with installation, tap Install. If you're prompted to trust remote management, tap Trust.
8. After installation is complete, tap Done. To verify that the profile was installed, go to your VPN and device management settings. You should see the profile listed under Mobile Device Management.
9. Return to the Company Portal app. Company Portal will begin to sync and set up your device. Company Portal might prompt you to update additional device settings. If it does, tap Continue.
10. You'll know that setup is complete when all items in the list show a green checkmark. Tap Done.
Secure work-related apps and data
The Download Microsoft Authenticator screen appears (if you already have Authenticator, you won't see this screen so skip to step 2).
Tap Download from App Store.
When the App Store opens, install the app.
Return to Company Portal and tap Continue.
After you install Microsoft Authenticator, you won't need to do anything else with the app. It just needs to be present on your device.
2. On the Device management and privacy screen, read through the list of device information your organization can and can't see. Then tap Continue.
3. Safari opens the Company Portal website on your device. When prompted to download the configuration profile, tap Allow. If you're on a device running:
iOS 12.2 and later: When the download is complete, tap Close. Then continue to step 4.
iOS 12.1 and earlier: When the download is complete, you are automatically redirected to the Settings app. Skip to step 5.
If you accidentally tap Ignore, refresh the page. You'll be prompted to open the Company Portal app. From the app, you can tap Download again.
4. When prompted to open Company Portal, tap Open. Read through the information on the How to install Management Profile screen.
5. Go to the Settings app and tap Enroll in < organization name > or Profile Downloaded.
If neither options appear, go to General and select the VPN & device management option to view installed profiles. If you still don't see the profile, try downloading it again.
6. On the User Enrollment screen, tap Enroll My iPhone.
Enter the device password. Then tap Install.
7. On the Sign in screen, enter the password for your managed Apple ID. In most cases, these credentials will be the same ones you use to sign in to your work or school account, unless your organization provided you with a different set of credentials.
8. Tap Sign in.
9. A success message will appear on the screen briefly after the profile is installed. To verify that the profile was installed, go to your VPN and device management settings. You should see the profile listed under Mobile Device Management.
10. Return to the Company Portal app. Company Portal will begin to sync and set up your device. Company Portal might prompt you to update additional device settings. If it does, tap Continue.
11. You'll know that setup is complete when all items in the list show a green checkmark. Tap Done.
Lost Your Phone or Tablet?
If your phone is lost or stolen, you can reset it to factory defaults to remove both your personal and work information from it. You can do this from a browser:
Open portal.manage.microsoft.com in your browser Sign in to your work account
Under My Devices click the lost or stolen device
Click Reset click Reset
Note: If you are unable to reset your lost or stolen device, contact IT to reset it for you
Security Steps IT can Take to Keep Your Data Safe
IT can take the following actions after you enroll your phone or tablet to make sure company information is secure:
Reset your phone to factory settings if it is lost or stolen.
Remove company-related files and apps (without removing your personal files or apps).
Require you to use a password or PIN.
Remotely reset the PIN or lock your phone or tablet if it is lost or stolen.
Make your phone or tablet compatible with our security standards, which helps you as well as the company.
Managing mobile devices securely is crucial in today's interconnected world. Microsoft Intune, coupled with the Company Portal app, empowers organizations and individuals to strike the right balance between productivity and privacy. By following the enrollment and security steps, you can confidently use your mobile devices for work while ensuring the safety of sensitive data.
To help you to have peace of mind knowing your business is secure, click here to schedule a Microsoft 365 Secure Score review with our experts today. We'll evaluate your current cybersecurity measures, identify potential vulnerabilities, and help you implement a strategic security plan to keep your company safe.
Comments