Manage mobile devices using SCCM and Microsoft Intune

System Center Configuration Manager 2012 device management enables mobile device management the same way that manages desktop computers. As SCCM 2012 moved towards user centric, configuration manager and Microsoft Intune provides complete device management capabilities for mobile devices, tablets, laptops and most of the smartphones. This new MDM technology provides access to the users to the company resources on their devices in a secure and managed way with a single sign on.

When ConfigMgr integrated with Intune, we have the following management capabilities on devices from SCCM console:
     • Retire and wipe devices
     • Configure compliance settings such as  passwords, security, roaming, encryption, and
        wireless communication
     • Deploy line of business apps to devices
     • Deploy apps to devices that connect to
       Windows Store, Windows Phone Store, App Store, or   Google Play
     • Collect hardware inventory
     • Collect software inventory by using built-in    reports

For this lab I have used SCCM 2012 R2 SP1, iPhone 5/6 and iPad2
If you have already configured Windows Intune or at least tried to configure Intune in SCCM environment previously, you need to cleanup some stuff before start re-configuring. Otherwise, you won’t be able to enroll the mobile devices in SCCM.

If you have already configured Intune or at least tried to configure Intune in SCCM environment previously, you need to cleanup some stuff before start re-configuring. Otherwise, you won’t be able to enroll the mobile devices in SCCM.
So before start installing,
     - Install all applicable updates to the server OS on the site server and also Config Mgr CU’s
     - Uninstall and delete all the folders related to any old DirSync tool
     - Search and Delete all the registry entries related to any old DirSync tool
     - Delete existing Microsoft Intune Subscriptions from SCCM Console.
        Note: This will also delete Windows Intune Site server role from SCCM
     - Revoke APN certificates for your public domain
     - If possible signup for a new Windows Intune subscription
     - Restart the SCCM server before you start, so we can prevent get any unknown issue

Before you start the configuration process;
     - Signup for Windows Intune subscription
     - Signup or use an existing Apple ID for APN registration and certificate generation
     - Create an account with domain admin account to change the AD accounts UPN suffix
     - Create an account with SCCM admin to integrate and configure Intune connector with SCCM
     - Required an iOS device to test

I have divided the whole process into multiple parts in an order as below;
  Part 1: Intune signup and setup in Intune console
  Part 2: Configure AD with public domainUPN Suffix
  Part 3: Create User collection and AD Security group 
  Part 4: Intune integration with SCCM
  Part 5: Sync On-Premises AD to Intune portal
  Part 6: Mobile device management using Intune and SCCM
  Part 7: Troubleshooting