How To Manually add iPhones/iPads to Apple Business Manager/School Manager for Intune (Step-by-Step)
Updated: Sep 6, 2022
Apple Business Manager (ABM) and Apple School Manager (ASM) are the required components for organizations to manage and bulk enroll corporately owned iOS/iPadOS devices. The struggle, however, is when devices are purchased outside of a bulk purchase agreement or are otherwise not present in ABM/ASM.
The process to sync devices from ABM/ASM into Intune is fairly straight forward, but first, devices must be present in ABM/ASM. If you've purchased your devices from Apple, or from an authorized retailer, you can add your customer number to have the devices automatically associated with ABM/ASM.
However, what happens if you'd like to have old devices or devices not purchased from a retailer that you can remember? For this, you’ll need to manually add the devices into ABM/ASM through a two-step process:
Create and deploy a configuration using Apple Configurator
Migrate the device from Configurator MDM to Intune.
To do this, you need to have:
Mac device running Apple Configurator 2
Intune Administrator Access
Apple Business Manager/Apple School Manager Administrator or Device Administrator Access.
Physical access to the iOS/iPadOS device you want to enroll (we're using an iPhone for this)
Apple Enrollment program tokens already setup (if not, just set this up to link your ABM/ASM to Intune before you start)
1. Create a csv with a list of all the iPhones you want to import in the format of:
[serial number],[description] and save the file somewhere you can find.
The description field is just a free form text field that can include the device model and specs. This field will eventually show up in Intune under “Details” when imported, so make it descriptive.
2. Open Intune and navigate to Devices > Enroll devices > Apple enrollment and select Apple Configurator. Note that you should already have your Apple MDM Push certificate configured.
3. Under Profiles, if you do not already have a profile assigned, click on Create to add a new one. It doesn’t matter what options you select here as you create the profile since we will not be using Apple Configurator to actually enroll the devices.
4. Under Devices, click on Add. A new blade will open up. Select the CSV file you created in step 1. If this file is not formatted correctly, Intune will provide a warning. Correct any formatting error and click on Add.
5. Once the devices are imported, they should’ve all been assigned to the Enrollment profile you selected in step 4. If not, just manually assign them.
6. Navigate to Devices > Enroll devices > Apple Configuration > Profiles and click on the enrollment profile. You should be taken to a new page that provides details on the profile.
7. Click on Export Profile
8. A new blade will open. Copy and save the Profile URL as a text file somewhere accessible from the Mac running Apple Configurator 2. It can be a USB key, or in your OneDrive. You will need this information later.
Note: you have to copy this URL as-is since the URL is specific to the devices you’re authorizing.
Prepare the Device
9. On the Mac running Apple Configurator 2, go to File > New Profile
10. Scroll down to Wi-Fi and configure the Wi-Fi setting for the device and save it somewhere accessible, like the Desktop. The file will be saved as a *.mobileconfig file.
The Wi-Fi profile is needed so your device can connect to the internet when it boots back up so do make sure this is a Wi-Fi network you have access to.
11. On the iPhone you want to import into ABM, make sure to:
erase all Content and Settings
that it is not linked to an Apple ID and
it's sitting at the Hello screen.
If it isn’t, do that now.
12. Once your iPhone is back at the Hello screen, plug it into the Mac running Apple Configurator 2 with a USB cable. You should see the device available in Apple Configurator.
Select the device and click on Prepare.
13. Select Manual Configuration, make sure “Add to Apple School Manager or Apple Business Manager” is checked. This will add the device to ABM/ASM which is what we want.
Also make sure that “Activate and complete enrollment” is unchecked since we don’t want to actually enroll the device via Apple Configurator.
14. If this is the first time you’ve done this, you’ll see the option for “New Server”. Leave it as is and click on Next.
15. On the “Define an MDM Server” screen, provide a name for your MDM Server. This attribute exists locally on the Apple Configurator so it doesn’t matter as long as it is meaningful to you. I’ve used Intune MDM.
Under Host name or URL, paste in the profile URL you copied out of Intune in Step 8.
16. Select a trust certificate for the MDM Server and click Next.
17. Sign into ABM or ASM with your Administrator or Device Administrator Role
18. If you’ve never created an Organization for Apple Configurator before, you can select "Generate a new supervision identity", and click Next.
19. Under Configure iOS Setup Assistant, select Show all steps and click Next. Again, this really doesn’t matter since we’re not using the Configurator to activate and manage the devices. However, I’ve heard reports that if some of the steps are hidden, the device preparation step will fail, so just choose Show All.
20. Under Network Profile, select the Wi-Fi profile you created in step 10, and click Prepare.
21. Your iPhone will now be configured and rebooted.
Configure Apple Business Manager
22. Once it comes back up to the Hello screen, log into ABM or ASM and check under Devices. The device you’ve just prepared should now be in ABM or ASM.
23. Under Settings> MDM Servers, you should see a new MDM Server called Apple Configurator 2 with 1 device assigned. (Note mine says 0 because my test device has already been moved to Intune)
24. Click on the device and select Edit Device Management
25. Under Change Device Management, assign the device to Intune MDM. (Mine says “No servers available because the device has already been assigned).
26. When you navigate back to the device, you should now see the device being assigned to the Intune MDM.
27. Repeat these steps and prepare all the phones you need to import into ABM/ASM before proceeding to the next section.
Prepare the Device for Activation
28. Now that the device is in ABM/ASM and assigned to your Intune MDM configured with Enrollment Program Token, go back into Intune, under Devices > Enroll devices > Apple enrollment > Enrollment program token. Click on the token that is linked to your ABM/ASM.
29. On the new page that opens, click down into Devices, and click on Sync to ensure the device you’ve just imported into ABM/ASM is now showing in Intune.
30. Under Profiles, make sure there is a profile for assignment; if not create a new one. This is the profile that will guide your corporate iPhones through Setup Assistant, so configure it how you want the final deployment for your corporate devices to work.
31. Assign this profile to the device you’ve imported and make sure it shows as “Assigned Profile” for the device.
Enroll the iPhone in Intune
32. You’re now ready to bulk enroll the devices into Intune. You can either provide the prepared devices directly to the end user and provide them instructions, or run through the Setup Assistant as an Administrator.
33. Upon boot up, and after selecting the Language, Region, and Wi-Fi, you’ll see the device pick up the configuration from Intune.
After following all the prompts of Setup Assistant as you’ve configured, your device will now be ready to use, and fully managed by Intune.
Hope you've found this post helpful. If you did, please share it with your admin friends so they can benefit too! Sharing is caring.
If you need some additional support on Endpoint Management, we're very good at this stuff. So contact us to see if we can help support your business goals.
The content on this web site is provided for general information purposes only and does not constitute professional advice. Users of this web site are advised to seek specific technical advice by contacting SiFr or their own IT resource regarding any specific technical issues. SiFr does not warrant or guarantee the quality, accuracy or completeness of any information on this web site. The articles published on this web site are current as of their original date of publication, but should not be relied upon as accurate, timely or fit for any particular purpose.
This web site may contain links to third party web sites. Links are provided for convenience only and SiFr does not endorse the information contained in linked web sites nor guarantee its accuracy, timeliness or fitness for a particular purpose.
SiFr is a Microsoft Partner. However, we do not have an affiliate relationship with Microsoft and we do not receive any monetary benefit in commissions or otherwise for clients choosing Microsoft services. We aim to offer unbiased advice based on our own experience with the services.