Creating and deploying a custom iOS policy using Intune

I have a new favorite feature in standalone Intune, custom iOS Policy. This lets you basically deploy a XML file with the supported configuration information you want to set on an iOS device even if it isn’t available in the Intune console, like deploying a Wi-Fi network with WPA2 and a Password.

The easiest way to create a profile file is to use the Apple Configurator, it is only available for OSX so you need a machine running OS X. Notepad can of course also be used 😉 Apple Configurator is available in the App store on OS X. In this example I will create a custom policy using Apple Configurator which configures a Wi-Fi WPA2 SSID with a password and then deploy it using Intune.

  1. Launch Apple Configurator and create a new policy.Apple_conf1
  2. Give the policy a Name and enter your Organization name.Apple_conf2
  3. Select Wi-Fi and click configure.Apple_conf3
  4. Enter the information about the Wi-Fi network, here you can select WPA2 Personal and supply the password which isn’t possible in Microsoft Intune for now at least. Then select Save Apple_conf4
  5. When the policy is created, select it and select Export Profile.Apple_conf5
  6. Save it somewhere where you can access it later and upload it to Intune, I save it to my Onedrive.Apple_conf6

The XML file will get an extensions of .Mobileconfig and it looks like this:


<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>PayloadContent</key>

<array>

<dict>

<key>AutoJoin</key>

<true/>

<key>EncryptionType</key>

<string>WPA2</string>

<key>HIDDEN_NETWORK</key>

<false/>

<key>IsHotspot</key>

<false/>

<key>Password</key>

<string>21432432423</string>

<key>PayloadDescription</key>

<string>Configures Wi-Fi settings</string>

<key>PayloadDisplayName</key>

<string>WiFi</string>

<key>PayloadIdentifier</key>

<string>Jorgens-MacBook-Air.local.9FDC88B6-3717-4165-8ABC-42E6330D25AD.com.apple.wifi.managed.C649D542-D680-4855-9CD5-917D373F256D</string>

<key>PayloadType</key>

<string>com.apple.wifi.managed</string>

<key>PayloadUUID</key>

<string>C649D542-D680-4855-9CD5-917D373F256D</string>

<key>PayloadVersion</key>

<real>1</real>

<key>ProxyType</key>

<string>None</string>

<key>SSID_STR</key>

<string>office1</string>

</dict>

</array>

<key>PayloadDisplayName</key>

<string>Wifi4</string>

<key>PayloadIdentifier</key>

<string>Jorgens-MacBook-Air.local.9FDC88B6-3717-4165-8ABC-42E6330D25AD</string>

<key>PayloadOrganization</key>

<string>CCMEXEC</string>

<key>PayloadRemovalDisallowed</key>

<false/>

<key>PayloadType</key>

<string>Configuration</string>

<key>PayloadUUID</key>

<string>4E067E5B-BD43-4760-B879-D8E26FEEA789</string>

<key>PayloadVersion</key>

<integer>1</integer>

</dict>

</plist>

More information about valid syntax and settings can be found here: https://developer.apple.com/library/ios/featuredarticles/iPhoneConfigurationProfileRef/Introduction/Introduction.html

To deploy the newly created custom iOS policy file do the following:

  1. Login to the Intune console at http://manage.microsoft.com using a supported browser and platform = Windows Client.
  2. Under Policy and Configuration Policy, select AddPolicy1
  3. Select Create and Deploy a Custom Policy and Create Policy.Policy2
  4. Enter a Name, Name displayed to the user and import the wifi4.mobileconfig file created before. Then select Save Policy.Policy3
  5. A dialog appears that asks you if you want to deploy the policy.Policy4
  6. We then select a group to deploy the policy to, in my case TechX demoPolicy5
  7. On the iOS device, in my case an IPad Mini I can now see that the policy is applied under the Management Profile (yes it is in Swedish)Profile1

The Custom iOS policy is a really powerful tool, wish for it to be available in Hybrid scenarios as well!

3 Comments

Add a Comment

Your email address will not be published. Required fields are marked *