Creating and deploying a custom iOS policy using Intune

I have a new favorite feature in standalone Intune, custom iOS Policy. This lets you basically deploy a XML file with the supported configuration information you want to set on an iOS device even if it isn’t available in the Intune console, like deploying a Wi-Fi network with WPA2 and a Password.

The easiest way to create a profile file is to use the Apple Configurator, it is only available for OSX so you need a machine running OS X. Notepad can of course also be used 😉 Apple Configurator is available in the App store on OS X. In this example I will create a custom policy using Apple Configurator which configures a Wi-Fi WPA2 SSID with a password and then deploy it using Intune.

1. Launch Apple Configurator and create a new policy.
2. Give the policy a Name and enter your Organization name.
3. Select Wi-Fi and click configure.
4. Enter the information about the Wi-Fi network, here you can select WPA2 Personal and supply the password which isn’t possible in Microsoft Intune for now at least. Then select Save 
5. When the policy is created, select it and select Export Profile.
6. Save it somewhere where you can access it later and upload it to Intune, I save it to my Onedrive.

The XML file will get an extensions of .Mobileconfig and it looks like this:


<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>PayloadContent</key>

<array>

<dict>

<key>AutoJoin</key>

<true/>

<key>EncryptionType</key>

<string>WPA2</string>

<key>HIDDEN_NETWORK</key>

<false/>

<key>IsHotspot</key>

<false/>

<key>Password</key>

<string>21432432423</string>

<key>PayloadDescription</key>

<string>Configures Wi-Fi settings</string>

<key>PayloadDisplayName</key>

<string>WiFi</string>

<key>PayloadIdentifier</key>

<string>Jorgens-MacBook-Air.local.9FDC88B6-3717-4165-8ABC-42E6330D25AD.com.apple.wifi.managed.C649D542-D680-4855-9CD5-917D373F256D</string>

<key>PayloadType</key>

<string>com.apple.wifi.managed</string>

<key>PayloadUUID</key>

<string>C649D542-D680-4855-9CD5-917D373F256D</string>

<key>PayloadVersion</key>

<real>1</real>

<key>ProxyType</key>

<string>None</string>

<key>SSID_STR</key>

<string>office1</string>

</dict>

</array>

<key>PayloadDisplayName</key>

<string>Wifi4</string>

<key>PayloadIdentifier</key>

<string>Jorgens-MacBook-Air.local.9FDC88B6-3717-4165-8ABC-42E6330D25AD</string>

<key>PayloadOrganization</key>

<string>CCMEXEC</string>

<key>PayloadRemovalDisallowed</key>

<false/>

<key>PayloadType</key>

<string>Configuration</string>

<key>PayloadUUID</key>

<string>4E067E5B-BD43-4760-B879-D8E26FEEA789</string>

<key>PayloadVersion</key>

<integer>1</integer>

</dict>

</plist>

More information about valid syntax and settings can be found here: https://developer.apple.com/library/ios/featuredarticles/iPhoneConfigurationProfileRef/Introduction/Introduction.html

To deploy the newly created custom iOS policy file do the following:

1. Login to the Intune console at http://manage.microsoft.com using a supported browser and platform = Windows Client.
2. Under Policy and Configuration Policy, select Add
3. Select Create and Deploy a Custom Policy and Create Policy.
4. Enter a Name, Name displayed to the user and import the wifi4.mobileconfig file created before. Then select Save Policy.
5. A dialog appears that asks you if you want to deploy the policy.
6. We then select a group to deploy the policy to, in my case TechX demo
7. On the iOS device, in my case an IPad Mini I can now see that the policy is applied under the Management Profile (yes it is in Swedish)

The Custom iOS policy is a really powerful tool, wish for it to be available in Hybrid scenarios as well!