Skip to content

Microsoft Intune Guide: ADE

Required environment’s information

You need to first setup all target prerequisites before proceeding with this guide.

Overview

These prerequisites must be done if you have any devices enrolled using Apple's Automated Device Enrollment (or ADE).

Prerequisites

Access to Apple Business Manager portal

You must have access to the Apple Business Manager portal where both your Source and Target Tenants are configured.

This is required so that you can reassign the ADE devices to the Target Tenant virtual server.

Warning

To avoid any false device reallocation in the event of a Full Device Wipe, devices must be reassigned prior to any device migration.

Setup your Target Tenant's ADE Profile

Before proceeding with the migration, you need to check the configuration of your ADE profile in your Target's Microsoft Intune admin center in DevicesEnroll device > Apple enrollment > Enrollment program tokens, then select the corresponding ADE configuration.

Configure the ADE profile

In order to allow your users to re-enroll correctly after their device is factory reset, you need to configure your Target Tenant's ADE profile with the following settings:

  • Set User Affinity to Enroll with User Affinity to enable authentication screen during enrollment.
  • Select one of the authentication method to either Setup Assistant to let Apple display the authentication screen, or Company Portal to force your user to authenticate using the Microsoft Intune Agent app.

Setup the ADE default profile

Next, you must set a default ADE profile in DevicesEnroll device > Apple enrollment > Enrollment program tokens:

  • Select the corresponding ADE configuration
  • Click on Set default profile
  • Select the corresponding profile in the iOS Enrollment Profile
  • Click Save.

Declare your ADE devices as Corporate devices

Any ADE devices following the Standard migration method (without Full Device Wipe) will be registered as Personnal once re-enrolled.

To avoid this situation and ensure your devices will be declared as Corporate once re-enrolled, you should use the Corporate Device Identifier feature prior to start any device migrations.
You can use the .csv file generated by Exodus with the Export button in the Device List.
Make sure to clear all data except Serial Numbers prior to doing so.

Then go to DevicesEnroll device > Corporate device identifiers

  • Click Add
  • Select Upload CSV file
  • Choose Serial number in the Select identifier type dropdown menu
  • Fetch the .csv by clicking on Select a file
  • Click on Add

To learn more about the Corporate Device Identifier feature, please consult the official documentation.