Configure and secure iOS devices with Microsoft Intune
With Intune, you can configure settings for devices in the school, to ensure that they comply with specific policies. For example, you may need to secure your devices, ensuring that they're kept up to date. Or you may need to configure all the devices with the same look and feel.
Settings can be assigned to groups:
- If you target settings to a group of users, those settings apply, regardless of what managed devices the targeted users sign in to
- If you target settings to a group of devices, those settings apply regardless of who is using the devices
Introduction
✅ Learn about the different types of settings
Device profiles allow you to add and configure settings, and then push these settings to devices in your organization. You have some options when creating policies:
Settings catalog: Use the settings catalog to see all the available settings, and in one location. For example, you can see all the settings that apply to Networking, and create a policy that just focuses on Network.
For more information, see Settings catalog.
Templates: Templates include a logical grouping of settings that configure a feature or concept, such as VPN, email, kiosk devices, and more. If you're familiar with creating device configuration policies in Microsoft Intune, then you're already using these templates.
For more information, including the available templates, see Apply features and settings on your devices using device profiles.
Tip
You can find a list of common configurations used in K-12 organizations at Common Education configuration overview.
Device settings
✅ Configure settings and assign them to devices
To create a device configuration profile in Microsoft Intune, you need to follow these steps:
- Sign in to the Microsoft Intune admin center.
- Go to Devices > Manage devices > Configuration > + Create profile.
- Select Platform as iOS/iPadOS.
- Select Profile type:
- For general settings, select Settings Catalog.
- For templates including certificates, Wi-Fi, and VPN, select Templates and then choose the required template.
- Follow the steps to create and configure the profile as necessary.
Update policies
✅ Configure update policies and assign to devices
It's important to keep iOS devices up to date with the latest security updates. You can create control updates with Intune using three different methods:
- Option 1 - iOS and iPadOS 17.0 and newer devices (recommended) - Managed software update policy.
- Option 2 - iOS and iPadOS 17.0 and older (recommended) - Software update policy.
- Option 3 (not recommended) - End users manually install the updates.
At Devices > Manage devices > Configuration > Create > Settings catalog > Restrictions, you can use the following settings to delay how long after an update is released that users can manually install the updates.
- Defer software updates: Yes/No
- Delay default visibility of software updates: 0-90
Tip
The Settings Catalog > Declarative Device Management > Software Update settings take precedence over the Settings Catalog > Restrictions settings. For more information, go to Precedence of settings in iOS updates policy.
For more information, see Software updates planning guide and scenarios for supervised iOS/iPadOS devices in Microsoft Intune.
Security policies
✅ Configure security policies and assign them to devices
In Intune, you can configure iOS security settings using Settings Catalog.
To create a settings catalog device configuration profile in Microsoft Intune, you need to follow these steps:
- Sign in to the Microsoft Intune admin center.
- Go to Devices > Manage devices > Configuration > + Create profile.
- Select Platform as iOS/iPadOS.
- Select Profile type.
- Select Settings Catalog.
- Follow the steps to create and configure the profile as necessary.
Common areas for security include:
- Restrictions
- Security