Jump to content


Unified Device Management with Configuration Manager 2012 R2 - Part 3. Deploying apps to iOS devices

Recommended Posts


In Part 1 of this mini series we integrated Windows Intune with System Center 2012 R2 Configuration Manager. In Part 2 we added Support for iOS devices (Iphone, iPad). In this part we learn the difference between App Package for iOS (*.ipa file) and applications from the Apple App Store. We learn how to deploy them to iOS devices and use compliance settings to set requirements so that the applications are available to the user based on the iPhone or Ipad operating system version, in addition we also check device Ownership information and can deploy the application based on those requirements.


Step 1. Create some Folders for our modern applications

This step is optional but recommended, download the following powershell scripts and exctract them, we will use them to create some folders to organise where you create your modern apps. If you don't like the layout i've chosen for you then edit the Folders_modern_applications.xml to your liking in notepad. This script (CreateFolders.ps1) will create folders under the Applications node (folder type=6000) in Software Library .


powershell scripts.zip


Open a powershell cmd prompt as administrator


run powershell as administrator.png


change the execution policy to run this script, answer yes when prompted

Set-ExecutionPolicy RemoteSigned

remote signed.png


change to the directory you extracted the scripts and then run the command below to automatically create our folder structure

 .\CreateFolders.ps1 .\Folders_modern_applications.xml

the output should like like the following screenshot


create folders using the powershell script.png


and in the Configuration Manager console, you should now see the following (refresh the console)


folder structure in configuration manager console.png


Step 2. Adding IPA applications.


You'll need to have an Apple developer license to develope proprietary, in-house iOS apps that you can distribute using Configuration Manager. Assuming you do, right click on the iOS folder shown below and choose Create Application


create application.png


select App Package for iOS (*.ipa file)


app package for iOS.png


and browse to your in-house iOS app that you've created


app package for iOS source.png


and continue through the wizard.


Note: I cannot show the rest of the wizard as I get plist errors because I do not have an Apple Developer License and do not have access to an in-house IPA file due to licensing restrictions.


Assuming you have a developers license and have IPA apps, you'll be able to deploy them to your Windows Intune Users collection created in Part 1 of this series.


Step 3. Adding iOS app packages from the Apple App Store.


In the Configuration Manager console, right click on the App Store folder shown below and choose Create Application


create app store application.png


You'll need an internet connection for this step, in the drop down menu choose App Package for iOS from App Store and click on Browse


app package for ios from app store.png


the Apple App Store appears,


apple app store.png


Select Business from the index on the left, then click on the letter M in the alphabet and select Microsoft Remote Desktop on page 16 or so.


Microsoft remote desktop.png


finally click on OK when ready


ok to microsoft remote desktop.png


The application url appears in our wizard in the location field


location shows the url.png


after clicking on next the app package is added


ios app package added.png


Continue through the wizard until completion.


create application wizard completed successfully.png


Step 4. Deploy the application


Right click the newly added application and choose Deploy




when the Deploy Software Wizard appears select the Windows Intune Users collection by clicking on browse


Windows Intune Users collection.png


for the specifiy the content destination step , there is no content (as it's in the App Store) so click next


specify the content destination.png


Select Available as the purpost (we want to give the users a choice)


Note: Devices that run Windows RT, iOS and Android now support a deployment purpose of Required. This allows you to deploy apps to devices according to a configured schedule - see Technet.


install purpose is available.png


continue through the wizard until completion


deploy wizard complete.png



Step 5. Edit the Deployment Type

click on the Deployment Types tab as shown below, select the app and right click, choose Properties


deployment type properties.png


Click on the Requirements tab and click on Add


add requirement.png


if required select your chosen iOS operation system (iPhone or iPad), then click on ok, next click on Add again and in the Condition drop down select Ownership, set the value to Company (the default setting of mobile devices is Personal).


device ownership is company.png


click on Apply then OK.


requirements listed.png


Step 6. Verify the end user experience on an iOS device

Login to the Company Portal (which we installed in Part 2) on a iOS device that has already had it's Ownership set to Company and which iOS version matches what you set in the requirements above.


Click on the Microsoft Remote Desktop app that appears in the Company Portal




and click on Launch




The application shows in the Apple App Store,




install it as you would any app from the app store, you'll be prompted for your Apple ID at this point.




After logging in and installing the app it is now installed on your iOS device, success !




and there's a shortcut to it on your device




Recommended reading



In this part we've seen how to target iOS applications to company owned iOS devices such as iPads and iPhones with a specific version of the iOS operating system all through System Center 2012 R2 Configuration Manager. Continue on to Part 4.



You can download a Microsoft Word copy of this guide here:


How can I manage modern devices in System Center 2012 R2 Configuration Manager Part 3 deploying apps to iOS devices.zip


Share this post

Link to post
Share on other sites

I noticed that when I select AppStore app, nothing appear,
But when Android is selected, Google Play appears as usual.
I have turned off Windows firewall (for testing only) + I am NOT using any proxy .



Share this post

Link to post
Share on other sites

is this problem related to your .local lab name I wonder or did you change it ?

Its was found in .local as well as in .com as well.

I checked it several times, rebooted the server, turned off the firewall etc, nothing happened.

Share this post

Link to post
Share on other sites

Yes, still same problem, YES, I can browse to app store, even web page (s) are listed under trusted sites.

I have installed Mozila Firefox as well and I can browse with Mozila as well.


Checked with making Mozila as default browser , and then IE as default browser, same results.

Share this post

Link to post
Share on other sites

When deploying VPP apps in Microsoft Intune the only option is to deploy those apps to a user. In our recent Demo the ability to push those VPP apps to a device or device group is unavailable. We would like to deploy apps from VPP to devices in Intune. Here is a screenshot of the deployment that we see (attached).


Any other MDM product allows you to do this. I was just wondering if anyone has any idea if Microsoft was planning on adding this feature, or has heard of this on their road map?


Edited by Jerky

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.