Instructions for installing Microsoft Intune on

a mobile device (Android, iOS, Windows)

Version Written/Reviewed By Date

1.1 Joe Bennett 4th February 2016

1.2 Eoin Dunne 26th February 2016

1.3 Joe Bennett 17th June 2016

Introduction

With a view to ensuring compliance with legislation such as the Data Protection Acts (1988,

2003), DIT has chosen a Mobile Device Management (MDM) solution from Microsoft called

Intune. This can be used to secure phones and devices running Android, iOS, and Windows,

with each user able to protect five devices. Once enrolled, you will be prompted to encrypt the

device and apply an alphanumeric password of at least 6 characters. Encrypting an Android

device requires 100% charge and to be plugged in. You can manage your device (reset

passcode, wipe) from https://portal.manage.microsoft.com. Please note 11 repeated

password failures, to the device, will trigger a device wipe.

ICT Services cares about your privacy ICT Services cannot see this type of information on your phone or tablet:

CALL HISTORY

LOCATION

WEB HISTORY

TEXT MESSAGES

CAMERA ROLL

PERSONAL APPS

PERSONAL EMAIL, CONTACTS, AND CALENDAR

PERSONAL DATA

ICT Services can see this type of information on your phone or tablet:

OWNER

MODEL

MANUFACTURER

DEVICE NAME

OPERATING SYSTEM

COMPANY APPS

SERIAL NUMBER

ICT Services are committed to protecting the rights and privacy of DIT staff in accordance with Institute policies at http://www.dit.ie/officeofthesecretarytotheinstitute/recordsmanagement/

Step 1) Getting a License

Please contact the DIT Support Desk at extension 3123 / support@dit.ie to receive a license

for Microsoft Intune. Once this is confirmed, you may proceed to Step 2. Please note the

license is applied to your staff number account, and does not involve your receiving any files

or codes.

Step 2) Enabling location services (optional)

ICT Services strongly recommend you enable location services on your phone/tablet. Only you

will be able to access the location of your device, and this could prove very helpful in the

event of loss or theft. For assistance in turning this feature on, try searching the internet

using keywords “How to enable location services” with the make/model of your phone.

Step 3) Enrolling devices

Before starting the installation, ensure your phone is fully charged. If you have received alerts

to install system updates on your phone, complete these and restart the phone before

installing the Intune app. As with any software installation, ICT Services strongly recommend

you make a backup copy of any data on the phone (e.g. photos, text messages) before

starting the installation. The minimum requirements are that the device is running Android 4,

IOS 8 or Windows phone 8.1, operating systems. Note the app will currently run on iOS 7 but

an impending update will require at least the iOS 8 platform.

While every step has been taken to ensure the accuracy of the instructions and screenshots

below the user experience may differ from device to device depending on operating system

and version of the software.

Android Devices (Samsung, HTC)

1. Tap Home -> Play Store.

2. In the Search box, type company portal.

3. Tap Intune Company Portal.

4. Tap INSTALL.

5. Tap ACCEPT.

6. Tap Company Portal in your list of apps.

7. On the Welcome screen, tap Sign in.

8. Enter your email address (staffnumber@dit.ie), you will be redirected to the DIT IDP page to verify your credentials.

9. Enter your username (staff number without the @dit.ie) and your password.

10. Tap Enroll.

11. Tap Activate.

12. The screen opposite will appear for a time.

13. Once this screen appears you have enrolled. Now proceed to Step 4 below (Securing the device).

iOS Devices (iPhone and iPad)

1. Open the App Store and search for Intune.

2. Download and install the Microsoft Intune Company Portal app.

3. Open the Company Portal app. Enter your email address (staffnumber@dit.ie), you will be redirected to the DIT IDP page to verify your credentials.

4. Enter your username (staff number without the

@dit.ie) and your password

5. Tap Begin.

6. Tap Continue.

7. Tap Continue.

8. Tap Enroll.

9. Tap Install.

10. Tap Install to indicate you have read the warning.

11. Tap Install.

11. Tap Trust.

12. Tap Done.

13. Tap OK. Your device is now enrolled in Intune. Now proceed to Step 4 below (Securing the device).

Windows Phone

Install the Company Portal app on your device:

1. Tap Start -> Store.

2. Tap Search and type company portal.

3. In the list of results, tap Company Portal.

4. Tap Company Portal -> Install.

5. On the device, open the Microsoft Intune Company Portal app.

6. Provide your credentials. You may be asked to accept your company’s Terms and Conditions etc.

7. Swipe to My Devices.

8. Tap Tap to Enroll or identify this device.

9. Tap Enroll this device.

10. Tap Add account.

11. Enter additional information as requested and then tap sign in to complete the Enrolment. You should now see your workplace account listed on the Settings > Workplace page. If you are asked for a server at any stage use manage.microsoft.com.

Step 4) Securing the device

Once the software is installed and the device enrolled you have only thus far allowed the

device to be monitored by Intune. To actually secure the device you need to comply with the

security policy applied i.e. applying a six-character alphanumeric password and encrypting

the device. After enrolling your device, you will be prompted to set the password and encrypt

the device. If you ignore this at the time, there will be notifications which cannot be cleared

at the top of your device. It will be visible to the administrator that the device is not

compliant also. The example below is for an Android device.

Note: It is strongly recommended that you update your device to the latest operating system

before proceeding. To do this plug your device’s power adapter in and connect to the

Internet via Wi-Fi. The procedure varies depending on the device. On Apple Devices go to

Settings -> General -> Software Update. On android devices go to Settings -> About Phone ->

System Updates. On windows phone go to Settings -> Phone Updates.

To apply security measures tap, the top

notification.

If you already have a non-compliant password

(shorter and/or less complex) set you will be asked

for this now.

You will only be allowed one option so tap password.

Then choose your password. It needs to contain

letters and numbers and be at least six characters

long. Then tap continue.

Confirm your password by typing the same one

as on the previous screen then tap OK.

You may see the screen opposite. Tap Don’t show

notifications at all, and then Done.

Note: for iOS devices once a password is set, the device is

encrypted. Users with Android phones must undertake

additional steps

Now encrypt the device. Tap the

notification at the top of the screen.

Please ensure that the battery is full and

in the case of android devices that the

adapter is plugged in. If you have the

option also select the SD card. Then

tap Encrypt Tablet or Encrypt phone.

Type in your password and tap Continue.

The device will the shut down and

show something like this screen.

When completed the device will

restart again. The process is now

complete.

Note: Once these settings are applied your device will auto lock when inactive. The maximum

setting in Intune is five minutes but the device will use its own default. This is sometimes as

little as fifteen seconds. This is something the user may want to adjust.

Appendix 1) Managing devices To manage your device go to the company portal found at

https://portal.manage.microsoft.com or search for Intune Company portal. Once you type in

your email username (staffnumber@dit.ie) you will be redirected to the DIT Authentication

page. After you enter your login details, you will see something like the screen below.

Note the section highlighted in red. If you are connecting to the company portal from a

device which is not enrolled (e.g. your PC) you will see this notification, and can disregard it.

When you click on the device you want to manage you will have various options as shown

below. In the event of the device being lost or stolen, the reset option will wipe the device

and return it to factory settings.

As mobile phones can be used to store or access data, the loss or theft of a device must be

handled under the DIT data security breach management guidelines in order to reduce the

impact of the breach. For immediate steps on what to do if a device is missing, follow the

procedure for managing a lost or stolen mobile device.