Frequently Asked Questions

Intune Enrollment for iOS Devices

1. Check your device’s version of iOS

MGB requires iOS devices to run iOS 16 or later.

You can check your version of iOS by going to the settings app, choosing “general” and then choosing “about”

2. Turn off Apple’s “stolen device protection” feature

Enrolling in Intune requires changing your device’s passcode. The Stolen device protection feature implements a minimum 60-minute delay before you are allowed to change your passcode. If you are using this feature, you should turn it off before starting the enrollment to avoid a delay during the process.

You can turn on Stolen Device Protection in Settings:

• 1. Go to Settings, then tap Face ID & Passcode.
• 2. Enter your device's passcode.
• 3. Tap Stolen Device Protection, then turn Stolen Device Protection off.

3. Unenroll from Ivanti Go/MobileIron

If you previously enrolled your device with Ivanti Go (Mobileiron), then you will need to unroll before continuing with this process.

Note: You can skip this step if you never enrolled your device with Invanti Go/MobileIron.

Follow the steps below to remove the management framework from your iOS device.

• 1. Open up the Settings app on your device
• 2. Tap General and then scroll down and select Device Management
• 3. Tap on Root MDM Profile and select Remove Management
• 4. Complete the removal process by following the onscreen prompts.
• 5. Once profile removal is complete, the 'Sign into Work or School account' option should be visible once again.
• 6. Power the device off, wait for shutdown to complete, and then power it back on.

4. Enroll in Intune

These instructions will guide you through the process of enrolling your device in Intune.

Note: As part of this process, you will be required to change the passcode to your device

• 1. Install the Intune Company Portal app from the Apple App Store here.

• 2. Open the Company Portal app on your personal device and click Sign In.

• 3. From the Microsoft Intune Sign in screen, enter your MGB email and click Next.

• 4. From the OKTA Mass General Brigham login screen, enter your MGB Username and Password, then click Sign In.

• 5. Next, complete your Two-Factor Authentication via Okta Verify, SMS Authentication or Voice Call Authentication

• 6. From the “Get notified…” screen, click Ok.

• 7. Next select Allow, when prompted with the “Comp Portal” notification.
• 8. From the Set up Mass General Brigham access screen, click Begin.
• 9. From the Device management and your privacy screen, click Continue.
• 10. Your device will now begin its downloading phase. When prompted, select Allow to download the configuration profile.

• 11. Once complete, click Close on the Profile Downloaded prompt.

• 12. From the Continue to Company Portal screen, click Continue.
• 13. Next go to the iOS Settings app and select VPN & Device Management.
• 14. Then select Install and follow the on-screen instructions to complete the installation.
• 15. Return to the Company Portal app and click on Yes, I installed the profile.
• 16. Next click on install to complete the Management Profile installation on your device.

• 17. Click install on the Warning screen to install the required certificates.
• 18. Your device will now go through its Checking device settings phase. During this phase you may be prompted to address some compliancy issues before your enrollment can be completed. If prompted, once you remediate the issue you can click Retry. Example:

• 19. Once completed, on the You’re all set! screen, click Done.
• 20. You’ve now successfully enrolled your device into Intune! The Company Portal app will now make MGB corporate applications available to you that you can install to your personal device.