5. Set up your mobile device (recommended)
Use your personal mobile device to get things done. Here's how to set it up.
Due to Microsoft's policies, Android devices in China are not allowed to be enrolled. Instead, Android users in China would use the YubiKey option available under the PRMFA Setup section. iOS users can follow the guidance under the iOS section.
Android devices
Minimum software requirements
Microsoft follows an N-1 policy on supported operating systems, meaning if Android 14 is released, devices must be running at least Android 13.
Devices also must have received a security patch update within the last 180 days to maintain compliance.
Devices must not be rooted.
Minimum hardware requirements
We recommend devices purchased within the last 2 years to ensure they are running supported OS levels and are being regularly patched. The average support lifecycle of Android devices across manufacturers/telecoms is 3 years.
-
We recommend only using Android Enterprise supported devices to ensure the best user experience. Not all Android devices are fully supported by Android Enterprise on the latest OS. Devices may still enroll successfully but could experience stability or performance issues. Please review the Android Enterprise Solutions Directory to see if your device is supported.
Devices must have hardware encryption and a device lock screen with a minimum 8-digit PIN or 6-digit alphanumeric password.
-
Important: Huawei devices are not supported, including those running on HarmonyOS.
Enroll your device
Step 1: Install Intune Company Portal with the QR code or Google Play store.
Step 2: Open Company Portal, sign in use your Microsoft email account (alias@microsoft.com) with your MFA setup.
Step 3: Acknowledge any notifications and select Begin > Continue.
Step 4: On the Set up a work profile page, select Agree and wait while your work profile is created.
Step 5: If you get a message stating that you need to install and activate Microsoft Defender for Endpoint, go to your work apps list, open MSDefender and complete the set-up on your managed device. Then return to Company Portal and select Continue.
Step 6: When you return to the Microsoft Access Setup page, select Continue to activate your work profile. You'll see the following pages:
- Register your device
- Add your device to Company Portal
- Set up your work profile
Step 7: After activation is complete, you should see You're all set!
Step 8: Review Your new work setup page and select Got It.
Step 9: You'll see all your managed devices, including your Android device that you just enrolled.
To access the managed Play Store and install work-related apps, select Open.
You are now ready to access internal resources. To learn more about those resources, and make your first few days more productive, visit the New Joiner site page.
Use your personal mobile device to get things done. Here’s how to set it up.
iPhone or iPad
Minimum software requirements
Microsoft follows an N-1 policy on supported operating systems, meaning, as an example, if iOS 16 is released, devices must be running at least iOS 15.
Devices also must have received the latest OS patch to maintain compliance.
Devices must not be rooted.
Minimum hardware requirements
We recommend devices purchased within the last 2 years to ensure they are running supported OS levels and are being regularly patched.
Devices must have hardware encryption and a device lock screen with 6-digit PIN.
Before you enroll your device
Step 1: We highly recommend upgrading to the latest version of iOS prior to enrolling your device to avoid compliance policy issues.
Step 2: Complete the PRMFA setup instructions prior to enrolling your device.
Step 3: Turn off Stolen Device Protection prior to enrolling your device. Otherwise, this can cause a 60-minute delay during enrollment. Turn it back on after setup is complete. If you're setting up a new device, skip this setup until after enrollment is complete.
a. To find this setting, go to Settings > Face ID + Passcode > Stolen Device Protection.
Step 4: To save time, you can also install Microsoft Defender prior to device enrollment.
Enroll your device
Step 1: Scan the following QR codes to install Outlook and Teams on your device.
Step 2: Open one of the apps and sign-in with your @microsoft.com email address. This will open the Set up your device to get access screen. Select Continue.
Step 3: On the How to set up your device screen, select Get started.
Step 4: The How to install management profile screen will open, followed by a pop-up. Select Allow to download the configuration profile. Once installation is complete, select Close on the Profile Downloaded pop-up.
Install Management Profile
Step 1: Leave the How to install management profile Safari screen and open the Settings app on your device.
Step 2: Select Profile Downloaded and select Install, following the on-screen instructions to install the profile. If this option doesn't appear, tap General, then VPN and Device Management.
Step 3: On the Install Profile screen, review the information under More Details and then select Install. You'll be prompted to enter your device passcode. Then select Install at the bottom of the screen.
Step 4: Another window opens which shares the information that the administrator might collect from your device. Review the details and then select Trust from the Remote Management pop-up. Once the profile is installed, select Done.
Setup Microsoft Defender (MDE) and Complete Enrollment
Step 1: MS Defender (MDE) will install automatically if you didn't install it already. Wait for the App Installation pop-up and select Install. This may take a few minutes. Once installed, open the MS Defender app.
Step 2: Sign in with your Microsoft credentials. You may be prompted to complete MFA with the Authenticator app. Read and agree to the Terms of Use.
Step 3: Defender will set up a local VPN connection. Review the details, including what Microsoft can see on your device and tap Allow. When you are prompted to add a VPN, tap Allow and then enter your device passcode.
Step 4: Allow Defender to send you notifications and then select Done.
Step 5: Review the Help Microsoft improve Defender page and then select either option.
Step 6: Select Allow so Defender can find and connect to devices on your local network.
Step 7: Return to the How to install management profile screen. Intune should confirm that your device meets security requirements.
Step 8: Once complete, open Teams or Outlook and complete app setup.
You are now ready to access internal resources. To learn more about those resources, and make your first few days more productive, visit the New Joiner site page.