Resources:      https://apps.apple.com/app/intune-company-portal/id719171358 (Microsoft Company Portal application)

Please note: some screenshots below have been edited to save space and you are required to have a licensed corporate or project account to use this service.

Guide for setting up a personal iPhone for Corporate or Project use

Minimum requirements:      iOS v12.2

If you are wanting to use a personal iPhone to access corporate or project resources, you will need to set up the Microsoft Company Portal in order to perform this on your phone. This will allow applications (Outlook, Teams, Word etc.) to be delivered and the data you access managed centrally, when you leave ASI or one of its projects, the applications will be removed from your phone too.

There are a few steps in order to provide new workers a secure platform from which to conduct their work, this includes:

      1. Installing the Microsoft Company Portal

      2. Accessing corporate and project resources

1. Installing the Microsoft Company Portal

  To start the process, using the URL https://apps.apple.com/app/intune-company-portal/id719171358 you will be taken to the App Store.  Open the application to begin the process.

  When the application is opened, you will be asked to sign in.

  If there is already an account available for use on the phone, this will be presented. 

  You will then be required to prove this is your account with the Multi-Factor Authentication response.

  As there are multiple services interconnected here, you may also be asked to provide credentials against Microsoft’s Intune (Endpoint management software). Once you have confirmed your identity, then the device registration element can start to occur.

  In order to keep devices up to date with security patches, ASI IT are using notifications through the Company Portal application when there are pending updates that are due for installation. 

As part of our security and compliance work, it is expected that security updates be installed within fourteen days of release by manufacturers. As a result of this, it makes sense to be alerted to these updates when they are available. Failure to install the updates may result in you losing access to corporate resources until the device is once more compliant.

 Additionally, to the security and compliance work, it is also possible to deliver services such as the Adam Smith International Guest Wireless network information, VPN service, and also corporate applications to your phone.

In order to perform these functions, a management profile is needed to be added to your phone.

  A pop-up will be presented about the requirement to download the management profile, click Allow.

  You will need to go to Settings and General  to find where the downloaded management profile is kept. If you scroll down under the VPN option, you will see the Profile element, click this.

  You will now see the management profile, click this to see more information about the profile itself and to install it.

  The management agent has been verified as coming from Microsoft. Click the Install button. 

Please note: at the bottom of the screen is the option to remove the management profile here. This will be available all the time, but if you remove the profile, you will no longer be able to access corporate resources on this device.

  You are then presented with the certificate required to secure communications with the Intune service. You then need to trust the certificate.

  The certificate has now been successfully installed, now Click Done. You will now be able to close the Settings application and return to the Company Portal application.

  The Company Portal application wants to know where you are, as in the future, this may assist in providing more or less prompts for authentication if you are in an area of risk or a secure location.

It should be fine to select, when you are using the application, as opposed to all of the time.

   You will now be presented with corporate versions of the Office applications to your device. These applications are managed through the Intune service and therefore you will need to approve the management of them.

The final element is to check the security posture of your device against the required baseline standard, which consists of:

Operating System up to date, device encryption is in use, and the Guest and/or corporate wireless networks are delivered to the device.

  Once this initial check is complete, you will need to identify the type of device that you are using. The categories on the left and then also broken down into personal and corporate devices – this helps to ensure that the correct services are delivered to the device.

For example, only the corporate wireless network is presented to corporate devices, whereas the Guest wireless network is presented to all devices.

  Under devices, you will see the devices that are associated with your account. There are also applications that are optional for installation, should you wish to use them, they are presented in the Apps icon at the bottom of the screen.

Should your device fall out of compliance, the Notification screen will advise of the steps to remediate this.

  You will now be able to access the applications that have been delivered to your device.