Intune Registration

By downloading an XML file from Secure Access and then uploading it to your Intune system, Intune is able to push configuration information to both the Cisco Security Connector (CSC) and Secure Access so that your iOS device is registered with Secure Access. The result is that your iOS device is protected by Secure Access.

For information about configuring Intune, see Intune's documentation.

Table of Contents

• Anonymization
• Prerequisites
• Procedure
• Verify Secure Access on Your iOS Device
• Install Umbrella Root Certificate

Anonymization

Secure Access provides you with the option of anonymizing mobile devices for reporting and administration purposes. When you anonymize a mobile device, its label is hidden and replaced by your device's serial number. The label name is anonymized in both the Secure Access dashboard and in the CSC app UI. For information about how to anonymize your device, see Anonymize Devices.

Prerequisites

• The Cisco Security Connector requirements.
• You must first configure your Intune MDM system. Configure Intune as required so that it is able to push configuration information to both CSC and Secure Access. For information about configuring Intune, see Intune documentation. For support, contact Intune support.

Procedure

Note: You must log into your Secure Access dashboard as an administrator.

Step 1: Add an Organization Administrator’s Email Address

The administrator email address is the email address that your end-user can use to send diagnostic reports from the app by clicking the I (vertical line) icon from within the iOS device. These reports can then be passed onto Cisco support. Once set, this email address is automatically added when managing an MDM.

1. Navigate to Resources > Sources and destinations > Mobile Devices and click Settings.

2. 

   In Mobile Device Settings, add an email address, select operation mode (fail open or fail closed), select a notifications level (Protection failure notifications only or notify on all state changes), choose a device identification method, and click Save.

Step 2: Add a Mobile Device

1. In Secure Access, navigate to Resources > Sources and destinations > Mobile Devices and click Manage.

1. Under Deployment Type, click the Managed by MDM radio button, and then click Next.

3. In the Managed Mobile Clients modal, click iOS.

4. Click Download MobileConfig.

5. In the opened dialog, click Download.
   Your browser downloads a mobileconfigMicrosoft Intune.xml file to your computer.
   This email address is where diagnostic reports are sent when a user clicks the I (vertical line) icon from within the iOS device. Once set, this email address is automatically added when managing an MDM.

6. Log into Microsoft Intune and create your configuration profile. For more information, see Create a device profile in Microsoft Intune.

   a. For the profile type, choose Custom, and then browse and select the mobileconfigMicrosoft Intune.xml file that you downloaded from Secure Access.
   b. Continue to configure your profile, review the configuration settings, and click Create.

7. If successful, your mobile device registers with Secure Access and is listed at Resources > Sources and destinations > Mobile Devices. After the CSC on your mobile device is updated and connects to Secure Access, your iOS device is protected by Secure Access.

If you have anonymized your device, see Anonymize Devices. Secure Access hides the device's true label name by replacing it with the device's serial number. Existing active devices anonymize with 24 hours. New devices anonymize immediately.

As no changes can be made in Secure Access to the actual provisioned device, these mobile devices are simply listed in Secure Access as identities; however, you can now use Secure Access to apply policies to these mobile device identities. For more information, see Apply Secure Access Policies.

Verify Secure Access on Your iOS Device

1. In the CSC app, tap the Status icon and confirm that it shows Protected by Umbrella.
2. For protection details, tap Protected by Umbrella.

Install Umbrella Root Certificate

The intelligent proxy can inspect web traffic sent from a mobile device to Secure Access. If you enable the intelligent proxy with SSL decryption in your DNS policy and apply the policy to your mobile device, you must install the Umbrella Root Certificate Authority (CA) certificate on the mobile device. Download the Umbrella Root CA certificate from the DNS policy or from Secure > Settings > Certificates.

• For information about configuring the intelligent proxy in the DNS policy, see Enable the Intelligent Proxy.
• For information about how to install the Umbrella Root CA certificate on iOS devices, see Push the Umbrella Certificate to Devices.

IBM MaaS360 Registration < Intune Registration > Jamf Registration