Skip to main content

How to deploy Cisco Security Connector via Intune (CSC iOS)

mkueh
  • Updated
  • min read

Introduction:

This is a step-by-step guide on how to get your iOS/iPadOS device MDM-manage via Intune, and push the profile via Apple Configurator

You may also reference our Intune Registration documentation and PDF guide here

Note: this method shows you how to MDM your devices via Intune and Apple Configurator

Important Notes:

If you are MDM-ing your supervised devices via the Company Portal App, then you may start at Step 14.

This article is provided as-is as of 04/12/2023, Umbrella support does not guarantee these instructions will remain valid after this date and is subject to change based on updates from Microsoft Intune and Apple iOS. 

Procedure:

  1. Log into the Azure Portal and search for "Intune". Alternatively, go to https://endpoint.microsoft.com and login 
  2. Once you're on the Intune homepage, go to Devices --> iOS/iPadOS --> iOS/iPadOS enrollment --> Apple MDM Push certificate and click "Download your CSR"Screenshot_2022-12-20_at_11.14.23_AM.png
  3. Then, click on "Create your MDM push Certificate", which will redirect you to https://identity.apple.com/pushcert/
  4. On the Apple Push Certificates Portal, go to "Create a Certificate" and upload the IntuneCSR.csr file you just downloaded. Once the CSR file has been uploaded successfully, click "Download" to download the Privacy Enhanced Mail (.pem file) and proceed to the next stepScreenshot_2022-12-18_at_3.54.50_PM.png
  5. Enter the email address of your Apple ID account that you used to sign into the Apple Push Certificates Portal and upload the .pem file under "Apple MDM push certificate" and press "Upload". If the upload is successful, you should see the other options for the "Bulk enrollment methods" unlockScreenshot_2022-12-18_at_3.57.35_PM.png
  6. Go to Apple Configurator --> Profiles --> Create and create a new profile. Give it a meaningful name and for User affinity select "Enroll without user affinity". Once that profile has been created, click into your newly created profile and select "Export Profile" and then "Download Profile" on the right hand sideScreenshot_2022-12-18_at_4.23.09_PM.png
  7. Download and launch "Apple Configurator" on your macOS from the App Store and connect your phone via Lightning Cable. Right click on your device within Apple Configurator select Add --> Profiles and then select the profile.mobileconfig file you just downloadedScreenshot_2022-12-20_at_4.47.36_AM.png             Windows alternate: iPhone Configuration Utility
  8. Once the sync has finished, on your iOS/iPadOS device go to Settings app and go to General --> VPN & Device Management --> Management Profile  IMG_5607.jpeg
  9. On the top right, click Install
    IMG_5608.jpeg
  10. If you get a Remote Management prompt, hit Trust and let the profile finish installing
    IMG_5609.jpeg
  11. To confirm the profile was exported and installed successfully on your iOS device, go back to Intune and under "Devices" you should now see your new iOS device added
    Screenshot_2022-12-18_at_4.30.34_PM.png 
  12. Now that your device is MDM enrolled, go to Groups --> All Groups --> New Group and create a new group and assign your device. Make sure your Group type is "Security" and not Microsoft 365Screenshot_2022-12-18_at_4.34.32_PM.png
  13. Click into the group you've just created and go to Members --> Add Members. Find your MDM-device you want to install the Cisco Security Connector app on, on the list and add it to the group you've just createdScreenshot_2022-12-20_at_4.21.39_AM.png
  14. Go to Apps --> All apps --> Add. Then for App type, select "iOS store app" and confirm by clicking "Select"Screenshot_2022-12-18_at_3.34.59_PM.png
  15. Select "Search for App Store" and enter "Cisco Security Connector" in the search bar and select the "Cisco Security Connector" app by clicking "Select"Screenshot_2022-12-20_at_4.25.12_AM.png
  16. Under Assignments, add the group you've created in the earlier steps which contains your MDM-device then proceed with Review and CreateScreenshot_2022-12-20_at_4.25.54_AM.png
  17. [Optional step] Go to Devices --> iOS/iPadOS --> iOS/iPadOS devices --> Properties --> Device Category, create a profile and assign it to the deviceScreenshot_2022-12-18_at_4.49.14_PM.png
  18. Log into your Cisco Umbrella dashboard, under Deployments --> Core Identities --> Mobile Devices --> top right: Manage --> Managed by MDM Screenshot_2022-12-20_at_4.28.15_AM.png
  19. Then go to iOS --> Microsoft Intune Config download. Enter your email address that you want emails to go to when users select "Report a problem" within the Cisco Security Connector app
    Screenshot_2022-12-20_at_4.28.31_AM.png
  20. Go back to your Intune portal, under Devices --> iOS/iPadOS --> Configuration Profiles --> Create Profile --> Templates --> CustomScreenshot_2022-12-18_at_4.55.22_PM.png
  21. Give it a meaningful name for your configuration profile. In Step 2 - Configuration settings, upload the XML file you've just downloaded from your Cisco Umbrella dashboardScreenshot_2022-12-18_at_5.02.32_PM.png
  22. Under Assignments, assign the group you've created earlier that contains your MDM-device and select "Review and Create"
  23. Go back to iOS/iPadOS devices and select your MDM-device and hit sync at the top and you should get a pop-up on your MDM iOS/iPadOS device to install the Cisco Security Connector app
    IMG_0001.jpeg
  24. Launch the Cisco Security Connector app on your iOS/iPadOS device. You may see the "Not Protected by Umbrella"
    IMG_0002.jpeg
  25. When you click into it the IPv4 Status and IPv6 Status may show "Limited". You may need to turn on/off your WiFi or LTE cellular network in order to see a status change. The next steps involves deploying the Cisco Umbrella Root Certificate - it is required in order for block pages to be properly displayed. 
    IMG_0003.jpeg
  26. Go to your Umbrella dashboard, under Deployments --> Root Certificate, download the Umbrella Root Certificate (.cer file)
  27. Go back to your Intune portal, under Devices --> iOS/iPadOS --> Configuration Profiles, create a new profile (just like in Step 21) for the Umbrella Root Certificate
  28. For "Profile type", select Templates --> Trusted certificateScreenshot_2022-12-20_at_4.35.31_AM.png
  29. In Step 2 - Configuration settings, upload the Umbrella Root Certificate you've just downloaded from Step 27Screenshot_2022-12-20_at_4.38.09_AM.png
  30. For Step 3 - Assignments, select the group that contains your MDM iOS/iPadOS device and click "Next" and "Create"
  31. Go back to iOS/iPadOS devices and select your MDM-device and hit sync at the top once again (like step 24) 
  32. Close and relaunch the Cisco Security Connector app again. You should now see the status as "Protected by Umbrella"
    IMG_0004.jpeg
  33. You can verify you're being protected by Cisco Umbrella by going to welcome.umbrella.com in Safari
    IMG_0005.jpeg
    NOTE: you may have to disconnect and reconnect to WiFI to see the change in status. Alternatively, connect to your mobile hotspot and/or a different WiFi network, then back to the same one to see a change in status

 

Limitations: 

if you've removed your iOS/iPadOS device from Intune MDM within the last 24 hours, and try to re-add it, it will not populate under "Members" for when you're trying to locate the device for your "Groups" in Step 14

 

Troubleshooting:

if you're getting an Error: "User Name not recognized. This user is not authorized to use Microsoft Intune", go to the Azure Portal, under "Users" and select the username or account you're using to configure Intune, go to "Licenses" and make sure you have an active Intune License assigned to the user

Screenshot_2022-12-20_at_4.57.25_AM.png

 

Logs:

By default, the logs password will be bypass_email_filters . This can also be located in the UmbrellaProblemReport.txt

 

Was this article helpful?

2 out of 2 found this helpful
Have more questions? Submit a request

Related articles