Thursday, December 5, 2013

Manage Windows (RT) 8.1 devices in Windows Intune

Yesterday I want to enroll Windows Intune (integrated in System Center 2012 R2 Configuration Manager) on a Surface 2 Pro (Windows 8.1 Pro) and Surface 2 RT (Windows RT 8.1). Unfortunately you must have certificates for both devices available for doing an enrollment to deploy any custom apps. This must be done in ConfigMgr (because this is my Mobile Device Management Authority) from now on.

For Windows Phone there is a Support Tool for Windows Intune Trial Management of Window Phone 8 available. More about that one in this blogpost. Let's have a look in ConfigMgr now. Within Software Library "Windows RT Sideloading Keys" can be created. These are not available for trial purposes as far as I know?
This is needed for both Windows RT, Windows RT 8.1 and Windows 8.1 which are not domain-joined. When devices are domain-joined (when possible and/or supported) a certificate is not needed. Within Windows Intune Subscription properties an Code-signing certificate (CER or CRT file) is needed to get the job done.

Why Microsoft has choosen for this, while Apple and Google has better (and cheaper) ways? To do this you must supply an Enterprise Agreement (EA) Sideloading key, which can be obtained from your Microsoft Volume Licensing Service Center provider. Pity I can't manage my new Surfaces now! Anyone?

Update 15-1-2014: When looking for a workaround on Windows RT sideloading keys have a look at this blogpost.

  1. This is not true: "Unfortunately you must have certificates for both devices available for doing an enrollment"
    No certs needed to *enroll* the devices.