Skip to main content

IIS Configuration

This service account can be used to granularly control required MECM and database permissions.

Required roles and features

Intune Manager - Server Features.png

In Addition to the Features installed by default, the following Features must also be installed:

  • ASP.NET 4.7

Intune Manager - IIS Roles.png

In addition to the roles installed by default, the following roles must also be installed:

  • Basic Authentication
  • Centralized SSL Certificate Support
  • Windows Authentication

Service account assignment

To run Intune Manager in the context of a service account, perform the following steps within IIS:

iis-assign-service-account1.png

iis-assign-service-account2.png

iis-assign-service-account3.png

Configuration SSL certificate

The prerequisite for authentication and authorization via Azure AAD is a configured SSL certificate.

An existing certificate can be used, or alternatively a self-signed certificate can be used.

The creation and assignment of a self-signed certificate is described below.

To create an SSL certificate within the IIS, the following steps must be performed:

  1. Generation of a self-signed certificate

    iis-config1.png

  2. Assigning a name for the certificate

    iis-config2.png

  3. Assignment of the certificate by means of bindings

    iis-config3.png

  4. Activation of https with port 443 and selection of the previously created certificate

    iis-config4.png