- Microsoft Company Portal Windows 10
- Microsoft Company Portal For Mac
- Microsoft Intune Company Portal Mac Download
- Company Portal App Microsoft Store
- Collaborate for free with online versions of Microsoft Word, PowerPoint, Excel, and OneNote. Save documents, spreadsheets, and presentations online, in OneDrive.
- Home: Microsoft Endpoint Manager: Intune Customer Success: Support Tip: Reduce your helpdesk costs for device password reset with Intune Company Portal Website.
- Download the Office 2016 Deployment Tool, after the download is completed, running the OfficeDeploymentTool.exe produces a Setup.exe and a configuration.xml file 2. Edit the Configuration.xml with a word editor, here is a sample for the configuration.xml, you can edit it according to your requirement.
Software Download. Software Download. Software Download. Download Microsoft 365 for macOS or later and enjoy it on your Mac. A qualifying Microsoft 365 subscription is required for Word, Excel, PowerPoint, and Outlook. A free 1-month trial of Microsoft 365 is included with each Microsoft 365 in-app purchase.
The Company Portal apps, Company Portal website, and Intune app on Android are where users access company data and can do common tasks. Common task may include enrolling devices, installing apps, and locating information (such as for assistance from your IT department). Additionally, they allow users to securely access company resources. The end-user experience provides several different pages, such as Home, Apps, App details, Devices, and Device details. To quickly find apps within the Company Portal, you can filter the apps on the Apps page.
Note
The Company Portal supports Configuration Manager applications. This feature allows end users to see both Configuration Manager and Intune deployed applications in the Company Portal for co-managed customers. This new version of the Company Portal will display Configuration Manager deployed apps for all co-managed customers. This support will help administrators consolidate their different end user portal experiences. For more information, see Use the Company Portal app on co-managed devices.
Customizing the user experience
By customizing the end-user experience, you will help provide a familiar and helpful experience for your end users. To do this, navigate to Microsoft Endpoint Manager admin center, and select Tenant Administration > Customization, where you can either edit the default policy or create up to 10 group targeted policies. These settings will apply to the Company Portal apps, Company Portal website, and Intune app on Android.
Branding
The following table provides the branding customization details for the end-user experience:
Field name | More information |
---|---|
Organization name | This name is displayed throughout the messaging in the end-user experience. It can be set to display in headers as well using the Show in header setting. Max length is 40 characters. |
Color | Choose Standard to choose from five standard colors. Choose Custom to select a specific color based on a hex code value. |
Theme color | Set theme color to show across end-user experience. We'll automatically set the text color to black or white so that it's most visible on top of your selected theme color. |
Show in header | Select whether the header in the end-user experiences should display the Organization logo and name, the Organization logo only, or the Organization name only. The preview boxes below will only show the logos, not the name. |
Upload logo for theme color background | Upload the logo you want to show on top of your selected theme color. For the best appearance, upload a logo with a transparent background. You can see how this will look in the preview box below the setting. Maximum image size: 400 x 400 px |
Upload logo for white or light background | Upload the logo you want to show on top of white or light-colored backgrounds. For the best appearance, upload a logo with a transparent background. You can see how this will look on a white background in the preview box below the setting. Maximum image size: 400 x 400 px |
Upload brand image | Upload an image that reflects your organization's brand.
|
Note
When a user is installing an iOS/iPadOS application from the Company Portal they will receive a prompt. This occurs when the iOS/iPadOS app is linked to the app store, linked to a volume-purchase program (VPP), or linked to a line-of-business (LOB) app. The prompt allows the users to accept the action or allow management of the app. The prompt will display your company name, or when your company name is unavailable, Company Portal will be displayed.
Microsoft Company Portal Windows 10
Brand image best practices
The right brand image can enhance the user's trust by presenting a strong sense of your organization's brand. Here are some tips you may want to consider for acquiring, choosing, and optimizing the image for the display locations.
Microsoft Company Portal For Mac
- Reach out to your marketing or art department. They may already have an approved set of brand images. They may also be able to help you optimize images as needed.
- Consider both landscape and portrait composition. The image should have sufficient background surrounding the focal point. The image may be cropped differently based on device size, orientation, and platform.
- Avoid using a generic, stock image. The image should reflect your organization's brand and feel familiar to users. If you don't have one, it's better to not use one than use a generic one that has no meaning to your user.
- Remove unnecessary metadata. Image file can come with metadata such as camera profile, geo location, title, caption, and so on. Use an image optimization tool to strip out this information to maintain quality while meeting file size limit.
Brand image examples
The following image shows an example of the brand image on an iPhone:
The following shows an example of the brand image in the Intune app for Android:
Support information
Enter your organization's support information, so employees can reach out with questions. This support information will be displayed on Support, Help & Support, and Helpdesk pages across the end-user experience.
Field name | Maximum length | More information |
---|---|---|
Contact name | 40 | This name is who users will reach when they contact support. |
Phone number | 20 | This number enables users to call for support. |
Email address | 40 | This email address is where users can send emails for support. You must enter a valid email address in the format alias@domainname.com . |
Website name | 40 | This is the friendly name that is displayed in some locations for the URL to the support website. If you specify a support website URL and no friendly name, then the URL itself is displayed in the end-user experiences. |
Website URL | 150 | The support website that users should use. The URL must be in the format https://www.contoso.com . |
Additional information | 120 | Include any additional support-related messaging to users here. |
Configuration
You can configure the Company Portal experience specifically for enrollment, privacy, notifications, app sources, and self-service actions.
Enrollment
The following table provides enrollment-specific configuration details:
Field name | Maximum length | More information |
---|---|---|
Device enrollment | N/A | Specify if and how users should be prompted to enroll into mobile device management. For more information, see Device enrollment setting options. |
Device enrollment setting options
Note
Support for the device enrollment setting requires end users have these Company Portal versions:
- Company Portal on iOS/iPadOS: version 4.4 or later
- Company Portal on Android: version 5.0.4715.0 or later
Important
The following settings do not apply to iOS/iPadOS devices configured to enroll with Automated Device Enrollment. Regardless of how these setting are configured, iOS/iPadOS devices configured to enroll with Automated Device Enrollment will enroll during the out of box flow and users will be prompted to sign in when they launch the Company Portal.
The following settings do apply to Android devices configured with Samsung Knox Mobile Enrollment (KME). If a device has been configured for KME and device enrollment is set to Unavailable, the device will not be able to enroll during the out of box flow.
Device enrollment options | Description | Checklist prompts | Notification | Device details status | App visibility (for an app that requires enrollment) |
---|---|---|---|---|---|
Available, with prompts | The default experience with prompts to enroll in all possible locations. | Yes | Yes | Yes | Yes |
Available, no prompts | User can enroll via the status in device details for their current device or from apps that require enrollment. | No | No | Yes | Yes |
Unavailable | There is no way for users to enroll. Apps requiring enrollment will be hidden. | No | No | No | No |
Privacy
The following table provides privacy-specific configuration details:
Field name | Maximum length | More information |
---|---|---|
Privacy statement URL | 79 | Set your organization's privacy statement to appear when users click on privacy links. You must enter a valid URL in the format https://www.contoso.com . |
Privacy message about what support can't see or do (iOS/iPadOS) | 520 | Keep the default message or customize the message to list the items that your organization can't see on managed iOS/iPadOS devices. You can use markdown to add bullets, bolding, italics, and links. |
Privacy message about what support can see or do (iOS/iPadOS) | 520 | Keep the default message or customize the message to list the items that your organization can see on managed iOS/iPadOS devices. You can use markdown to add bullets, bolding, italics, and links. |
Device ownership notification
The following table provides notification-specific configuration details:
Field name | Maximum length | More information |
---|---|---|
Send a push notification to users when their device ownership type changes from personal to corporate (Android and iOS/iPadOS only) | N/A | Send a push notification to both your Android and iOS Company Portal users when their device ownership type has been changed from personal to corporate. By default, this push notification is set to off. When device ownership is set to corporate ownership, Intune has greater access to the device, which includes the full app inventory, FileVault key rotation, phone number retrieval, and a select few remote actions. For more information, see Change device ownership. |
App sources
You can choose which additional app sources will be shown in Company Portal.
Note
The Company Portal supports Configuration Manager applications. This feature allows end users to see both Configuration Manager and Intune deployed applications in the Company Portal for co-managed customers. For more information, see Use the Company Portal app on co-managed devices.
The following table provides app source specific configuration details:
Field name | Maximum length | More information |
---|---|---|
Azure AD Enterprise Applications | N/A | Select Hide or Show to display Azure AD Enterprise applications in the Company Portal for each end user. For more information, see App source setting options. |
Office Online Applications | N/A | Select Hide or Show to display Office Online applications in the Company Portal for each end user. For more information, see App source setting options. |
App source setting options
Note
The display of apps from other Microsoft services is only supported in the Windows Company Portal and the Company Portal website.
You can hide or show Azure AD Enterprise applications and Office Online applications in the Company Portal for each end user. Show will cause the Company Portal to display the entire applications catalog from the chosen Microsoft service(s) assigned to the user. Azure AD Enterprise applications are registered and assigned via the Azure portal. Office Online applications are assigned using the licensing controls available in the M365 Admin Center. In the Microsoft Endpoint Manager admin center, select Tenant administration > Customization to find this configuration setting. By default, each additional app source will be set to Hide.
Customizing user self-service actions for the Company Portal
You can customize the available self-service device actions that are shown to end users in the Company Portal app and website. To help prevent unintended device actions, you can configure settings for the Company Portal app by selecting Tenant Administration > Customization.
The following actions are available:
- Hide Remove button on corporate Windows devices.
- Hide Reset button on corporate Windows devices.
- Hide Remove button on corporate iOS/iPadOS devices.
- Hide Reset button on corporate iOS/iPadOS devices.
Note
These actions can be used to restrict device actions in the Company Portal app and website and do not implement any device restriction policies. To restrict users from performing factory reset or MDM removal from settings, you must configure device restriction policies.
Opening Web Company Portal applications
For Web Company Portal applications, if the end user has the Company Portal application installed, the end users will see a dialog box asking how they want to open the application when opening outside of the browser. If the app is not in the path of the Company Portal, then the Company Portal will open the homepage. If the app is in the path, then the Company Portal will open the specific app.
Upon selecting the Company Portal, the user will be directed to the corresponding page in the application when the URI path is one of the following:
/apps
- The Web Company Portal will open the Apps page that lists all of the apps./apps/[appID]
- The Web Company Portal will open the Details page of the corresponding app.- The URI path is different or unexpected - The Web Company Portal home page will be displayed.
If the user does not have the Company Portal app installed, the user will be taken to the Web Company Portal.
Company Portal derived credentials for iOS/iPadOS devices
Microsoft Intune Company Portal Mac Download
Intune supports Personal Identity Verification (PIV) and Common Access Card (CAC) Derived Credentials in partnership with credential providers DISA Purebred, Entrust Datacard, and Intercede. End users will go through additional steps post-enrollment of their iOS/iPadOS device to verify their identity in the Company Portal application. Derived Credentials will be enabled for users by first setting up a credential provider for your tenant, then targeting a profile that uses Derived Credentials to users or devices.
Note
Company Portal App Microsoft Store
The user will see instructions about derived credentials based on the link that you have specified via Intune.
For more information about derived credentials for iOS/iPadOS devices, see Use derived credentials in Microsoft Intune.
Dark Mode for the Company Portal
Dark Mode is available for the iOS/iPadOS, macOS, and Windows Company Portal. Users can download apps, manage their devices, and get IT support in the color scheme of their choice based on device settings. The iOS/iPadOS, macOS, and Windows Company Portal will automatically match the end user's device settings for dark or light mode.
Windows Company Portal keyboard shortcuts
End users can trigger navigation, app, and device actions in the Windows Company Portal using keyboard shortcuts (accelerators).
The following keyboard shortcuts are available in the Windows Company Portal app.
Area | Description | Keyboard shortcut |
---|---|---|
Navigation menu | Navigation | Alt+M |
Home | Alt+H | |
All apps | Alt+A | |
Installed apps | Alt+I | |
Send feedback | Alt+F | |
My profile | Alt+U | |
Settings | Alt+T | |
Home - Device tile | Rename | F2 |
Remove | Ctrl+D or Delete | |
Check access | Ctrl+M or F9 | |
Device details | Rename | F2 |
Remove | Ctrl+D or Delete | |
Check access | Ctrl+M or F9 | |
App details | Install | Ctrl+I |
Devices | Available | Ctrl+D |
End users will also be able to see the available shortcuts in the Windows Company Portal app.
User self-service device actions from the Company Portal
Users can perform actions on their local or remote devices via the Company Portal app, Company Portal website, or the Intune app on Android. The actions that a user can perform vary based on device platform and configuration. In all cases, the remote device actions can only be performed by device's Primary User.
Available self-service device actions include the following:
- Retire – Removes the device from Intune Management. In the company portal app and website, this shows as Remove.
- Wipe – This action initiates a device reset. In the company portal website this is shown as Reset, or Factory Reset in the iOS/iPadOS Company Portal App.
- Rename – This action changes the device name that the user can see in the Company Portal. It does not change the local device name, only the listing in the Company Portal.
- Sync – This action initiates a device check-in with the Intune service. This shows as Check Status in the Company Portal.
- Remote Lock – This locks the device, requiring a PIN to unlock it.
- Reset Passcode – This action is used to reset device passcode. On iOS/iPadOS devices the passcode will be removed and the end user will be required to enter a new code in settings. On supported Android devices, a new passcode is generated by Intune and temporarily displayed in the Company Portal.
- Key Recovery – This action is used to recover a personal recovery key for encrypted macOS devices from the Company Portal website.
To customize the available user self-service actions, see Customizing user self-service actions for the Company Portal.
Self-Service Actions
Some platforms and configurations do not allow self-service device actions. This table below provides further details about self-service actions:
Action | Windows 10(3) | iOS/iPadOS(3) | macOS(3) | Android(3) |
---|---|---|---|---|
Retire | Available(1) | Available(9) | Available | Available(7) |
Wipe | Available | Available(5)(9) | NA | Available(7) |
Rename(4) | Available | Available | Available | Available |
Sync | Available | Available | Available | Available |
Key Recovery | NA | NA | Available(2) | NA |
(1)Retire is always blocked on Azure AD Joined Windows devices.
(2)Key Recovery for macOS is only available via the Web Portal.
(3) All remote actions are disabled if using a Device Enrollment Manager enrollment.
(4)Rename only changes the device name in the Company Portal app or Web Portal, not on the device.
(5)Wipe is not available on User Enrolled iOS/iPadOS devices.
(6)Reset Passcode is not supported on some Android and Android Enterprise configurations. For more information, see Reset or remove a device passcode in Intune.
(7)Retire and Wipe are not available on Android Enterprise Device Owner scenarios (COPE, COBO, COSU).
(8)Reset Passcode is not supported on User Enrolled iOS/iPadOS devices.
(9)All iOS/iPadOS Automated Device Enrollment devices (formerly known as DEP) have Retire and Wipe options disabled.
App logs
If you are using Azure Government, app logs are offered to the end user to decide how they will share when they initiate the process to get help with an issue. However, if you are not using Azure Government, the Company Portal will send app logs directly to Microsoft when the user initiates the process to get help with an issue. Sending the app logs to Microsoft will make it easier to troubleshoot and resolve issues.
Note
Consistent with Microsoft and Apple policy, we do not sell any data collected by our service to any third parties for any reason.
Next steps
Microsoft released a beta version of the Intune Company Portal for macOS just last month; however, it’s since been pulled from the Download Center. This app had been made available along with the announcement of Conditional Access supporting macOS in preview.
Edit: the download is now available again: https://www.microsoft.com/en-us/download/details.aspx?id=55770
Installing the Company Portal is required to enable Conditional Access support on macOS, so I imagine a new version will be made available soon. If you’re testing with Macs or looking for full support with Intune, this is an important part of the puzzle.
Intune Web Enrollment
Previous to the Company Portal on macOS, enrollment in Intune is a largely manual process that requires logging into the Intune web portal with a browser, downloading a management profile and installing that manually. Not the best user experience.
Here’s what that looks like:
Intune Company Portal for macOS Experience
With the Company Portal, the user experience is streamlined, with the management profile installed automatically and you can see device compliance status from within the app. Here’s a quick look at the end-user experience with the Intune Company Portal for macOS on macOS Sierra.
Hopefully we’ll see the portal app available for download again soon and available for wider testing. I’m also hoping that the availability of the Portal app means we’ll see the ability for Intune to install apps on macOS. As we see more Mac devices (either corporate or personally owned), the ability to deploy and manage apps on this platform becomes critical.