This post was slightly delayed due to an issue with the app display name. More info can be found here and worth checking if your Windows Phone 8 is running English[UK] or European Portuguese.
Preparing the Windows Intune – Windows Phone 8 Company Portal
Step 1 – Obtain the code signing certificate
Go to the Windows Phone Dev Center (https://dev.windowsphone.com/en-us), sign-in using a Windows Live ID and register for an account.
The process will then begin with Symantec and Microsoft to verify your company details. This may take between 2 – 10 days.
Once approved, and only once approved, make a note of your Symantec Id on the Account summary of the Dev Center and then go to this site to request and pay for your certificate: https://products.websecurity.symantec.com/orders/enrollment/microsoftCert.do
Symantec will send an e-mail with a URL to retrieve your new certificate and 2 URLs to install the root certificates in the chain.
Open a new MMC window (Windows Key + Run -> mmc), from the file menu choose Add/Remove Snapin, select Certificates and then choose Computer account. Click Next, Finish and then OK.
Use this URL to download and save the Symantec Root CA Cert: https://knowledge.verisign.com/library/VERISIGN/ALL_OTHER/Symantec_Enterprise_Mobile_Root_for_Microsoft.cer
Use the open MMC console to import this certificate into the Trusted Root Certification Authorities store by expanding the nodes then right clicking, choosing All Tasks then Import.
Use this URL to download and save the Symantec Intermediate CA Cert: https://knowledge.verisign.com/library/VERISIGN/ALL_OTHER/Symantec_Enterprise_Mobile_CA_for_Microsoft_Cert.cer
Use the open MMC console to import this certificate into the Intermediate Certification Authorities store by expanding the nodes then right clicking, choosing All Tasks then Import.
Once this has been completed, use the Symantec supplied URL to retrieve your code signing certificate. This should install the certificate into the Personal store of the currently logged on user.
Close the mmc window if still open and then reopen a new mmc console, use the Add/Remove snapins option and select Certificates, but this time choose “My user account”.
Navigate to the Personal > Certificates node, select the newly imported code signing certificate, right click on it, and choose All Tasks then Export.
Step through the wizard choosing to export the Private Key and to include all certificates in the chain and save the certificate to C:\Intune.
N.B. It is important that you select the option to include all certificates in the chain otherwise later the Company Portal app will fail to download to your device.
Step 2 – Signing the Portal App
To sign Windows Phone 8 applications you will need the Windows Phone 8 SDK installing.
This SDK also requires Windows 8 as the Operating System.
Download the SDK from here:
Once the SDK is installed, navigate to C:\Program Files (x86)\Microsoft SDKs\Windows Phone\v8.0\Tools\XapSignTool and copy the contents to the C:\Intune folder created earlier
Navigate to C:\Program Files (x86)\Windows Kits\8.0\bin\x86 and copy signtool.exe to the C:\Intune folder
At the Start Screen (Windows 8) search for VS2012 x86 to find the Native Tools command prompt and run it As an Administrator
In the command prompt type:
- CD Intune
- XapSignTool.exe sign /f C:\Intune\Certificate.pfx /p xXxXxXxXx C:\Intune\SSP.xap
(xXxXxXxXx is the password you used for the exported certificate)
This will sign the Company Portal App with your code signing certificate ready for import into Intune/ConfigMgr.
If you want to double check the app has been signed, rename the extension to .zip again and extract one of the .dll files to the C:\Intune folder. Open the properties of the file by right clicking it and choosing properties, then Digital Signatures. You can keep checking deeper by choosing the relevant details options for the certificate.
Uploading the Windows Phone 8 Company Portal
At this point I've split the instructions into the steps for both direct management from Intune (Step 3a) and management from ConfigMgr SP1 with Intune (Step 3b). Choose the relevant step for your management method.
Step 3a – Uploading the signed Company Portal to Windows Intune
Login to the Admin Console here: https://admin.manage.microsoft.com
Navigate in the console to Administration > Mobile Device Management > Windows Phone 8
Click the Upload Signed App File button
Follow the wizard through, specifying the signed xap file and certificate used from the previous steps.
At this point it’s worth waiting about 15 minutes before attempting to enrol a Windows Phone 8 device.
Step 3b – Uploading the signed Company Portal to Configuration Manager
- Navigate in the ConfigMgr console to Software Library>Overview>Application Management>Applications
- Click on the Create Application button on the ribbon
- Drop the selection list down and choose Windows Phone app package (*.xap file)
- Click Browse and navigate to the company portal xap file you signed earlier
- Step through the wizard to complete creating the application
- Deploy the application to the collection of users you are allowing to enrol mobile devices but ensure you choose the Intune cloud distribution point (manage.microsoft.com) during the wizard
- Navigate in the ConfigMgr console to Administration>Hierarchy Configuration>Windows Intune Subscriptions
- Click on the Windows Intune Subscription that you setup previously
- Click on Properties on the ribbon bar
- On the Windows Intune Subscription Properties screen that opens Click the Windows Phone 8 tab
- Tick the check box next to Enable Windows Phone 8 platform
- Click Browse next to the Code signing certificate box, navigate to your code-signing certificate and Click OK
- Enter the password for the certificate
- Click Browse next to the Company portal app box, select your company app from the list and Click OK