eSIM (embedded SIM) also known as an eUICC (embedded universal integrated circuit card) is a modern – next generation programmable SIM-card for cellular mobile networks. eSIM chips have been available in several smart watches and mobile devices for couple of years, but Apple and Google have restricted the programming of the eSIM-chip with the separate mobile device management solutions (Feb/2020). Only way to program those devices is currently using a QR code provided by the issuer of eSIM connection (operator).
Microsoft has provided also a native support for eSIM connections in Windows 10. You can use Microsoft Intune to push the connection data centrally from the management side to your Windows 10 devices with an eSIM chip.
Required information for eSIM
First of all you will need three things for each eSIM connection from your mobile network provider:
- SM-DP+ URL
- ICCID
- Matching ID
Combine this information to a single CSV-file using the following template. SM-DP+ URL for the first line. It is the activation URL for the eSIM service. This is the same for each connection provided by the same mobile network operator.
ICCID (Integrated circuit card identifier) is kind of the eSIM-connection serial number. Each connection has separate number. Place the ICCID number of each connection to the new line followed by comma.
Matching ID is also an unique ID for each connection. It’s kind of a secret activation code for the specified eSIM (ICCID). Place the Matching ID after the ICCID for each line without a comma in the end.
Using this method you’ll end up to the CSV-file with all of your eSIM-connections that you are adding to Intune at the same time. There can be maximum of 1000 eSIM-profiles in one csv-file, when you are uploading those to Intune.
CSV import
When you have prepared your CSV-file it’s time to open your Mobile endpoint manager admin center (Intune portal). Under Devices select eSIM cellular profiles. Select Add and search your CSV-file. Remember to confirm your import by selecting OK.
Assignment of eSIM profiles
To assign your eSIM-profiles, create an Azure AD Group for your devices. Add devices that you want to provision with an eSIM connection to that group. It’s important to add devices – NOT USERS!!!
Open the uploaded eSIM-profile and assign it for the selected eSIM group.
After the profile assignment everything is ready. When the device finds out that it’s in the new group and it has a new profile available, it will sync the profile and register an unassigned eSIM connection with a mobile connection provider. If you have a PIN-code in the eSIM, you have to authenticate with it, but after entering the PIN-code, you can use it as a normal LTE-connection in the laptop. You can see more settings of eSIM under the Cellular page in the Settings application.
Monitoring provisioning status from Intune
You can monitor the registration status of your eSIM-devices from the Mobile endpoint manager admin center (Intune portal). Open the profile that you want to analyze and look for the overview page or device status-page.
Deprovisioning
If you have to deprovision the profile from the eSIM for some reason, you can remove it from the eSIM group that you created. Next time, when the Windows is not using the cellular network through the eSIM, it’s connected to the internet and syncing new policies it will remove the profile from the device. Can you then re-use the profile for another device? It depend’s of your mobile network provider, does them allow to use in on more than one device – ask it from your support!
Supported devices now and tomorrow
Currently there aren’t so many laptops with eSIM chips on the market, but the count is increasing all the time. At least some devices has been listed on Microsoft’s documentation that has the eSIM support. We used a Surface Pro X on our testing and it worked like a charm.
Currently all devices in the market that are eSIM capable has only 4G LTE modules (at least I haven’t seen yet any 5G laptop with the eSIM support). Hopefully next device generations will have also 5G support on their hardware, because it’s going to be the future of the mobile networks for the next several years.
0 Comments