eSIM (embedded SIM) also known as an eUICC (embedded universal integrated circuit card) is a modern – next generation programmable SIM-card for cellular mobile networks. eSIM chips have been available in several smart watches and mobile devices for couple of years, but Apple and Google have restricted the programming of the eSIM-chip with the separate mobile device management solutions (Feb/2020). Only way to program those devices is currently using a QR code provided by the issuer of eSIM connection (operator).

Microsoft has provided also a native support for eSIM connections in Windows 10. You can use Microsoft Intune to push the connection data centrally from the management side to your Windows 10 devices with an eSIM chip.

Required information for eSIM

First of all you will need three things for each eSIM connection from your mobile network provider:

  • SM-DP+ URL
  • ICCID
  • Matching ID

Combine this information to a single CSV-file using the following template. SM-DP+ URL for the first line. It is the activation URL for the eSIM service. This is the same for each connection provided by the same mobile network operator.

ICCID (Integrated circuit card identifier) is kind of the eSIM-connection serial number. Each connection has separate number. Place the ICCID number of each connection to the new line followed by comma.

Matching ID is also an unique ID for each connection. It’s kind of a secret activation code for the specified eSIM (ICCID). Place the Matching ID after the ICCID for each line without a comma in the end.

Using this method you’ll end up to the CSV-file with all of your eSIM-connections that you are adding to Intune at the same time. There can be maximum of 1000 eSIM-profiles in one csv-file, when you are uploading those to Intune.

Example of eSIM CSV-file

CSV import

When you have prepared your CSV-file it’s time to open your Mobile endpoint manager admin center (Intune portal). Under Devices select eSIM cellular profiles. Select Add and search your CSV-file. Remember to confirm your import by selecting OK.

eSIM CSV Import

Assignment of eSIM profiles

To assign your eSIM-profiles, create an Azure AD Group for your devices. Add devices that you want to provision with an eSIM connection to that group. It’s important to add devices – NOT USERS!!!

Open the uploaded eSIM-profile and assign it for the selected eSIM group.

Assigning the eSIM profile to the AAD Group

After the profile assignment everything is ready. When the device finds out that it’s in the new group and it has a new profile available, it will sync the profile and register an unassigned eSIM connection with a mobile connection provider. If you have a PIN-code in the eSIM, you have to authenticate with it, but after entering the PIN-code, you can use it as a normal LTE-connection in the laptop. You can see more settings of eSIM under the Cellular page in the Settings application.

eSIM connection provisioned and connected
eSIM connection provisioned and status from settings

Monitoring provisioning status from Intune

You can monitor the registration status of your eSIM-devices from the Mobile endpoint manager admin center (Intune portal). Open the profile that you want to analyze and look for the overview page or device status-page.

Profile Overview page
eSIM Device Status page

Deprovisioning

If you have to deprovision the profile from the eSIM for some reason, you can remove it from the eSIM group that you created. Next time, when the Windows is not using the cellular network through the eSIM, it’s connected to the internet and syncing new policies it will remove the profile from the device. Can you then re-use the profile for another device? It depend’s of your mobile network provider, does them allow to use in on more than one device – ask it from your support!

Supported devices now and tomorrow

Currently there aren’t so many laptops with eSIM chips on the market, but the count is increasing all the time. At least some devices has been listed on Microsoft’s documentation that has the eSIM support. We used a Surface Pro X on our testing and it worked like a charm.

Currently all devices in the market that are eSIM capable has only 4G LTE modules (at least I haven’t seen yet any 5G laptop with the eSIM support). Hopefully next device generations will have also 5G support on their hardware, because it’s going to be the future of the mobile networks for the next several years.


Markus Lintuala

I have worked most of my career on traditional infrastructure management side with enterprise architectures, workstation and server management. When Microsoft published the first IaaS-services on Azure I started my journey towards the cloud on productivity as well as on platform side. I like to work often with the newest technologies; currently specially in Microsoft 365 identity, security, device management and end-user experience area.

0 Comments

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.