Just in Time registration and compliance Remediation for iOS/iPadOS with Microsoft Intune

Hi Marc, 

The goal of JIT registration was focused around getting the user to be productive as fast as possible.  When we talk about it, we are specifically meaning with the M365 apps and Conditional Access.  Conditional Access requires the device to be registered and the old flow required the Company Portal and all of those extra and confusing steps for the user.  Now, the user just will do what they would naturally do and attempt to use Teams or Outlook and the JIT Reg occurs in the app in that flow.  Even any compliance remediation steps are handled in that flow.    If your users aren't attempting to use CA controlled resources, then they don't need the access and aren't dealing with the extra steps.   The registration itself is from an AAD perspective for CA.   The Set Up Assistant Modern auth piece will handle the User affinity with the device.  That first log in will associate the user.  

While we are excited and believe that Set Up Assistant Modern Auth w/JIT Reg will be a huge user experience improvement for most users/customers, we also acknowledge that it won't work for all customer scenarios.  In the new year you will see some additional features and guidance around additional options to leverage depending on your specific use cases. 

Those changes and guidance will be about what we can build and offer.  However, our vision is for that first OOBE auth to be the only auth but we need some help on the OS side with that.  We are hoping that something like Enrollment SSO that Apple announced for Account Driven User Enrollment will make its way to ADE. 

If you or other customers have any specific scenarios or questions, please let us know.