Just in Time registration and compliance Remediation for iOS/iPadOS with Microsoft Intune

We appreciate all your feedback and wanted to address a few of the additional comments above.

Manfred_Pohlemann - We recommend not adding any Microsoft apps to the SSO. All Microsoft and Office apps are integrated with the correct identity library. However, non-Microsoft applications do need to be manually added. We recommend having your users kick off JIT registration with the Teams app, which is integrated with the most updated identity library and provides the most seamless experience with JIT registration.

Robert Leiden - Yes, you can use third party apps that take credentials for JIT registration, as long as it’s configured correctly with the SSO extension.

PaBohr - The Microsoft Authenticator app is required for JIT registration, so it should be configured to be sent to the device along with the rest of the configurations. If you send it down later, the user may be delayed in completing JIT registration, and the user may be brought back to the original modern authentication flow without JIT registration. We recommend sending down the Authenticator app along with any other configurations you need for JIT registration. Make sure you don't add the Authenticator app to the SSO extension policy!

DRich22 - Thanks for the feedback! Be on the lookout for an incoming message so we can learn more and talk though your scenario.