Blog Post

Intune Customer Success
6 MIN READ

Just in Time registration and compliance Remediation for iOS/iPadOS with Microsoft Intune

Intune_Support_Team's avatar
Intune_Support_Team
Silver Contributor
Oct 28, 2022
By Anya Novicheva, Product Manager 2 | Microsoft Intune, and Jaye Ren, Product Manager | Microsoft Intune   We are excited to announce Just in Time (JIT) Registration for Setup Assistant with mod...
Updated Dec 19, 2023
Version 19.0
Just in Time (JIT)
Wizard_Ca's avatar
Wizard_Ca
Copper Contributor
Dec 20, 2022

Intune_Support_Team I have successfully enrolled 2 devices that never finished the enrollment process via Company Portal. I did not have to change their enrollment profile nor was a device reset required. I just added the users to our JIT Test group. Everything is configured as mentioned above with Authenticator not being in the SSO ext policy and also being set to required (in our case via VPP). I have several questions/feedback.

We set Authenticator as required via VPP. 1 of my test users was not using Authenticator on their device and Authenticator installed without any issue via our VPP. For the devices that already have Authenticator downloaded via the Store App I started seeing the below. For JIT to work correctly does Authenticator have to be installed from the required install that we requested or will a previously installed App Store version work? (I ask this because of the way Company Portal used to work where the App Store version was not compatible with DEP devices. It had to be version that was downloaded via VPP). If the required "version" is well... required, I can always ask the user to delete the one they had installed and wait for it to install via VPP.

 

We did not have CA policy that requested a device be Intune compliant. We created the below and assigned to our JIT test group. I'm assuming that this CA helps kick off JIT since the device is non-compliant in Intune. My question is if I disable this CA policy, does JIT still know that a device is non-compliant and therefore will still go through JIT registration? Maybe this CA policy is not even required?

 


For both of my successful cases, Company portal continues to open after selecting Continue on the "Setup your device to get access". From the video posted, the compliance and steps to take windows appear within the app that is being accessed. In my cases, it opens up Company Portal but it now does allow to just tap Continue and goes through the 2 steps of "Get your device managed" and "Checking Device settings". Once those 2 are green, Intune shows them fully Compliant and all is good.

So it works, but not sure if I might have some other configurations not quite setup correctly, or if we can help work out different scenarios.