Just in Time registration and compliance Remediation for iOS/iPadOS with Microsoft Intune

This setup wont work with Web Protection for Supervised iOS devices without local VPN.

If you deploy the control filter for Zero Touch, then Web Protection will still not work!

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/ios-install?view=o365-worldwide#device-configuration-profile-control-filter

If deployed using Company portal and not modern authentication then Zero Touch config for Defender for Endpoint works as excepted.

If you deploy using modern authentication and the user signs into Company Portal, then Web Protection starts working.

If you deploy using modern authentication with JIT then everything breaks. Web Protection will now not start until the user actually signs in to the Defender app.

This is completely broken and not usable at the moment, is the JIT actually doing the same things in the background as the Company Portal app is doing? If Yes then why does it introduce a new bug.

The Defender for Endpoint Zero Touch config have had it fare share of bugs recently and now introducing JIT I thought it would be perfect, but I was wrong. Can you please look into this issue as this is the only thing stopping us from moving away from Company Portal.