Just in Time registration and compliance Remediation for iOS/iPadOS with Microsoft Intune

Wizard_Ca Actually I'm testing it right now.

I'm using a user account with only MFA enabled for now (the device is not required to be enrolled with Azure AD for the user to login) and it works even without inserting the Mail app Bundle ID in the list. However, before configuring the Exchange account using the Settings app (Settings --> Mail --> Account --> MyCompany account --> Insert password), I need to wait for the Authenticator app to be downloaded and installed if I want to register the device with Azure AD and that the other Microsoft apps detect the Azure AD account instead of asking to sign in again.

If I go straight on and, after the Setup Assistant phase, I promptly tap "Modify settings" instead of "Cancel" in the pop up dialog that appears asking to insert the password of the pushed Exchange account, I end up configuring the account without the required configuration profile and Authenticator app installed on the device and it doesn't leverage the SSO method to correctly register the device with Azure AD using a third-party SSO-enabled app (I suppose).

When I go this way, I always have to log in again in a Microsoft app to correctly register the device in Azure AD, ending up with 3 logins instead of the 2 logins that the JIT enrollment method should assure.

It would be great if there would be a way to push the Authenticator app down to the device so that after the Setup Assistant phase it is already installed like the Company Portal app. Currently it takes several minutes for the Authenticator app to be installed while the Company Portal app is always already installed when I reach the iOS/iPadOS Home Screen.

I hope that the description is sufficiently clear, otherwise feel free to ask me anything.