Updated December 19 2023: We’ve been hard at work to improve the ADE experience through the release of Setup Assistant with modern authentication, Just in Time (JIT) registration and compliance remed...
Updated Dec 20, 2023
Version 13.0
Blog Post
3 MIN READ
Move to Setup Assistant with Modern Authentication for Automated Device Enrollment
Logging into the Company Portal app post-enrollment is the final trigger for full device registration using ADE Modern enrollment.
The only way is for users to manually open the Company Portal to trigger this step, or if they try to open another LoB app that is protected by Conditional Access.
Which is why this method is much less robust than Single App config mode was unless all your LoB apps are behind conditional access.
As long as you have any LoB apps that do not support Conditional Access, they will just become available and usable on the device after the Setup Assistant completes, regardless of the registration status of the device.
After all this time what we are really missing for ADE Modern enrollment is a way to Filter devices that are partially enrolled. By that I mean devices that have finished the Setup Assistant, but have not yet logged onto the Company Portal.
Currently we are doing this manually using a very complicated Power Automate flow, so we can make sure we can:
- Only push Company Portal + Authenticator after Setup Assistant finishes
- Only push other LoB apps + policies after the User is signed into the company portal.
This is a really unreliable workaround for something that should be a standard option with this enrollment method.