Blog Post

Intune Customer Success
5 MIN READ

Setup Assistant with modern authentication for ADE - Intune Public Preview

Intune_Support_Team's avatar
Intune_Support_Team
Silver Contributor
Apr 20, 2021
Updated 8/27/21: We're excited to take the preview tag off and share that Setup Assistant with modern authentication for ADE (iOS/iPadOS 13+ and macOS 10.15+) is now generally available! See Automati...
Updated Dec 19, 2023
Version 14.0
macos
Modern authentication
Setup Assistant
BMello's avatar
BMello
Copper Contributor
Sep 13, 2021

Jason, I believe Microsoft is planning to deprecate the Authenticate with Company Portal method in December of this year:

Move to Setup Assistant with Modern Authentication for Automated Device Enrollment
MC284343

Last spring, we announced public preview of Setup Assistant with Modern Authentication for iOS/iPadOS 13+ and macOS 10.15+ for Automated Device Enrollment (ADE), and in August, we made this enrollment flow generally available. This authentication method for ADE allows your organization to require authentication with Azure Active Directory (Azure AD) in an out-of-box experience (OOBE) during enrollment with Setup Assistant, prior to users accessing the home screen. You have the option to also require multi-factor authentication (MFA) depending on the settings in your Conditional Access policy. On or shortly after December 10, 2021, we will be ending support for the older enrollment method that allows you to https://docs.microsoft.com/mem/intune/enrollment/device-enrollment-program-enroll-ios#create-an-apple-enrollment-profile.

How this will affect your organization:

You likely have already moved to use Setup Assistant with modern authentication, however, if you have not, you’ll want to move to this new authentication prior to the December date. This does not affect existing enrolled devices. Within the https://endpoint.microsoft.com/, you’ll want to either create a new ADE enrollment profile, or edit your existing enrollment profile to use the “Setup assistant with modern authentication.” The setting Run Company Portal in Single App Mode until authentication (Devices > iOS/iPadOS > Enrollment Program Tokens > select/create Profile > Management Settings) will no longer be available after this change.

 

User experience: This new enrollment flow does change the enrollment screen order to put authentication prior to accessing the home screen. If you have user guides that share screen shots, you’ll want to update those so the guides match the new experience.

What you need to do to prepare:

Review the updated documentation and several best practices blogs prior to moving. If you do not adopt the new enrollment profile prior to December 10, new devices will be unable to enroll until you do one of the following:

  1. (Recommended) Select Setup assistant with modern authentication.
  2. Use ADE user affinity enrollment with the Company Portal without configuring the Run Company Portal in Single App Mode until authentication setting.

Note: While you can still use ADE user affinity enrollment with the Company Portal for the authentication method, we do not recommend this since the user will need to manually run the Company Portal and complete the enrollment and Azure AD registration steps.

For More Information

  • https://aka.ms/MEM-ADEModernAuth-Blog
  • https://aka.ms/ade-modern-auth-filters-blog
  • https://docs.microsoft.com/mem/intune/enrollment/device-enrollment-program-enroll-ios#create-an-apple-enrollment-profile
https://docs.microsoft.com/mem/intune/enrollment/device-enrollment-program-enroll-ios
https://admin.microsoft.com/AdminPortal/home#/MessageCenter/:/messages/MC284343?MCLinkSource=MajorUpdate