Updated 10/22/24 - We've developed and successfully deployed a fix across all Intune tenants. If you are still experiencing issues, please ensure affected devices complete at least one check-in with ...
Updated Oct 22, 2024
Version 3.0
Blog Post
3 MIN READ
Support tip: Intune MAM users on iOS/iPadOS userless devices may be blocked in rare cases
I eventually got a "fix" to work on our Shared iPads.
what i did:
- Created a device configuration profile (Device Features).
- Configured the profile for Single sign-on app extension with the settings:
- SSO app extension type = Microsoft Entra ID
- Enable shared device mode = Yes
- Additional Settings
- AppPrefixAllowList (String) = com.microsoft.,com.apple.
- browser_sso_interaction_enabled (integer) = 1
- disable_explicit_app_prompt (integer) = 1
- Assigned the profile to our device group (dynamic device group based on enrollment profile)
- Wait for the profile to apply on the device (You should see the device configuration profile be succeeded on for user account)
- Open Authenticator app and make sure its registered to your organisation (we did not get promoted to sign in)
- Test SSO with Safari, go to http://office365.com/ (login should be automatic)
- Test SSO with Teams/word etc. (Login should be automatic)
(If SSO does not work after the device configuration has been successful try a reset of the device and wait until all settings have been applied)
The iPads we are using are joined to Intune using ABM and enrollment profile (without user affinity) with the settings for "Supervised=Yes, Locked enrollment=Yes, Shared iPad=Yes".
We also use Managed AppleIDs synced and federated with EntraID so same credentials in EntraID can be used for the Managed AppleID.