Forum Discussion
iOS device not registering in AAD but enrolled in Intune
A few iOS devices enrolled in Intune and received all the profiles and applications, but in Company Portal they are reporting "We can't register this device. Try again later." Devices are not able to access the corporate resources. It is not a tenant wide issue since most devices are registering fine but some are stuck in loop and fails to complete the registration. Impacted devices have the same value for Intune device ID and Azure Device ID. I tried deleting the device records from AAD and Intune but it didn't fix the issue.
Anyone else experiencing this ?
26 Replies
- A handful of our IOS users are now experiencing this exact issue. We do not use the MS Authenticator app as our two-factor app, but use a third-party two-factor app -- and have been for several years with Intune MDM enrollments. Does anyone know the status of the Microsoft fix for this issue today?
- Anyone have any updates about a fix?
eveller this worked for us:
- remove management profile from iOS device (either via Company Portal or Settings)
- uninstall Company Portal
- install any Office 365 app (Word, Excel, PP...) if not already
- close (kill) all Office 365 apps from background if running
- Settings > Word [or another Office 365 app you choose above] > Reset Word >turn ON Delete Sign-In Credentials
- Restart Word [or another Office 365 app you choose above] to clear credentials
- Double-check that Delete Sign-In Credentials is now turned OFF
- Install Company Portal, sign in and enroll
- For us, we force Azure AD registration using Single Sign On App Extension as assurance in case users skip the Comp Portal setup.
In all cases, like others said below, have them enroll only after "Company Portal" and "Microsoft Authenticator" have been installed on that device.
For SSO setup + ADD registration: https://learn.microsoft.com/en-us/azure/active-directory/develop/apple-sso-plugin#enable-sso-for-apps-that-dont-use-a-microsoft-identity-platform-library
Use the following configuration to enable Just in Time Registration for iOS/iPadOS with Microsoft Intune:
Key: device_registration
Type: String
Value: {{DEVICEREGISTRATION}}- The issue we do not force Just in time registration for BYOD devices. Only for Apple DEP enrolled devices uses this feature. So for BYOD we just have install Authenticator, activate the device and then proceed with the Company Portal enrollment.
MManshu - We are also experiencing this same issue with some of our BYOD devices. I am still waiting on Microsoft support to look into this; however, this seems to have begun about three weeks ago after iOS updates sent out the security update for iOS 16.5 (C). Our issue is we cannot ask the users to wipe their personal devices, so they are just stuck in limbo.
- Same issue we are also facing.
Anyone got any resolution??777mebin I found a workaround for now. Delete the records via AAD and then Intune as well. Have the user install the Microsoft Authenticator App and register the device there first. After that have them enroll via Company Portal. Also MS support is implementing a fix in the first week of September.
