Forum Discussion

FOwolabi's avatar
FOwolabi
Copper Contributor
Sep 10, 2024
Solved

Shared iPad Misconfiguration Alert - Intune

Hello everyone,   I keep getting the below error message when adding an account on outlook application on a shared iPad; Misconfiguration Alert Your Organization's support team wants you to login...
Intune
mobile device management (mdm)
  • FOwolabi's avatar
    FOwolabi
    Sep 24, 2024

    marcvanderkooy 

    I figured it out. You'd have to enable SSO plugin extension in your shared device policy. I have shared the link to the docmentation below
    https://learn.microsoft.com/en-us/entra/identity-platform/apple-sso-plugin.

    Once your policy is applied, on the test device, login to the authenticator which is already installed on the device. You will be prompted to register the device. The SSO extension will automatically recognize the account registered on the authenticator when you open outlook or any other O365 app.

     

    Let me know if this works.

marcvanderkooy's avatar
marcvanderkooy
Copper Contributor
Sep 24, 2024
Got exactly the same issue. with the ": ." in the first line.
No AppConfig send to the device, Authenticator login works fine. It cannot login Outlook via Authenticator somehow. No other Restrictions applied to the device which can restrict this afaik.
FOwolabi's avatar
FOwolabi
Copper Contributor
Sep 24, 2024

marcvanderkooy 

I figured it out. You'd have to enable SSO plugin extension in your shared device policy. I have shared the link to the docmentation below
https://learn.microsoft.com/en-us/entra/identity-platform/apple-sso-plugin.

Once your policy is applied, on the test device, login to the authenticator which is already installed on the device. You will be prompted to register the device. The SSO extension will automatically recognize the account registered on the authenticator when you open outlook or any other O365 app.

 

Let me know if this works.

  • marcvanderkooy's avatar
    marcvanderkooy
    Copper Contributor
    Sep 26, 2024
    What settings do i need to configure in the "Single sign-on app extension" settings?
    • ViktorNorstrom's avatar
      ViktorNorstrom
      Copper Contributor
      Sep 26, 2024

      marcvanderkooy i found this article as well, there you have a picture of a configuration profile that worked for that user.
      https://www.reddit.com/r/Intune/comments/1foh5tu/shared_ipad_misconfiguration_alert_org_data/

      • marcvanderkooy's avatar
        marcvanderkooy
        Copper Contributor
        Sep 26, 2024
        I've tried that (same settings as in the screenshot on Reddit) but it didnt let me log in into Authenticator.
        Maybe its because we dont use Managed Apple IDs and the Enrollment Profile in Intune is "Shared iPad = No" as the customer doesnt want to use Managed Apple IDs
  • ViktorJNorstrom's avatar
    ViktorJNorstrom
    Copper Contributor
    Sep 25, 2024

    FOwolabi 

    I have the same issue, did you do any additional configuration in the SSO Plugin Extension profile? 

    for example: AppPrefixAllowList, browser_sso_interaction_enabled and disable_explicit_app_prompt

     

    Also did it work immediately after applying the configuration or did you have to do something in Authenticator? Re-adding the account or sign-in and out? 

     

    I tried on one device so far but no success after adding the SSO configuration. Trying a reset of the device now. 

Resources