Forum Discussion

antooniooo1984's avatar
antooniooo1984
Copper Contributor
Jul 07, 2023

Shared iPad not enroll to Intune

Hi,

 

We have a Conditional Access policy configured which says that access to cloud apps is granted only to devices that are enrolled to our intune. The policy works correctly with users devices. Devices that is not enrolled to intune has no access to cloud apps like Teams is it.

 

I have a problem with shared ipad. We synchronize devices with ABM to our intune. In enrollment token I created a profile for shared ipad. In this profile, we configure option that the device name should be like xx-sharedipad-{{serial}}. The enrolment process itself is correct, the device is enroll to intune, the name is correct, the required applications are installed (Teams, Authenticator). All devices enroll with this profile is added do AAD dynamic group.

 

When a new user sign in to the device, everything seems to be correct, the iPad settings show the name according to the template configured in the enrollment profile for the shared iPad. The problem starts when the user wants to sign in to Teams, the device does not successfully pass the conditional access policy stating that only devices added to our intune can access cloud apps. In the sign in logs in AAD, I see that user tried to sign in to Teams, but in the device tab there is a completely different, new device. The new device has a totally random name, it is not added to intune, it appears in AAD only as Azure AD registered.

 

Have you encountered such a problem before?

Shared iPad

4 Replies

Sort By
  • mdmworkprofile's avatar
    mdmworkprofile
    Copper Contributor
    Jul 30, 2024
    One more question : you use Guest login or MAID login ?. so when user tries to login to M365 App they repeatedly prompted for App permission like mic, camera to be allowed ?. how you manage those ?.
  • mdmworkprofile's avatar
    mdmworkprofile
    Copper Contributor
    Jul 30, 2024
    Hi, one another way. if the sharedipad is connecting to your corporate wifi then you can find the internet egress IP of these devices { whatsmyip.com} and exclude as "Trusted named location in Conditional access" policy. ensure the same IP that Entra will see for a sign-in attempt.
  • ShadyKhorshed's avatar
    ShadyKhorshed
    Iron Contributor
    Jul 07, 2023

    antooniooo1984 
    Try to test the following: 
    1. create a new enrollment profile

    2. Assign it to specific test devices (Not to all devices)




    Follow this configuration below, but this time set Device name ''No''

     

    This could be a good test to know if this problem is a CA or enrollment profile issue. 

    • antooniooo1984's avatar
      antooniooo1984
      Copper Contributor
      Jul 10, 2023
      Thanks for your suggestion but it still not working

      The question is why, when a new user sign in to a shared iPad, despite the fact that the device on which he sign in is already enrolled to Intune, a new device is created in AAD but only as Azure AD registered and not added is Intune?

Resources