Event details
76 Comments
- For multiple macOS versio on the same device: for example when testing is necessary on multiple OS version, but the user has only one device assigned, but MDM is preferred on each OS. One more question: with defined compliance policies in place is there a plan to allow devices registered with DEM account (e.g.: shared computers) to allow users to sign in with their own account for e.g.: Office applications?
- When a DEP device is wiped from Intune and removed from ABM, will be removed the Apple ID and the device will not be locked on the specific Apple ID or Apple support can solve only?
- Rachelle_Blanchard
Microsoft
Admin response: This question was answered live. Please refer to the recording for more details.
After finishing a setup of an iOS device via Setup Assistant with Modern Authentication, the user will be able to interact with o365 apps in MAM mode UNLESS they manually open Company Portal and finish device enrollment/registration there. How can we ensure users are forced by a policy to ALWAYS finish the setup in Company Portal? Single-app mode is unacceptable here as that deprecated method fails often.
This is holding up our deployment of Setup Assistant with Modern Auth!
- Andy_CeratHello David, Do you have Conditional Access policies applied to require device enrollment? Those policies would block the user from accessing the O365 app and redirect them to the Company Portal app. Our Just In Time Registration (coming soon) will take it one step further and remove the company portal completely from the flow.
- Rachelle_Blanchard
Admin response: This question was answered live. Please refer to the recording for more details.
- @Anya just mentioned a private preview for JIT registration - how can we get hooked into this? Please let me know, this is 100% vital for us!
- No, I do mean they are ABLE to use o365 apps but as if they are on a personal device because it is not fully registered. It sounds like just-in-time registration is what we need here, which is awesome news!
- Heather_Poulsen
Community Manager
We're halfway through today's Managing iOS and macOS devices AMA. Keep your questions—and suggestions on future feature prioritization—coming. Thanks!
- Is there a plan to enable enrolment of multiple macOS running on the same device? Currently it's not possible as only the last registered one remain in Endpoint manager.
- Heather_Poulsen
The team would love to hear more! Please share details here or reach out via private message here in the Tech Community to AnyaNovicheva about your use case and needs.
- Rachelle_Blanchard
Admin response: This question was answered live. Please refer to the recording for more details.
Our company organization is just now implementing macOS devices but had iOS mobile devices prior. How do you tackle managing the life cycles of Apple IDs?
- Managed apple IDs via federation are an option. If you have an enterprise contact at Apple, talk to them - their sales reps will happily get you hooked into a discussion about ABM and how to get that set up.
- Rachelle_Blanchard
Admin response: This question was answered live. Please refer to the recording for more details.
- Do you use ABM and have you looked at Federation?
- We have implemented both, one of our organization concerns is Apple IDs that was previously enrolled on a iOS mobile device we no longer have access to. Case in point, our email naming convention is "First Letter of the First Name" and the "Full Last Name" (ex. jsmith@companyname.com) but if that Apple ID needs to be recycle with a new employee Apple ID with the same naming convention, we are force to add a number to the email address when registering an Apple ID and therefore is force to add that same email address as a aliases on the back-end to that particular company account. Also take into consideration, that we are just now implementing Jamf and ABM but prior to that, we was manually advises users to use their company email address to register with their Apple IDs. So as a growing organization, we see that kind of getting out of hand and inquiring the best practices on managing Apple IDs.
- Can you provide details on Security and Benchmarking/Compliance? Will it leverage Intune for compliance? Will you be able to set security benchmarks in the product?
- Max_SteinHi Travis, thanks for the question! Just to clarify, are you referring to deploying Apple security specific policies for managed devices, or more information about Data Protection with Microsoft Intune?
- We saw issues with mobile accounts where passwords are not synced with filevault and keychain if the password wasn't changed via the user profile on macos. Will these get fixed in the announced SSO login?
- Andy_CeratWe hope so, but are going to need to get some hands on validation to confirm. We hope to understand and share more in the coming months.
- Is it or is it not supported to restore an iOS backup from previous ADE/DEP device to new ADE/DEP device during enrollment? We have allowed it in the assistant but the management profile in the backup sometime (or often) causing problems to complete enrollment and supporting supervised mode
- This used to fail 100% of the time for us and so we have blocked restore on corporate devices for years. In the last few months (perhaps corresponding with an iOS update, it's not clear) the issue is no longer observed. The root cause - the device attempting to restore managed configuration profile from another device which resulted in a deviceid conflict - seems to no longer happen here. Which errors have you been experiencing?
- Rachelle_Blanchard
Admin response: This question was answered live. Please refer to the recording for more details.
- Can you provide details on how Macs/iOS devices are onboarded? does the product integrate well with DEPNotify or have an integrated solution similar to Kandji?
- Max_Stein
Hi, Travis!
Here are a couple of docs that might help:
