AMA: Powerful Apple device management with Intune

Do we need the company portal app to manage macOS devices and/or deliver apps? thanks

It would be useful to have a method to change Intune's Primary User (licensed user) for Mac devices, similar to Windows devices. The context is we use a white glove method of setting up new devices, where an in-house tech does the initial setup (enrolling the device with Apple Device Enrollment to install several large software packages). Then we retire the device in Intune, so the user can re-enroll the device with Company Portal, to set the actual Primary User. This is a cumbersome workflow that could be avoided by allowing the Primary User to be changed in the Intune console.

Are you doing anything different from other MDMs like Jamf when it comes to controlling OS patching? We have so many issues with that and jamf. Even Jamf has to use nudge internally to patch their own systems.

Will the macOS VPN profile in intune ever support EAP-only authentication besides the already available Username/Pass & Certificate. So I can configure the Intune supplied SCEP certificate profile for that authentication. (normal Certificate does not work in an EAP-only scenario)

In a developer company it usually happens that a developer has one macOS device, but they needs to test on multiple OS versions. As I saw, if you try to enrol the same macOS device with a different OS, then the newly enrolled device will become enrolled/compliant, but the other one will not be managed by Intune any longer. I guess Intune identifies macOS devices by the serial number. The same doesn't cause problems in case of Windows devices you can enrol the same device with multi boot OS and it will have different managed instances. It would be pretty cost effective to be able to use one macOS device with multiple OS versions. Also it's something which causing issues from security/monitoring perspective.

When I wipe a iOS device, the Device wipes and goes back through auto enrollment as expected.. but then in Azure Active directory I seem to have duplicate entry/ It creates a new entry in AD but doesn't remove the old entry, is their a solution for this minus wiping the device then deleting it after it starts the wipe.

When we will see a real solution for BYOD-Mac's? If Apple will not provide the technical base for separating and protecting company data on private device - maybe app protection for MS Mac Apps is coming (like iOS)?

Hello! Can you recommend a formal, deep dive, training that covers Intune management specific to mobile devices (i.e. management of iPhones, iPads, Android devices)? Most Intune training that I've come across is deficient in these areas as the focus is more on desktop and apps and only slightly touches on mobile devices. It would be nice to have training specific to the mobile devices mentioned above. Thank you.

GCM IKEv2 encryption is still not available on iOS, docs state "This is a known issue, and will be fixed in a future release. There is no ETA" and hasnt changed in at least 6 months!