Home

We shared in one of our blog posts that Apple has announced that there are changes coming in iOS 12.2 and above for manual enrollment into Mobile Device Management (MDM). To make iOS enrollment more streamlined for Intune, we're making changes to the iOS Company Portal app and the Company Portal Website. Note that these changes will roll out with the March update to the Intune service which we expect to release towards the end of March. You'll see these changes starting from version 3.9.0 of the Company Portal app.

 

Here's a preview of the changes end users will see in the Company Portal app during iOS enrollment.

 

If you go to the app store, download and open the app, the sign-in screen appears. After logging in and clicking "Allow" notifications, you'll go through a couple of screens until you come to the screen below which will be the beginning of a changed enrollment flow. Click Continue.

Picture1.png

 

Clicking continue will redirect to the Company Portal website in Safari. Click on "Allow" to download the configuration profile. With the 12.2 release, Apple has changed the wording of these prompts to accurately reflect the new flow.

 

Picture sub.png

 

On the next screen, if you click "Ignore", the page should reload and you will see a prompt to open the page in the Company Portal. Click "Open" to open the Company Portal app. In the Company Portal, you can hit the back button or the "Download again" button and walk through the steps as described, this time accepting the prompts.

 

When redirected to the Company Portal website in Safari, click "Allow" to download the configuration profile. Once downloaded, click on "Done".

 

Capture 4.JPG

 

Next click "Open" to open the page in the Company Portal app. From the Company Portal app, go to your device home screen and navigate to the Settings app, per Apple's new flow for MDM.

 

Capture 5.JPG

 

If you click "Cancel" then they will be redirected back to the previous screen. Here the user can click on "Open it now"

 

Capture 6.JPG

 

Manually go to your device settings. When you are in your device settings, you should see an "Install Downloaded Profile" blade with a red circle badge. You have 8 minutes to install the profile or you will stop seeing the badged experience. In our testing, after about 15 minutes, the profile is removed from the device and enrollment must be restarted.

 

iOS 12.2 change 2.JPG

 

At the next prompt, click on "Install" and enter your device password. Click through subsequent screens and accept prompts to see the final "Done" screen.

 

You should now see your organization’s management profile installed within the Profiles & Device Management blade in device settings. 

Picture 7.png

After this, a user needs to manually return to the Company Portal app on their own. Give your device some time to sync. Update your device settings if you are prompted to. Click "Done".

 

We'll update this post when these changes go live and we'll also post in our What's New page.

 

2/27/19 - Screenshots updated to add clarity. Fixed typo. Requesting new screen shots (stay tuned).

10 Comments
Occasional Contributor

This is just horrible. Is this Apple trying to bully competitor MDM solutions? Or is this just because Intune does things its own way? Either way this needs to be corrected, either through legal action or through changing how Intune works. 

Frequent Visitor

Agree with @Andrew Allston, this is "less than ideal". Too bad if you wanted to restrict a device delivered to the user directly from the supplier - the user could just abandon the enrolment process and go nuts on the device, only to cause a fuss when helpdesk tells them to complete enrolment which removes their customisations. The benefit of AirWatch is that you could pre-configure a DEP'd non user-affinity device for a user by using Apple Configurator on a Mac which, although requires an admin to touch each and every device, ensures that the user doesn't get a free iOS device.

Occasional Visitor

Not sure if you are counting with countries where IOS, Apple and Microsoft are not all together, Here in Costa Rica we have to enroll all iPhones manually with "Secure Hub" app and not sure if intune will affect the way we do that.

@Andrew Allston This should not affect DEP registered devices, so the impact should be not that big if the majority of your devices is DEP. Also, DEP is required for more and more settings. This is a step Apple announced years ago.

This also concerns all MDM vendors, not just InTune. 

 

Correct, this does not affect DEP devices. Here's Apple's awareness of this change: https://support.apple.com/en-us/HT209435. Please note, this is a security improvement from Apple. Also, as Philipp-Christopher mentions, this does impact all MDM vendors. 

Occasional Contributor

thanks for the info 👍👍

Senior Member

Will there be a TestFlight release of version 3.9.0? Or GA release soon?

@Max Manning we are planning on releasing this to TestFlight sometime this month.

Occasional Contributor

iOS 12.2 Beta 6 installed...  Apple's new profile installation flow is there.  Expecting the final iOS 12.2 release on March 25. 

@Intune Support Team - how soon will your provide the new TestFlight build of Company Portal so that we can validate the new Intune enrollment flow? 

deleted