Apple DEP with Intune

Iron Contributor

I am setting up Apple DEP on a new Intune install. It's the first time in six months that I have setup Apple DEP with Intune and I am encountering a new issue.

 

Devices that enroll through DEP get stuck at the Confirming Device Settings stage (See attachment) in the Intune Company Portal.

 

The device appears in the Intune console as an enrolled device but the devices get stuck on the Confirming Device Settings stage. The device eventually becomes compliant but the user is stuck with a notification to complete setup.

 

I have a support call logged but I wanted to find out whether anyone else has seen this error.

14 Replies

Hi @Andrew Matthews 

 

I just enrolled some devices through DEP with no issues.

Which iOS version are you running?

Are you authenticating in the DEP flow or in Comp Portal?

Was the device enrolled earlier?

@almennn 

 

The DEP profile is using the Company Portal Authentication DEP workflow rather than the Apple DEP workflow.

 

This install is a migration from IBM MaaS 360 to Intune. A new DEP enrollment token has been added for Intune and a few test devices have been migrated across.

 

We have tried iOS 11.3.1, iOS 12.1.2 and iOS 12.2.

 

A BYOD enrollment of an iPhone works normally.

@Andrew Matthews 

 

Basic question since it's a migration from one system to another, the device which is being migrated is factory reset I assume? :)

@almennn 

 

Yes the device is being factory reset to trigger DEP enrollment.

 

Where we get to is

 

  • Device resets
  • Apple DEP guides the initial setup
  • Long wait while VPP pushes the Intune company portal
  • Sign-in to the Company Portal
  • Enroll the device
  • Device compliance check starts
  • The setup halts at that point.

Almost sounds like it's timing out.

What compliance checks are you running?

What config profiles are being installed?

No difference between networks?

 

Usually when I use the Single App option it can take a LONG time before it gets released.

If you are using Single App option I would suggest to stay away from it. I've seen this process take up to 30-40 mins and varies extremely.

The single app option is a non starter because it bricks the devices if DEP enrollment fails.

 

The compliance checks are fairly basic. Just block Jailbroken devices and confirm a minimum pass code. Similar with the device config profiles, Device restrictions with basic restrictions, mainly passcode and a WiFi profile.

 

We have tried 4G, several different WiFi's and no difference. There is definitely something that is not quite right with this customer's tenant.

I'm not sure if this is related or not but we also had a few devices stuck on "Confirming Device Settings" today. Eventually we disabled Single App Mode and it started working again but that may have been a coincidence. Now we have multiple devices stuck on the "Awaiting final configuration" screen. Also, I've had trouble loading admin.microsoft.com to view any service advisories and https://portal.office.com/ServiceStatus/ServiceStatus.aspx won't load at all (maybe it's gone now?). Anyway, I'm beginning to think there's some issues with Microsoft today.

Thanks

 

Your experience matches mine. There have been other issues today, like App Protection failing to apply to new devices.

 

Something has gone wrong.

Any luck today? My devices have been sitting at the "Awaiting final configuration from COMPANY NAME" for almost an hour. I've opened a ticket with Microsoft. 

Apple Dep with Company Portal enrollment works this morning on the tenant that I am working on. But Apple DEP authentication only (not with the company portal) completely fails, we don't even get to the Awaiting final configuration stage.

 

The tenant that I am working on is on Europe 0301 so it might be fixed in some tenants and not others.

FYI, Within InTune under Tenant Status, there's now an alert indicating "Users are experiencing delays of up to 30 minutes when attempting to perform compliance check-ins". I believe this was likely related to my Awaiting Final Configuration issue I was having which I since resolved by erasing the devices and starting again.

Having the same issues and came across this information: 10/6/20: With an update to to Shared iPads - We have fixed an issue on iPadOS 14, where Shared iPads could not complete enrollment and continue to show “awaiting final configuration from company”. The fix will be available in the October update of Microsoft Intune enabling you to successfully enroll Shared iPads running iPadOS 14. 

https://techcommunity.microsoft.com/t5/intune-customer-success/microsoft-endpoint-manager-support-fo...

 @Andrew Matthews 

@BACSTECH 

 

I'm not surprised there are issues with Apple Business Manager enrolment on iOS / iPadOS 14.

 

FYI - The specific issue I was seeing in 2019 was resolved the same week. There was a bug introduced by an Intune service release.

 

Too be honest, I have been steering customers away from using Apple DEP / ABM for the last few years. There are very few market verticals that need supervised mode for security and the overhead and complexity is not worth the marginal gains in deployment speed.

Thank you for the insight. @Andrew Matthews