cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Coming Soon: Changes in the Intune Company Portal for iOS Enrollment
By
Intune_Support_Team
Published Feb 25 2019 02:42 PM 28.5K Views
Intune_Support_Team
Microsoft
‎Feb 25 2019 02:42 PM

Coming Soon: Changes in the Intune Company Portal for iOS Enrollment

‎Feb 25 2019 02:42 PM

4/4/19: iOS Company Portal app version 3.9.0 is now available in the App store.

 

4/2/19: Company Portal app 3.9.0 is still in the process of being released to the store. We'll post here as soon as we have a definite ETA from engineering and Apple.

 

3/26/19 Update: iOS 12.2 has been released by Apple

 

3/25/19 Update: Apple TestFlight is now live with the new enrollment flow. However, changes to iOS Company Portal website will be available in TestFlight after these are shipped with an Intune service update.

 

We shared in one of our blog posts that Apple has announced that there are changes coming in iOS 12.2 and above for manual enrollment into Mobile Device Management (MDM). To make iOS enrollment more streamlined for Intune, we're making changes to the iOS Company Portal app and the Company Portal Website. Note that these changes will roll out with the March update to the Intune service which we expect to release towards the end of March soon. You'll see these changes starting from version 3.9.0 of the Company Portal app.

 

Here's a preview of the changes end users will see in the Company Portal app during iOS enrollment.

 

If you go to the app store, download and open the app, the sign-in screen appears. After logging in and clicking "Allow" notifications, you'll go through a couple of screens until you come to the screen below which will be the beginning of a changed enrollment flow. Click Continue.

Picture1.png

 

Clicking continue will redirect to the Company Portal website in Safari. Click on "Allow" to download the configuration profile. With the 12.2 release, Apple has changed the wording of these prompts to accurately reflect the new flow.

 

Picture sub.png

 

On the next screen, if you click "Ignore", the page should reload and you will see a prompt to open the page in the Company Portal. Click "Open" to open the Company Portal app. In the Company Portal, you can hit the back button or the "Download again" button and walk through the steps as described, this time accepting the prompts.

 

When redirected to the Company Portal website in Safari, click "Allow" to download the configuration profile. Once downloaded, click on "Done".

 

Capture 4.JPG

 

Next click "Open" to open the page in the Company Portal app. From the Company Portal app, go to your device home screen and navigate to the Settings app, per Apple's new flow for MDM.

 

Capture 5.JPG

 

If you click "Cancel" then they will be redirected back to the previous screen. Here the user can click on "Open it now"

 

Capture 6.JPG

 

Manually go to your device settings. When you are in your device settings, you should see an "Install Downloaded Profile" blade with a red circle badge. You have 8 minutes to install the profile or you will stop seeing the badged experience. In our testing, after about 15 minutes, the profile is removed from the device and enrollment must be restarted.

 

iOS 12.2 change 2.JPG

 

At the next prompt, click on "Install" and enter your device password. Click through subsequent screens and accept prompts to see the final "Done" screen.

 

You should now see your organization’s management profile installed within the Profiles & Device Management blade in device settings. 

Picture 7.png

After this, a user needs to manually return to the Company Portal app on their own. Give your device some time to sync. Update your device settings if you are prompted to. Click "Done".

 

We'll update this post when these changes go live and we'll also post in our What's New page.

 

2/27/19 - Screenshots updated to add clarity. Fixed typo. Requesting new screen shots (stay tuned).

18 Comments
Andrew Allston
Iron Contributor
‎Feb 26 2019 01:56 PM
‎Feb 26 2019 01:56 PM

This is just horrible. Is this Apple trying to bully competitor MDM solutions? Or is this just because Intune does things its own way? Either way this needs to be corrected, either through legal action or through changing how Intune works. 

ahorvat
Copper Contributor
‎Feb 26 2019 06:59 PM
‎Feb 26 2019 06:59 PM

Agree with @Andrew Allston, this is "less than ideal". Too bad if you wanted to restrict a device delivered to the user directly from the supplier - the user could just abandon the enrolment process and go nuts on the device, only to cause a fuss when helpdesk tells them to complete enrolment which removes their customisations. The benefit of AirWatch is that you could pre-configure a DEP'd non user-affinity device for a user by using Apple Configurator on a Mac which, although requires an admin to touch each and every device, ensures that the user doesn't get a free iOS device.

0 Likes
Like
AlvaroVelasco
Copper Contributor
‎Feb 27 2019 04:41 AM
‎Feb 27 2019 04:41 AM

Not sure if you are counting with countries where IOS, Apple and Microsoft are not all together, Here in Costa Rica we have to enroll all iPhones manually with "Secure Hub" app and not sure if intune will affect the way we do that.

0 Likes
Like
Philipp-Christopher Deeke
Copper Contributor
‎Feb 27 2019 05:43 AM
‎Feb 27 2019 05:43 AM

@Andrew Allston This should not affect DEP registered devices, so the impact should be not that big if the majority of your devices is DEP. Also, DEP is required for more and more settings. This is a step Apple announced years ago.

This also concerns all MDM vendors, not just InTune. 

 

Intune_Support_Team
Microsoft
‎Feb 27 2019 03:31 PM
‎Feb 27 2019 03:31 PM

Correct, this does not affect DEP devices. Here's Apple's awareness of this change: https://support.apple.com/en-us/HT209435. Please note, this is a security improvement from Apple. Also, as Philipp-Christopher mentions, this does impact all MDM vendors. 

Andrew Allston
Iron Contributor
‎Feb 27 2019 03:33 PM
‎Feb 27 2019 03:33 PM

thanks for the info :thumbs_up::thumbs_up:

MaxM
Brass Contributor
‎Mar 07 2019 09:36 AM
‎Mar 07 2019 09:36 AM

Will there be a TestFlight release of version 3.9.0? Or GA release soon?

0 Likes
Like
Intune_Support_Team
Microsoft
‎Mar 08 2019 01:13 PM
‎Mar 08 2019 01:13 PM

@MaxM we are planning on releasing this to TestFlight sometime this month.

Aaron Couch
Iron Contributor
‎Mar 20 2019 10:16 AM
‎Mar 20 2019 10:16 AM

iOS 12.2 Beta 6 installed...  Apple's new profile installation flow is there.  Expecting the final iOS 12.2 release on March 25. 

@Intune_Support_Team - how soon will your provide the new TestFlight build of Company Portal so that we can validate the new Intune enrollment flow? 

Philipp-Christopher Deeke
Copper Contributor
‎Mar 20 2019 11:28 AM
‎Mar 20 2019 11:28 AM

deleted

0 Likes
Like
Aaron Couch
Iron Contributor
‎Mar 25 2019 01:26 PM
‎Mar 25 2019 01:26 PM

@Intune_Support_Team - I just installed the final iOS 12.2 build and did a fresh iOS device enrollment using Comp Portal 3.9.0.

Everything worked exactly as previewed above.  Thanks for making these prompt changes to adapt to Apple's new management profile rules.  (Our organization is working to get more devices enrolled through DEP in the first place, so that users don't have to endure this complicated enrollment flow that Apple now requires for "unsupervised" devices). 

Justin Scarborough
Copper Contributor
‎Mar 26 2019 06:49 AM
‎Mar 26 2019 06:49 AM

O just lovely - Apple being a turd and not playing nice - Maybe they should take a page out of Android's security playbook and just create a separate work-space like it does.

0 Likes
Like
MaxM
Brass Contributor
‎Mar 27 2019 09:30 AM
‎Mar 27 2019 09:30 AM

When will 3.9.0 be GA on the app store?

0 Likes
Like
Alan Reagan
Copper Contributor
‎Apr 01 2019 03:51 PM
‎Apr 01 2019 03:51 PM

iOS 12.2 in the wild on new devices, https://itunes.apple.com/us/app/intune-company-portal/id719171358?mt=8 still shows 3.8 as current version. This needs to be corrected ASAP.

0 Likes
Like
Aaron Couch
Iron Contributor
‎Apr 02 2019 06:35 AM
‎Apr 02 2019 06:35 AM

@Intune Support Team - is there a delay is publishing the new version of the Company Portal to the App Store?  

0 Likes
Like
Intune_Support_Team
Microsoft
‎Apr 02 2019 09:47 AM
‎Apr 02 2019 09:47 AM

@Aaron Couch still waiting on the release and blog post has been updated accordingly. Thanks for your patience! 

0 Likes
Like
kkeirstead
Copper Contributor
‎Apr 05 2019 04:15 AM
‎Apr 05 2019 04:15 AM

Original post has been removed.

0 Likes
Like
snorma01
Copper Contributor
‎Jun 04 2019 11:31 AM
‎Jun 04 2019 11:31 AM

@Intune Support Team Office 365 MDM does not support OAuth/Modern Authentication. There has been an option to enable OAuth in Intune mail profiles since iOS 12, but this option is not available for Office 365 MDM profiles. This makes Office 365 MDM profiles not work for any MFA-enabled users. With Microsoft recommending MFA be enabled for all users, it is critical that Office 365 MDM support MFA. Without this support it makes it very difficult to roll out MFA to all users.

0 Likes
Like
Version history
Last update:
‎Apr 04 2019 08:26 AM
Updated by: