Enrolling corporate iOS devices authenticating with Setup Assistant

Published Feb 01 2019 12:25 PM 11.7K Views

Update 5/17: This change has now been rolled out in the May update to Intune.


We’re implementing an improved workflow to enroll corporate iOS devices with user affinity into Intune, specifically when these devices use Setup Assistant for authentication.


With this change, we aim to improve enrollment experience and give end users a shortened work flow. We’ll have detailed documentation when this rolls out, but we thought we’d share what’s coming so you can familiarize yourself with the experience and set up policies in your console if needed.


Experience for enrolling new devices

When we roll this change out, if you enroll new devices authenticating with Setup Assistant, you can choose whether or not to deploy the Intune Company Portal app automatically in Intune not Azure (not available in hybrid MDM). We’re also doing away with “Identify your device” screen and the “Confirm your device” screen, where end users enter the last 4 digits of the device’s serial number in the Company Portal app. 


Experience for existing enrolled devices

After this change is rolled out, if you want to enable Conditional Access for devices already enrolled via Setup Assistant, you’ll have to push the Company Portal down to those devices. Here’s how you would do that:


  1. In the Intune on Azure portal,
    • Add the Intune Company Portal if necessary, by going to Intune > Client Apps > Apps > Add
    • Go to Client apps > App configuration policies, to create an app configuration policy for the Company Portal app.

If you use hybrid Mobile Device Management (Hybrid MDM),

  • Create a new app policy in the Configuration Manager console for the Company Portal app.
  • Go to Software Library > Application Management > App Configuration Policies.
  1. Create an app configuration policy with the xml below. More information on how to create an app configuration policy and enter xml data can be found at Add app configuration policies for managed iOS devices or Apply settings to iOS apps with app configuration policies in System Center Configuration Manager for hybrid MDM.











  1. Deploy Company Portal to devices with the app configuration policy targeted to desired groups.
  2. Tell end users to sign into the Company Portal app when it is automatically installed.


We’ll keep this post updated with documentation links when we roll out this new workflow. You’ll also see announcements in What’s New in Intune, the hybrid What’s New page and in the Office Message Center. Let us know if you have any questions!

Version history
Last update:
‎May 17 2019 11:04 AM
Updated by: