Updated 4/20/21 - We’re excited to announce support for Setup Assistant with Modern Authentication for iOS/iPadOS 13+ and macOS 10.15+ now in public preview! See: Setup Assistant with Modern Auth for ADE (iOS/iPadOS 13+ and macOS 10.15+) - Intune Public Preview to learn more.
It’s just been a week since the release of iOS 13, as discussed in this blog post, so with the launch of iOS 13.1, we thought we’d share more of what’s new and coming from Intune. With the release of iOS 13.1, we are previewing User Enrollment alongside Apple’s release of the feature set. This preview is starting to roll out today and we expect it to be live for all customers by early next week so you can try out the new experience. Our workflow allows admins to target User Enrollment to specific users, and also allows other users to have a choice between User and Device enrollment depending on what feels appropriate for them. This enrollment type is associated with a Managed Apple ID which supports Azure AD federation in Apple Business Manager. Note that federated managed Apple ID's are currently only available through the beta of Apple Business Manager. You can look forward to a more extensive blog post and documentation shortly, but here’s a sneak peek at the end user experience for now:
In addition, with this release, iOS and macOS Device Configuration profiles will now support single sign-on (SSO) app extensions. With this new device feature, you can configure an SSO experience so that users can access a whole suite of apps and websites after entering their username and password only one time. You will have the choice of configuring a generic credential SSO app extension or Apple’s new built-in Kerberos app extension, which provides password management and local password sync with your on-premise Active Directory instance. We are still working on adding support for an Azure AD single sign-on app extension that will enable users to access all Microsoft apps with one sign-in, so note that’s coming!
What else is in development?
- Beyond just Dark Mode for the PIN screen, we’re also bringing Dark Mode to the Company Portal app. We are just doing final testing now, so we anticipate it will ship with the October Company Portal release. Here is a glance of what it looks like in our test environment:
Dark Mode experience in the Intune Company Portal
Update: This feature is available with the 1910 Intune Service Release. See: Introducing dark mode on Microsoft Intune Company Portal for iOS 8) - Microsoft Tech Community to learn more.
- In the October service release, we’re adding full support within the console for three iOS/iPadOS 13.0 and higher new restrictions applicable to iOS and iPadOS:
- Access to network drive in Files app
- Access to USB drive in Files app
- Wi-Fi always turned on
While these restrictions will be rolling out with our October release, they can be applied to your managed devices today using custom configuration profiles.
Update: This feature is available with the 1910 Intune Service Release. See: iOS and iPadOS device settings to allow or restrict features using Intune to learn more.
- We’re adding support for Modern Authentication within Setup Assistant for Automated Device Enrollments on iOS and macOS.
Update: In the 2103 Intune Service Release, support for Modern Authentication within Setup Assistant for Automated Device Enrollments on iOS and macOS is available as a public preview. See our blog post: Setup Assistant with Modern Auth for ADE (iOS/iPadOS 13+ and macOS 10.15+) - Intune Public Preview to learn more.
We are looking forward to getting your feedback on user enrollment, dark mode, and single sign-on. You can comment on this post or reach out to us on Twitter by tagging us at @IntuneSuppTeam.
Documentation note: If you're in the Apple Business Manager beta and would like the documentation for Intune integration, direct message us through this forum and we can provide those docs.
Known Issue Resolution: We’ve had a report where SCEP certs linked to other profiles reissues a new certificate for Wi-Fi and VPN at every check-in. This behavior only happens if the cert is linked to other profiles. We’ve found updating to iOS 13.1.2 fixes the issue.
Blog post updates:
- 9/27/19 Updated information on the Apple Business Manager federated managed Apple ID's and a note on documentation.
- 10/3/19 Added a note identifying a known issue regarding SCEP certs reissuing at every check-in. Updating to iOS 13.1.2 fixes the issue.
- 10/8/19 Note about macOS Catalina - Intune also supports the launch of macOS Catalina 10.15 which Apple released 10/7/19.
- 12/9/19 Update to Modern Authentication within Setup Assistant for Automated Device Enrollments.
- 5/26/20 Added a note that our engineering folks are working hard on Modern Authentication support and will be available in the coming months.
- 4/20/20 Updated post that support for a new authentication method for Automated Device Enrollment (ADE) which is Setup Assistant with Modern Authentication is now available in Intune!