Updated 5/26/20 - Our engineering team is hard at work with adding support for Modern Authentication within Setup Assistant for Automated Device Enrollments on iOS and macOS, and will be available later in the year, keep an eye out in our In development and What's new docs in the coming months.
It’s just been a week since the release of iOS 13, as discussed in this blog post, so with the launch of iOS 13.1, we thought we’d share more of what’s new and coming from Intune. With the release of iOS 13.1, we are previewing User Enrollment alongside Apple’s release of the feature set. This preview is starting to roll out today and we expect it to be live for all customers by early next week so you can try out the new experience. Our workflow allows admins to target User Enrollment to specific users, and also allows other users to have a choice between User and Device enrollment depending on what feels appropriate for them. This enrollment type is associated with a Managed Apple ID which supports Azure AD federation in Apple Business Manager. Note that federated managed Apple ID's are currently only available through the beta of Apple Business Manager. You can look forward to a more extensive blog post and documentation shortly, but here’s a sneak peek at the end user experience for now:
In addition, with this release, iOS and macOS Device Configuration profiles will now support single sign-on (SSO) app extensions. With this new device feature, you can configure an SSO experience so that users can access a whole suite of apps and websites after entering their username and password only one time. You will have the choice of configuring a generic credential SSO app extension or Apple’s new built-in Kerberos app extension, which provides password management and local password sync with your on-premise Active Directory instance. We are still working on adding support for an Azure AD single sign-on app extension that will enable users to access all Microsoft apps with one sign-in, so note that’s coming!
What else is in development?
While these restrictions will be rolling out with our October release, they can be applied to your managed devices today using custom configuration profiles.
We are looking forward to getting your feedback on user enrollment, dark mode, and single sign-on. You can comment on this post or reach out to us on Twitter by tagging us at @intunesuppteam.
Documentation note: If you're in the Apple Business Manager beta and would like the documentation for Intune integration, direct message us through this forum and we can provide those docs.
Known Issue Resolution: We’ve had a report where SCEP certs linked to other profiles reissues a new certificate for Wi-Fi and VPN at every check-in. This behavior only happens if the cert is linked to other profiles. We’ve found updating to iOS 13.1.2 fixes the issue.
Blog post updates:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.