It’s just been a week since the release of iOS 13, as discussed in this blog post, so with the launch of iOS 13.1, we thought we’d share more of what’s new and coming from Intune. With the release of iOS 13.1, we are previewing User Enrollment alongside Apple’s release of the feature set. This preview is starting to roll out today and we expect it to be live for all customers by early next week so you can try out the new experience. Our workflow allows admins to target User Enrollment to specific users, and also allows other users to have a choice between User and Device enrollment depending on what feels appropriate for them. This enrollment type is associated with a Managed Apple ID which supports Azure AD federation in Apple Business Manager. Note that federated managed Apple ID's are currently only available through the beta of Apple Business Manager. You can look forward to a more extensive blog post and documentation shortly, but here’s a sneak peek at the end user experience for now:
Intune User Enrollment - End User Experience
In addition, with this release, iOS and macOS Device Configuration profiles will now support single sign-on (SSO) app extensions. With this new device feature, you can configure an SSO experience so that users can access a whole suite of apps and websites after entering their username and password only one time. You will have the choice of configuring a generic credential SSO app extension or Apple’s new built-in Kerberos app extension, which provides password management and local password sync with your on-premise Active Directory instance. We are still working on adding support for an Azure AD single sign-on app extension that will enable users to access all Microsoft apps with one sign-in, so note that’s coming!
What else is in development?
Beyond just Dark Mode for the PIN screen, we’re also bringing Dark Mode to the Company Portal app. We are just doing final testing now, so we anticipate it will ship with the October Company Portal release. Here is a glance of what it looks like in our test environment:
We are looking forward to getting your feedback on user enrollment, dark mode, and single sign-on. You can comment on this post orreach outto us on Twitter bytagging us at @IntuneSuppTeam.
Documentation note: If you're in the Apple Business Manager beta and would like the documentation for Intune integration, direct message us through this forum and we can provide those docs.
Known Issue Resolution: We’ve had a report where SCEP certs linked to other profiles reissues a new certificate for Wi-Fi and VPN at every check-in. This behavior only happens if the cert is linked to other profiles. We’ve found updating to iOS 13.1.2 fixes the issue.
Blog post updates:
9/27/19 Updated information on the Apple Business Manager federated managed Apple ID's and a note on documentation.
10/3/19 Added a note identifying a known issue regarding SCEP certs reissuing at every check-in. Updating to iOS 13.1.2 fixes the issue.
10/8/19 Note about macOS Catalina - Intune also supports the launch of macOS Catalina 10.15 which Apple released 10/7/19.
12/9/19 Update to Modern Authentication within Setup Assistant for Automated Device Enrollments.
5/26/20 Added a note that our engineering folks are working hard on Modern Authentication support and will be available in the coming months.
4/20/20 Updated post that support for a new authentication method for Automated Device Enrollment (ADE) which is Setup Assistant with Modern Authentication is now available in Intune!