Move to Setup Assistant with Modern Authentication for Automated Device Enrollment

---

Once you move to Setup Assistant with Modern Auth, outside of the better performance, you’ll find one difference that we have plans to address in an upcoming release. The Azure Active Directory device registration will need to be completed in the Company Portal by the end user. Generally, the user will be prompted to the Company Portal when Conditional Access requires a compliant device. You can also provide users instructions for how to launch the Company Portal manually where they will be prompted to complete the registration after signing in. The device is still managed and secure in this flow; they won’t have access to resources and policy will be applied as expected, including Single App Mode.

---

Intune_Support_Team , What is the plan to address the issue referenced? Per the guidance in this post, we have modified our enrollment process for ADE devices to use Setup Assistant with Modern Auth. We migrated to Intune, at great cost to our organization, for the simpler enrollment process that the Company Portal model provided. The process was very straightforward, and we could ship new devices directly to users. The enrollment process was intuitive and did not require instructions beyond "follow the prompts". With the move to Setup Assistant with Modern Auth, the enrollment process is incredibly inconsistent due to Apple's setup process stepping in, and sometimes on top of, the MS enrollment process; thus requiring an IT resource to help new users set up the new device properly. The time it takes for the company portal app to install, configure itself, then check in, then download apps, then finally configure the apps (specifically authenticator) causes significant confusion oftentimes even when IT resources are involved. 

I understand that this may not have come on Microsoft's timeline, but in the meantime your users are suffering. Please help us.