Defender iOS not syncing with Intune

Copper Contributor

I am setting up Apple Automated Device Enrollment and using authentication with modern authentication/setup assistant. I have tried the JIT option as well but my ios device does not come into compliance because Defender is not syncing with intune. I have set a policy to require the device to be under a threat level to be compliant. I have set up all the necessary policies for JIT and have used in for user enrollment. I have also set up zero touch deployment for defender ios (supervised). Seems all the policies are successfully being deployed but I am stuck on the Defender syncing. Does anyone have any ideas? All other functions seem to be working. 

8 Replies
Do you see those devices in the Defender Console: https://security.microsoft.com , are they properly onboarded?
It seems one of the tries without JIT onboarded properly, but no they are not getting onboarded on Defender at all.
Have you installed MS authenticator app and added the corporate id?
Yes, Authenticator app is required application and I open and log in through sso.
Do you have a CA policy enforcing for device compliance?
Yes, my CA policy grants access based on device being marked compliant or the app having an app protection policy. I currently have set up MAM as well.
APP could be an issue. Can you test with CA off? The device compliance should come through the Authenticator app. If that is not working then there could be an issue with the registration with the Authenticator app. Also this maybe of some help. https://rahuljindalmyit.blogspot.com/2024/08/microsoft-defender-for-mobile-app.html

@rahuljindal-MVP Tested with CA off and so far no luck, will wait to see since it takes some time for defender to sync sometimes. Not sure how to check registration with the Authenticator app, but I'm wondering if the way I am assigning policies/applications may be the issue. I use account driven user enrollment for personal devices, and ADE with JIT modern auth for corporate devices. I am assigning all user + filter for personal devices (user license type for applications) for user enrollment, all devices + filter for corporate devices (device license type for applications) for ADE. Screenshot 2024-09-11 at 2.52.07 PM.png