Device Registration - Run Company Portal in Single App Mode until authentication

Brass Contributor

I have having an issue starting today 10/24 - Company Portal update was released 10/23


Any new enrollments are stuck with the Company Portal in Single App mode by design and enrollment policy.

After the user completes enrollment, the device remains in Single App mode.  The devices are reporting as non-compliant at first with no Compliance Policy.

After the compliance policy is set, the device is still locked in single app mode waiting for the Password to be brought into compliance.  The password change prompt is hidden being the Single App mode and cannot be accessed.


No matter what I do, the Company Portal is locked in single app mode.  I have no option but to turn off this feature which prevents my devices from being stolen.


Has anyone seen this same issue and been able to get past if without turning off this feature 'Run Company Portal in Single App Mode until authentication' during enrollment?

33 Replies

Hey, we are facing the exact same issue. We have tried a number of things but no success. We have not removed the feature for test as we do not wanna do that either. @Justin Graham I have a ticket open with MS right now and waiting to hear back from them. What other suggestions do you have? Do you know how to get the app updated from the MS side to the phones? We are using iOS devices.



Hi, We are also having the exact same issue have tried alsorts and was going to try a profile without SingleApp mode tomorrow.



The company prortal updates after the device wipes. I gooe if there is a fix it updates in the background.  So far, several end user devices and our test devives. Any new dedicated devuce enrollments are broken. 


We are unable to deploy devices.


I have tried everything.

Send password resets. Restarts locally and remote. Device rewipes.  Pushed policy.

Have not tried:

Pushing no password policy

Force uninstall company portal


Still leaving thr forced company portal requirement 

@ZydecoRyan - Did you get anything from Microsoft on your case mine has just been closed with the update no issue found I have relogged it.

@Justin Graham 


I am having the same issue also, which seems to have started today (25th, Australia).

For us, once you reach the home screen, the Company Portal app doesn't launch by itself as expected. I can swipe around the phone and launch any app I can, even though I have the enrolment profile configured in Single App mode. If I launch Company Portal, it will prompt for login as expected:

  • log in, then after MFA completes, the app closes on me.
  • I restart the app, it auto signs in and shows the "Get notifications" message. I press OK then when the iOS message appears to allow notifications I press allow.
  • The "setup <company> access" wizard starts. I press begin for step 1 (get your device managed).
  • I am then prompted by iOS to "enable location" for Company Portal, and no matter which option I pick, it will cause me to lose touch access, so I cannot continue to complete step 2 (checking device settings). I have to force restart the iPhone.
  • Upon restart, Company Portal auto launches as I am now stuck in Single App mode. I am not prompted to complete step 2.
  • I can check status of the iPhone and it completes successfully.

Intune shows the phone is completely compliant and all policies have applied but I cannot escape Single App mode on the phone no matter how much time I let pass, or any number of forced restarts,


On top of this, today has also seen a number of users' Outlook app suddenly stop working after it updates. Upon investigation it seems Conditional access suddenly thinks I have no app configuration policy applied for to Outlook, even though I have. 

Other MS apps (OneDrive, Teams, etc) seem to be fine unless you log out of them then try to log back in.


When you try to log into Outlook or any of the other apps, after the MFA portion, you will be presented with a "Error: Something Went Wrong [1001]" message. Not a good day for intune...



@LeeWillIT There has been no response from MS as of yet. I did get a few emails from them, the call that did come was either hung up on or disconnected, but no call back as of 8 AM Est. (Ontario Canada) Mine is still open.

We are in the middle of a new cell phone roll out and this is what I did not want to have happen. (I feared something like this when I first started playing with Intune and iOS devices, I was having all kinds of strange issues, but managed to get it working at some point) I am looking into the option of removing the password compliance but CANNOT have the phone go out that way. So, I am not even sure it is worth looking further into. My only thinking was that I could then put the compliance on afterwards, but I am not sure that is a great idea in the middle of a roll out. (Too much overhead)

Hope something changes soon!!!

@DanielCap78 Like you still 24 hours later still seeing the same issues:


  • Company Portal app doesn't launch by itself as expected
  • Can swipe around the phone
  • Company Portal closes after MFA Completes
  • Restart the phone and cannot escape Single App Mode

So I am not sure what I am to do at this point. I have restarted our Intune connector server, and the service itself without success, checked all certs and such on both Apple and Intune.





If you do not apply compliance (if that is the issue) you get a compliance error since there is no compliance policy. Unless you are going to try not requiring a passcode / password in the policy.
At this point, i am not sure if Compliance is the issue or it if is just not disabling the Single App Mode. The Single App Mode should drop once the device is registered, not compliant. I looking for a change in the application notes and nothing mentioned changing the requirement to compliance.
Nothing from Microsoft. Our vendor messaged us saying 'investigating'
Not wanting to pry, but who is your Vendor?
We use Razor for MS support instead of direct but i can still open some limited tickets directly.
I am just off the phone with MS - No resolution but we did come across the fact that Apple changed their terms and conditions. I had to log in to their site and approve the new T&C's.
Go to Devices --> iOS --> iOS/iPad Enrollment --> Enrollment Program Tokens --> Click your MDM --> Click Sync is disabled. You Must accept new ....

Not sure this has helped anything, and not sure of the time it will take for MS to see the new terms are approved (has been about 10 minutes and no change yet) but this might be something ...? Not sure. I Think they were changed late yesterday.

I will update when I know more from MS. The site only showed that change to me today.
We are also facing the same issue - i have opened a support ticket with MS. I noticed too that there was an update to Apple Business Manager t&c's - but i logged in and accepted those a few hours ago, and its not resolved the issue with registration stuck in single app mode. Hopefully this will be fixed rapidly as we cannot enrol new devices
Hey wondering if any changes have been noticed as of now? We are still seeing the same issue but just checking if something has been found? Thanks!
We are in the middle of a mobile phone roll out and have iPads being reset on a daily basis for work in the field.

Microsoft responded to our ticket saying they are aware multiple users are experiencing the issue , but there is no ETA to resolution.

Hey thanks so much for the update -that is way more information than I got from MS when I talked with them this morning.
We are also in the middle of a role out as well of new Cell phones. Everything was GREAT on Monday....Tuesday issues started....

@ZydecoRyan Same here. Everything was running smoothly and then yesterday I was inundated with users not able to get past the Company Portal login. Had to send out communication to hold off on porting from our old provider until this is resolved. 

@ZydecoRyan I accepted the new policies yesterday morning and I still had the issue late last night, so I don't think accepting it helps. I do think something from this change from Apple has broken things between them and Intune though.


Just tried again this morning and still having the same issues.


I am going to renew my VPP and Push certificates and see if that helps. Will post results shortly.


UPDATE: I renewed VPP and Push. Re-synced both in inTune then tried to enrol a phone and still have the same issues.


Not sure if MS is putting any priority on this. Their service status for inTune is still listed as "healthy" in my Admin Centre.

Hi All, Our devices have just started working again and the issue seems to have cleared we havent had a company portal update or anything but all phones that had the issue are now going through the config.


We did accept the new Apple T+C yesterday but I dont feel that was linked.