Forcing enrollment with M365 ID for supervised iPhone

Occasional Contributor


I believe we have Intune set up correctly with ABM. We have the tokens, VPP, etc.  While all this was happening, a user in a remote office got an iPad and must have used his personal apple id instead of the M365 one. The device appears in Intune but not AAD. It won't show the phone # or the enrolled by. How can we "force" new iPhones to require the M365 ID when enrolling.


Since users will be using this phone for reasonable personal use, we want them to be able to add another apple id to buy personal stuff, as the work account only provides what is in the company store.


Initial enrollment is the concern


2 Replies

hi @Tom-irp ,

If I understood currecty from your query, then the only option to force your iOS devices to use corporate credentials during setup is to have them added to ABM and synced to Intune by setting up a connection between the two. Then you have to create an enrollment profile to which devices will be added.  Once everything is configurred correctly then, the new devices should go through setup assistant screens where they will download the enrollment profile with establishing user-device affinity with corp credentials. For existing devices, a factory reset will be required after adding them to this profile.


Hope this helps with your query.


Best Regards,


Thank you. We have that. We are wondering if there are specific options in the enrollment profile - do you know? We have a test device that we are using.