iOS device not registering in AAD but enrolled in Intune

Copper Contributor

A few iOS devices enrolled in Intune and received all the profiles and applications, but in Company Portal they are reporting "We can't register this device. Try again later." Devices are not able to access the corporate resources. It is not a tenant wide issue since most devices are registering fine but some are stuck in loop and fails to complete the registration. Impacted devices have the same value for Intune device ID and Azure Device ID. I tried deleting the device records from AAD and Intune but it didn't fix the issue.

Anyone else experiencing this ?

12 Replies

@MManshu - We are also experiencing this same issue with some of our BYOD devices. I am still waiting on Microsoft support to look into this; however, this seems to have begun about three weeks ago after iOS updates sent out the security update for iOS 16.5 (C). Our issue is we cannot ask the users to wipe their personal devices, so they are just stuck in limbo. 

Same issue we are also facing.
Anyone got any resolution??

@777mebin I found a workaround for now. Delete the records via AAD and then Intune as well. Have the user install the Microsoft Authenticator App and register the device there first. After that have them enroll via Company Portal. Also MS support is implementing a fix in the first week of September. 

Thank you so much.let me try that on next week with the User and update you.
Do you have any link where MS support has mentioned about their fix on september?link will help to show it to the Users?
Also, I would like to know is it iOS 16.6 causing or its because of company portal updates?

@777mebin I do not have a link as I was working closely with our MS Support team, and they have made me aware of this fix coming. I am seeing this is only impacting users who have upgraded to iOS 16.6 or have purchased new devices with iOS 16.6 already in place. 

Okay.Thank you so much.For now,I will try the workaround and update it to you.Thanks again!
For us, we force Azure AD registration using Single Sign On App Extension as assurance in case users skip the Comp Portal setup.

In all cases, like others said below, have them enroll only after "Company Portal" and "Microsoft Authenticator" have been installed on that device.

For SSO setup + ADD registration:

Use the following configuration to enable Just in Time Registration for iOS/iPadOS with Microsoft Intune:
Key: device_registration
Type: String
Hi Resnicke,
Installing Microsoft Authenticator and then re-enrolling worked.
Thank you so much
The issue we do not force Just in time registration for BYOD devices. Only for Apple DEP enrolled devices uses this feature. So for BYOD we just have install Authenticator, activate the device and then proceed with the Company Portal enrollment.
Thats great news. Your welcome!

@resnickc when you say you installed the Authenticator App, did you have to do anything with the app or just install it?  In other words, did you have to add an account or anything?

@Hillaury We will have to register the required account in Microsoft authenticator app Register device section so that it will get registered to Azure AD.