iOS device not registering in AAD but enrolled in Intune

Copper Contributor

A few iOS devices enrolled in Intune and received all the profiles and applications, but in Company Portal they are reporting "We can't register this device. Try again later." Devices are not able to access the corporate resources. It is not a tenant wide issue since most devices are registering fine but some are stuck in loop and fails to complete the registration. Impacted devices have the same value for Intune device ID and Azure Device ID. I tried deleting the device records from AAD and Intune but it didn't fix the issue.

Anyone else experiencing this ?

26 Replies

@MManshu - We are also experiencing this same issue with some of our BYOD devices. I am still waiting on Microsoft support to look into this; however, this seems to have begun about three weeks ago after iOS updates sent out the security update for iOS 16.5 (C). Our issue is we cannot ask the users to wipe their personal devices, so they are just stuck in limbo. 

Same issue we are also facing.
Anyone got any resolution??

@777mebin I found a workaround for now. Delete the records via AAD and then Intune as well. Have the user install the Microsoft Authenticator App and register the device there first. After that have them enroll via Company Portal. Also MS support is implementing a fix in the first week of September. 

Thank you so much.let me try that on next week with the User and update you.
Do you have any link where MS support has mentioned about their fix on september?link will help to show it to the Users?
Also, I would like to know is it iOS 16.6 causing or its because of company portal updates?

@777mebin I do not have a link as I was working closely with our MS Support team, and they have made me aware of this fix coming. I am seeing this is only impacting users who have upgraded to iOS 16.6 or have purchased new devices with iOS 16.6 already in place. 

Okay.Thank you so much.For now,I will try the workaround and update it to you.Thanks again!
For us, we force Azure AD registration using Single Sign On App Extension as assurance in case users skip the Comp Portal setup.

In all cases, like others said below, have them enroll only after "Company Portal" and "Microsoft Authenticator" have been installed on that device.

For SSO setup + ADD registration: https://learn.microsoft.com/en-us/azure/active-directory/develop/apple-sso-plugin#enable-sso-for-app...

Use the following configuration to enable Just in Time Registration for iOS/iPadOS with Microsoft Intune:
Key: device_registration
Type: String
Value: {{DEVICEREGISTRATION}}
Hi Resnicke,
Installing Microsoft Authenticator and then re-enrolling worked.
Thank you so much
The issue we do not force Just in time registration for BYOD devices. Only for Apple DEP enrolled devices uses this feature. So for BYOD we just have install Authenticator, activate the device and then proceed with the Company Portal enrollment.
Thats great news. Your welcome!

@resnickc when you say you installed the Authenticator App, did you have to do anything with the app or just install it?  In other words, did you have to add an account or anything?

@Hillaury We will have to register the required account in Microsoft authenticator app Register device section so that it will get registered to Azure AD.

A handful of our IOS users are now experiencing this exact issue. We do not use the MS Authenticator app as our two-factor app, but use a third-party two-factor app -- and have been for several years with Intune MDM enrollments. Does anyone know the status of the Microsoft fix for this issue today?

@eveller this worked for us:

- remove management profile from iOS device (either via Company Portal or Settings)

- uninstall Company Portal

- install any Office 365 app (Word, Excel, PP...) if not already

- close (kill) all Office 365 apps from background if running

- Settings > Word [or another Office 365 app you choose above] > Reset Word >turn ON Delete Sign-In Credentials

- Restart Word [or another Office 365 app you choose above] to clear credentials

- Double-check that Delete Sign-In Credentials is now turned OFF

- Install Company Portal, sign in and enroll

 

@eveller tried this today, works after Authenticator. I used to have this issue and i am unable to get into Egnyte app. but today it works.

Anyone have any updates about a fix?

@JoeTings please check my reply from 12th Oct. As per that it looks like cached credentials on device are causing this issue. Thus I would not expect MS can fix this in Intune.

@danyg After my post, my director asked me to reach out to MS with a ticket. My tech told me it's an issue specifically related to iOS 16 and they expected it resolved in iOS 17. I have not seen the issue since. If I see one in iOS 17, I'll update here.
Hi,
I am experiencing the issue on IOS 17.3.1
Nothing works for me, can't register the device in the company portal, everything ok in Intune except Entra registration as Unknown and information missing in AAD MS Entra Admin Center
Do anyone still have the issue ?

Thank you by advance