SOLVED

macOS 10.15.4 Internet Accounts Intune device not recognized

Iron Contributor
I just updated to 10.15.4 on my test Mac and Apple Internet Accounts isn't able to identify the device so Intune doesn't know the device is compliant.
 
App name: Apple Internet Accounts

Device identifier: Not available

Device platform: macOS

Device state: unregistered

 

Is anyone else seeing this. I tested from a 2nd Mac and am seeing the same thing. I've also tried enrolling the device multiple times and even resetting the computer. 

25 Replies
Yes, seeing the same thing on a new MacBook I set up last night, as well as my other MacBook. I keep getting a notification for "Exchange Password Required", but when I go into Internet Accounts and try to provide my password, it says I'm not enrolled and asks me to install the Company Portal again.

@careyjung  - Seeing the same on a newly updated Mac. Did you ever find a solution to this?

@ollie_bk It's still broke. I think we have to wait and hope for a fix in 10.15.5. Or maybe it's an Entune issue? Not sure. For now, I've just unchecked all the boxes (Contacts, Calendar, etc.) for Exchange in Internet Accounts to make it inactive. Which means, of course, I can't use any of the native Mac apps for email, contacts, or calendars in Exchange. 

best response confirmed by Aaron Marks (Iron Contributor)
Solution

@ollie_bk Still no fix. Microsoft and Apple would need to acknowledge the issue before a fix will be worked on. If someone from Microsoft is working on this then please acknowledge here so that we can know this is being worked on. 

@Aaron Marks 

Yes, exact same issue here.  Exchange and Chrome have no issues but all Mac applications (Mail, Safari) won't work.

 

Hope there's a quick fix for this

MS Teams stopped working for me yesterday, other office apps work (Outlook, Skype4Business). Using teams web version through Chrome. Is MS Support watching this thread?

Same issue here. It keeps asking to enroll. The only work around that I have found it to VPN to your corporate office (where your Intune/JamF/SelfService  Servers are located  are located) then you will be able to use email. I have noticed that the Authentication seem to stay for 30 minutes if you disconnect you VPN.

This is a real pain... This should have been test better by the Security teams so that it can work from the Internet and inside your business networks.

@Aaron Marks Same here, been testing within our own org and seem to confirm that was introduced in 10.15.4 (and not fixed in current beta 1 for 10.15.5). Oddly, this seems to work for some people on 10.15.4.

 

10.15.4 introduced this feature, which sounds somewhat adjacent: "OAuth authentication support with Outlook.com accounts for improved security". It could be that the new Exchange implementation in Catalina mistakes O365 accounts for consumer Office.com accounts, but that is pure speculation on our side.

We got the same problem in our company.
macOS Version 10.15.4

 

App name: Any Application that needs the enrolled management profile

Device identifier: Not available

Device platform: macOS

Device state: Unregistered

I've not worked out if it is a problem from Apple or Microsoft.

If this is happening only for some people and not for others then I'd imagine that it has to do with a conditional access requirement that affect some people and not others. 

@Aaron Marks 

 

We have the same issue.

We also have conditional access and suddenly they are prompted to enroll/be compliant, even though they are.


It appears to only happen with macOS app logins like mail/calendar, as Outlook is working fine. So @thinklad  yes it might be related to this change.

Same problem here. Exchange connection dosen't work with the macOS native apps like Mail, Calendar and so on. 

Right after the update to 10.15.4 there wasn't any problem. It all started with a password change of the Azure AD account today. 

All other apps like Outlook, OneNote, Teams work fine. Safari also dosen't have a problem with MSFT sites like this one or yammer. 

The app Airmail still works. Looks like the problems is limited to "internet accounts". 

Microsoft pushed Company Portal 2.3.200301 as part of the Slow Ring sometime on 6 April; once the update is installed, it looks like for us, authenticating first while on the corporate VPN (so Conditional Access doesn't apply) allows to get a more durable OAuth token even once disconnected from the corporate network (tested by a few of my colleagues over the past few hours, now testing on my machines).

 

Update: it looks like the issue persists after all, I had to re-authenticate after about an hour. Sorry about the false hope.

Update 2: the workaround seems to work for users that have a single macOS machine (with or without iCloud Keychain enabled) but fails for users with multiple macOS devices + iCloud Keychain sync, presumably because the Keychain sync attempts to copy the original OAuth token to other Macs, triggering the re-auth. Nope.

After the latest macOS 10.15.4 Catalina Supplemental Update the issue seems to worsen for some users: the 'Enroll now' issue has expanded to Teams and OneDrive for Business for several users.

I installed the supplemental update but for me it is exactly the same behaviour as before. Everything works except macOS native apps for O365 Exchange account with Intune management. 

Same for me. No change in behavior.

@careyjung

 

 

The Mac update to 10.15.4 did NOT resolve my issue either.

 

I believe there is an issue with Intune identifying machine correctly. I select "corporate", but does not seem to work. 

https://portal.manage.microsoft.com/devices/

 

Tesla1_0-1586454175512.png

 

 

Same for me. Please help.

Does anybody know that this issue was acknowledged either by Microsoft and/or Apple and they are working on a fix? 

If not can anyone file a bug or open a support ticket? 

1 best response

Accepted Solutions
best response confirmed by Aaron Marks (Iron Contributor)
Solution

@ollie_bk Still no fix. Microsoft and Apple would need to acknowledge the issue before a fix will be worked on. If someone from Microsoft is working on this then please acknowledge here so that we can know this is being worked on. 

View solution in original post