May 26 2021 12:39 AM
Hello,
I have recently created an Apple Business Manager account, purchased iPads through the Apple Business Store which linked directly into Devices under business.apple.com devices.
I have configured MDM server (Intune) successfully via the Apple Business Manager. Everything seems to be Synced. For example, if I go to Intune, Enroll devices, Enrollment program tokens, I can see the new iPads in "ready to enroll". I've created a Profile and assigned it to the iPads. The state is "Not Contacted" but I figure that's normal until the enrolment is done?
I tried enrolling just a single iPad to start with and I'm hitting Invalid Profile (see screenshot).
Not sure what I've done wrong.
Appreciate some help.
Thanks
May 26 2021 07:09 AM
May 26 2021 06:47 PM
@Rudy_Ooms_MVP thanks for your reply. They are enrolled into ABM by the supplier (purchased through Apple Business Store). The token is valid as far as I can see.
Additional screenshots provided.
I've since tried updating the iPad through iTunes and performed a factory reset. Still the same error.
May 26 2021 06:48 PM
May 27 2021 04:31 AM - edited May 27 2021 04:38 AM
Hi
To be sure could you check
-if there any enrollment restrictions that would block it
-If the devices were assigned to an MDM server with DEP profile configured before running setup assistant on the device
And maybe to test it... do you have a mac ? so you can try to configure the iPad with the apple configurator
May 27 2021 04:54 PM
@Rudy_Ooms_MVP Please find enrollment restrictions attached
I'm quite certain the devices were assigned to the MDM server beforehand. Just in case they weren't though, is there a way to "reset" and start from scratch? I did try restoring the iPad to factory using iTunes but still the same error.
I don't have a Mac unfortunately.
Thanks,
Glenn
May 27 2021 11:35 PM
-----
In Apple Business Manager , sign in with an account that has the role of Administrator or Device Enrolment Manager.
Click Devices in the sidebar, search for a device in the search field, then select the device from the list.
After you have searched for devices, select the total number of devices at the top of the list, then click .
Do one of the following:
Choose Assign to server, then choose the MDM server you want to assign or reassign the device to.
Choose Unassign to unassign the device from an MDM server.
Note: If you select a device that is unassigned, you will not see the unassigned option.
Click Continue.
A new activity generates a list of the devices that are assigned or reassigned to the selected MDM server, or unassigned from an MDM server. You can wait for the activity to complete or click Close to close the window.
----
So if you can't click un unassigned, the device has no mdm server assigned..
May 28 2021 11:03 PM
Hi Rudy,
I reassigned them but I believe they were already assigned. Please see screenshot.
Interesting, when I connect the iPad to iTunes, it comes up with this now (see screenshot). However, I'm still getting invalid profile error.
Aug 01 2021 09:35 PM
@glennsfield Check if your MDM Push Certificate has expired.
Here is the KB: Get an Apple MDM Push certificate
Apr 17 2023 04:47 PM
Apr 23 2023 10:00 AM - edited Apr 23 2023 10:04 AM
I saw this error on a tenant where the mobile device management authority (https://endpoint.microsoft.com/#view/Microsoft_Intune_Enrollment/ChooseMDMAuthorityBlade) was not configured.
Apr 25 2023 04:58 AM
Hi @glennsfield ,
In the enrollment profile, you have not selected any VPP tokens for installing the Comp portal. It is required to push Company Portal app as a VPP app and the correct token selected in the enrollment profile. Without this, enrollment will fail.
Best Regards,
Somesh
Jan 07 2024 05:12 PM
Apr 01 2024 09:05 AM
Devices->iOS/iPadOS->iOS/iPadOS enrollment->Device platform restrictions->Select the default ->Properties->Edit (platform settings)->Set iOS/iPadOS to Allow (default is block)
Aug 20 2024 06:01 AM