Non User Affinity iPad

%3CLINGO-SUB%20id%3D%22lingo-sub-1729486%22%20slang%3D%22en-US%22%3ENon%20User%20Affinity%20iPad%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1729486%22%20slang%3D%22en-US%22%3E%3CP%3EI%20believe%20I%20have%20the%20subject%20right.%20Basically%20I%20want%20to%20manage%20several%20iPad%20devices%20that%20will%20in%20used%20for%20certain%20applications.%20Not%20really%20Kiosk%20mode%20per%20say%20as%20I%20do%20not%20want%20to%20lock%20them%20down%20to%20just%20one%20app%20but%20I%20do%20want%20to%20limit%20their%20access.%20The%20issue%20I%20have%2C%20these%20devices%20do%20not%20need%20to%20be%20assigned%20a%20user.%20Example%2C%20Conference%20Rooms.%26nbsp%3B%20I%20added%20them%20into%20Intune%20(Endpoint)%20via%20Apple%20Configurator%20Enrollment.%20But%20it%20just%20stays%20at%20Ready%20to%20Enroll.%20Installing%20the%20Company%20Portal%20requires%20someone%20to%20login.%26nbsp%3B%20The%20Profile%20I%20assigned%20the%20device%20is%20Non-Affinity%20User.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20do%20I%20manage%20these%20devices%20without%20assigning%20it%20to%20a%20user%20and%20having%20someone%20login%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1729486%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1731340%22%20slang%3D%22en-US%22%3ERe%3A%20Non%20User%20Affinity%20iPad%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1731340%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F6398%22%20target%3D%22_blank%22%3E%40Jeff%20Harlow%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3E%3CSPAN%3EDevices%20that%20are%20configured%20with%20no%20user%20affinity%20do%20not%20support%20the%20Company%20Portal%20and%20should%20not%20have%20the%20app%20installed.%20The%20Company%20Portal%20is%20designed%20for%20users%20who%20have%20corporate%20credentials%20and%20require%20access%20to%20personalized%20corporate%20resources%20(like%20email).%20Devices%20that%20are%20enrolled%20with%20no%20user%20affinity%20aren't%20intended%20to%20have%20a%20dedicated%20user%20sign%20in.%20Kiosk%2C%20point%20of%20sale%20(POS)%2C%20or%20shared-utility%20devices%20are%20typical%20use%20cases%20for%20devices%20that%20are%20enrolled%20with%20no%20user%20affinity.%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3E%3CSPAN%3Ehave%20you%20set%20up%26nbsp%3BApple%20MDM%20Push%26nbsp%3Bcertificate%20in%20endpoint%20manager%3F%26nbsp%3BAn%20Apple%20MDM%20Push%20certificate%20is%20required%20for%20Intune%20to%20manage%20iOS%2FiPadOS%20and%20macOS%20devices.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3E%3CSPAN%3EYou%20can%20find%20more%20info%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmem%2Fintune%2Fenrollment%2Fdevice-enrollment-program-enroll-ios%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmem%2Fintune%2Fenrollment%2Fdevice-enrollment-program-enroll-ios%26nbsp%3B%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmem%2Fintune%2Fenrollment%2Fapple-configurator-enroll-ios%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmem%2Fintune%2Fenrollment%2Fapple-configurator-enroll-ios%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1739674%22%20slang%3D%22en-US%22%3ERe%3A%20Non%20User%20Affinity%20iPad%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1739674%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F396611%22%20target%3D%22_blank%22%3E%40alexandertuvstrom%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYes%2C%20I%20have%20all%20of%20that%20setup.%20I%20have%20several%20devices%20that%20are%20supervised%20but%20these%20devices%20were%20not%20purchased%20through%20our%20cell%20service%20so%20it%20is%20not%20in%20the%20business%20manager.%26nbsp%3B%20Just%20a%20regular%20iPad.%26nbsp%3B%20Need%20to%20get%20it%20setup%20so%20I%20can%20manage%20apps%20and%20settings.%26nbsp%3B%20Thanks.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Regular Contributor

I believe I have the subject right. Basically I want to manage several iPad devices that will in used for certain applications. Not really Kiosk mode per say as I do not want to lock them down to just one app but I do want to limit their access. The issue I have, these devices do not need to be assigned a user. Example, Conference Rooms.  I added them into Intune (Endpoint) via Apple Configurator Enrollment. But it just stays at Ready to Enroll. Installing the Company Portal requires someone to login.  The Profile I assigned the device is Non-Affinity User. 

 

How do I manage these devices without assigning it to a user and having someone login? 

2 Replies
Highlighted

@Jeff Harlow 

Devices that are configured with no user affinity do not support the Company Portal and should not have the app installed. The Company Portal is designed for users who have corporate credentials and require access to personalized corporate resources (like email). Devices that are enrolled with no user affinity aren't intended to have a dedicated user sign in. Kiosk, point of sale (POS), or shared-utility devices are typical use cases for devices that are enrolled with no user affinity.

 

have you set up Apple MDM Push certificate in endpoint manager? An Apple MDM Push certificate is required for endpoint manager to manage iOS/iPadOS and macOS devices. 

 

You can find more info here: https://docs.microsoft.com/en-us/mem/intune/enrollment/device-enrollment-program-enroll-ios 

https://docs.microsoft.com/en-us/mem/intune/enrollment/apple-configurator-enroll-ios

 

 

Highlighted

@alexandertuvstrom 

 

Yes, I have all of that setup. I have several devices that are supervised but these devices were not purchased through our cell service so it is not in the business manager.  Just a regular iPad.  Need to get it setup so I can manage apps and settings.  Thanks.