Forum Discussion

nhtkid's avatar
nhtkid
Iron Contributor
May 08, 2020
Solved

Remove iOS device from assigned enrollment profile

Dear forum members, We all know we could assign a supervised device with a enrollment profile. In the https://go.microsoft.com/fwlink/?linkid=2109431, choose Devices > iOS > iOS enrollment > Enrol...
DEP
enrollment profile
Intune
ios
  • eglockling's avatar
    eglockling
    May 08, 2020

    nhtkid  This is by design. Devices synced from Apple Business Manager must have an enrollment profile assigned in Intune to enable functional automated enrollment. If you do not want an enrollment profile assigned, then the device should have the MDM profile assignment removed from Apple Business Manager and not be assigned to your Intune tenant in the first place. Is there a reason why you are configuring the device for automated enrollment, then trying to disable it in Intune?

Daniel Kharman's avatar
Daniel Kharman
Brass Contributor
Sep 23, 2021
Did you find a solution to this?
Carter_Whitley's avatar
Carter_Whitley
Copper Contributor
Jul 14, 2022

Daniel Kharman Have a look at the section titled "Use the Company Portal on a DEP device enrolled without user affinity (also known as Device Staging)" on https://docs.microsoft.com/en-us/mem/intune/apps/app-configuration-policies-use-ios

 

Sounds like you are enrolling the devices without a user, and will need to assign an app policy for the Company Portal app that targets the enrolled devices (we use a dynamic device group based on enrollment profile name) and tells Company Portal to use the existing enrollment profile when a user signs in.  That should allow user affinity association to take place.

 

XML configuration should look like:
 
<dict>
    <key>IntuneUDAUserlessDevice</key>
    <string>{{SIGNEDDEVICEID}}</string>
</dict>

 

Resources