May 07 2020 09:29 PM
May 07 2020 09:29 PM
Dear forum members,
We all know we could assign a supervised device with a enrollment profile.
But how do you remove the device from a certain profile? When you select the device, you option is to choose which enrollment profile you want to assign to, but you can't choose blank. You have to choose a profile for the device.
What I have been doing is delete the device from Intune and run the sync between ABM and Intune again to bring it back. This is obviously not ideal and probably not the right way to do.
Can anyone please advise?
May 08 2020 07:13 AMSolution
@wangjueliang This is by design. Devices synced from Apple Business Manager must have an enrollment profile assigned in Intune to enable functional automated enrollment. If you do not want an enrollment profile assigned, then the device should have the MDM profile assignment removed from Apple Business Manager and not be assigned to your Intune tenant in the first place. Is there a reason why you are configuring the device for automated enrollment, then trying to disable it in Intune?
May 09 2020 10:19 PM
Thanks @eglockling, I think I was a bit confused myself. The question I asked didn't make much sense either lol.
I am now quite cleared that for iPads that are in the Apple's Device Enrollment Program, either in ABM or ASM, they will be synced to Intune as Automatic Device Enrollment. I need to have one ADE enrollment profiles for each device enrollment and user enrollment.
What I am still not clear about, is the Enrollment targeting - Enrollment types (preview). What kind of enrollment profile that is for if I create one under that node?
May 11 2020 05:25 AM
@wangjueliang Enrollment targeting is for configuring the user experience for non-automated device enrollment. You can choose between the standard Device Enrollment, or the new User Enrollment that was introduced by Apple with iOS/iPadOS 13 (similar to Android Enterprise Work Profile). This will be applicable to iOS/iPadOS devices that are not part of Apple ADE and do not have an MDM profile assigned in Apple Business Manager. Hope this helps.
Aug 06 2021 07:09 AM
I have a similar issue, with MDM enrollment and I am trying to work through this because our intune is syncing with new iPhone devices through Apple DEP at the time of activation and it is downloading the Intune MDM profile and puts the phone in our business name and supervise mode... that said when we try to enroll the device we use the app Company Portal for the specific user... This is where the issue lies.
When the user logs in to company portal, the portal goes to Intune, requests to download the Intune profile, tries to apply the profile but it fails because it says it is unable to reach the server, yet it just download the profile from the Intune server??? Ultimately, we can't enroll these phones to the individual user or assign them to their department. We have limited 'supervision' because while they are under supervision, they are not enrolled in our Intune MDM because it won't enroll through company portal.
We've tried resetting these devices... These devices are all set as default MDM intune in Apple DEP... the Tokens have been verified, I've removed and recreated our policies twice following Microsoft's baseline step by step to ensure its exact... just can't get these things to cooperate. Using the 2nd Gen iPhone SE's... any direction would be great. I've tried removing Intune from Apple DEP and unassigning, then erasing, then reconfiguring and opening portal, the phone will enroll, but it isn't in supervise mode because it wasn't managed by an MDM during Apple's activation... Been working through this for weeks. UGH! HELP??