Shared iPad Misconfiguration Alert - Intune

Copper Contributor
Hello everyone,
 
I keep getting the below error message when adding an account on outlook application on a shared iPad;
Misconfiguration Alert
Your Organization's support team wants you to login with this account: .
But you tried to login with ****@***.org. Contact your organization's support team for help.
 
In the first line, the account is not mentioned in the error message but the hashed account used to access outlook was correctly stated
 
Does anyone have an idea why this error keeps popping up?
8 Replies
Is an Organization Allowed Account configured for Outlook in an App Configuration Policy? See here: https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and...

If it is configured can you let us know the value?
No it is not configured. Our device enrollment type is targeted at managed apps not managed devices.
Got exactly the same issue. with the ": ." in the first line.
No AppConfig send to the device, Authenticator login works fine. It cannot login Outlook via Authenticator somehow. No other Restrictions applied to the device which can restrict this afaik.

@marcvanderkooy 

I figured it out. You'd have to enable SSO plugin extension in your shared device policy. I have shared the link to the docmentation below
https://learn.microsoft.com/en-us/entra/identity-platform/apple-sso-plugin.

Once your policy is applied, on the test device, login to the authenticator which is already installed on the device. You will be prompted to register the device. The SSO extension will automatically recognize the account registered on the authenticator when you open outlook or any other O365 app.

 

Let me know if this works.

@FOwolabi 

I have the same issue, did you do any additional configuration in the SSO Plugin Extension profile? 

for example: AppPrefixAllowList, browser_sso_interaction_enabled and disable_explicit_app_prompt

 

Also did it work immediately after applying the configuration or did you have to do something in Authenticator? Re-adding the account or sign-in and out? 

 

I tried on one device so far but no success after adding the SSO configuration. Trying a reset of the device now. 

What settings do i need to configure in the "Single sign-on app extension" settings?

@marcvanderkooy i found this article as well, there you have a picture of a configuration profile that worked for that user.
https://www.reddit.com/r/Intune/comments/1foh5tu/shared_ipad_misconfiguration_alert_org_data/

I've tried that (same settings as in the screenshot on Reddit) but it didnt let me log in into Authenticator.
Maybe its because we dont use Managed Apple IDs and the Enrollment Profile in Intune is "Shared iPad = No" as the customer doesnt want to use Managed Apple IDs