User Profile

Merlin

Copper Contributor

Joined May 17, 2021

13 Posts1 LikeLikes received

View All Badges

User Widgets

Recent Discussions

Re: Edge iOS authentication loop on Intune-managed device with Microsoft Enterprise SSO plug-in enabled
Understood. We're only licensed for Business Premium at my shop--which doesn't include MDE I don't believe. So I don't have to deal with that...yet. It seems like we're barrelling toward E5 for compliance requirements sometime in the next few years.
Jun 29, 2023 Place Microsoft Intune
5.1KViews
0likes
0Comments
Re: Edge iOS authentication loop on Intune-managed device with Microsoft Enterprise SSO plug-in enabled
nafanja alexanderchute WGravatt, I was able to fix this issue. Here's what I did: In the automatic device enrollment (ADE) profile, I setup https://learn.microsoft.com/en-us/mem/intune/enrollment/automated-device-enrollment-authentication#set-up-just-in-time-registration This replaces the Intune Company Portal app as the authentication method for ADE in Intune. In the Device features configuration profile, I removed all additional configurations from the Single sign-on app extension configuration. I then added the following additional configurations. Key Type Value AppPrefixAllowList String com.apple.,com.cisco. browser_sso_interaction_enabled Integer 1 disable_explicit_app_prompt Integer 1 device_registration String {{DEVICEREGISTRATION}} Altogether, this enables Just in Time registration for ADE and allows the SSO extension to work seamlessly. The user must login to the device using modern authentication during the OOBE and then must login to a managed Microsoft application to enable SSO. Microsoft recommends having the user login to Microsoft Teams first "https://learn.microsoft.com/en-us/mem/intune/enrollment/automated-device-enrollment-authentication#best-practices-for-sso-configuration". I think this is actually a better user experience for OOBE device enrollment and for SSO. So, it solves two problems at once for us. When using the Company Portal app as the authentication method, we were having issues with the device freezing after OOBE and requiring a forced restart to complete enrollment. Just in Time Registration solved that problem.
Jun 29, 2023 Place Microsoft Intune
5.4KViews
0likes
2Comments
Edge iOS authentication loop on Intune-managed device with Microsoft Enterprise SSO plug-in enabled
Hello Team, I'm experiencing a pretty weird issue with Edge on an iPhone 12 (16.5) enrolled in Intune with user affinity. I have an Azure AD user logged into the browser with sync enabled. The user is logged in to all Microsoft apps using the Microsoft Enterprise SSO plug-in for Apple devices.. Here's a .gif of the issue: Whenever I attempt to login to any website that uses Azure AD as its idP, the browser gets stuck at the login.microsoftonline.com endpoint and eventually enters what appears to be a loop with the Microsoft Authenticator app. This behavior is exclusive to Edge. All other Microsoft apps authenticate the user successfully using the SSO plug-in. Here are the Intune management settings enabled on the device: Device configuration policy settings Single sign-on app extension is enabled SSO app extension type: Azure AD Additional configuration for single sign-on app extension App configuration policy settings for Edge App protection policy for all Microsoft apps In addition to those settings, I do also have Safari hidden via a device restrictions policy. The goal is for all users to use Edge only. Any idea what might be driving this issue?
Jun 07, 2023 Place Microsoft Intune
edge
Intune
ios
6.7KViews
0likes
9Comments
Company Portal freezing iPhone after setup assistant is complete
Hello Team, I am brand new to Intune and have a bit of a tight deadline to establish a baseline configuration for our mobile devices (iOS/iPadOS only). I'm seeking some clarification on the expected OOBE behavior for the Intune Company Portal app. Per Microsoft's recommendation, I am deploying the Company Portal app via VPP. In the default ADE enrollment profile, I have the following settings: User affinity: Enroll with User Affinity Select where users must authenticate: Company Portal Install Company Portal with VPP: Use token (specified user) Run Company Portal In Single App Mode until authentication: Yes In app assignments, I have the following: Intune Company Portal (VPP): Required for All devices as an application that can't be removed. Microsoft Intune Company Portal: Unassigned So, my expectation under this configuration is that the company portal application would automatically install and open in single-app mode shortly after users setup assistant is complete. However, what's happening is that the Company Portal app installs silently and does not open. It appears on the Home screen after setup assistant closes. When I open the Company Portal app, the entire iPhone is frozen and must be force-started. After the force restart, the Company Portal application opens in single-app mode and requires authentication as I would expect. But the desired behavior is for this to happen after setup assistant is complete without freezing or having to restart the device. This behavior is consistent across multiple devices. Is there anything in my configuration that is causing this behavior?
Jun 07, 2023 Place Microsoft Intune
Intune
ios
4.1KViews
0likes
1Comment
Enabled Services on Microsoft 365 commercial licenses in AAD
To preface this, the controls I'm referring to can be found using this path: Azure Portal > Azure Active Directory > Users > (select user record) > Licenses > (select Microsoft 365 commercial license) We had an issue wherein SMTP authentication from our MFPs was failing. While investigating, we discovered that the Exchange Online (Plan 1) service that's packaged with the Microsoft 365 Business Standard license was turned off on the user that we use for this implementation. Because of that, the user's mailbox disappeared from exchange. After enabling Exchange Online (Plan 1) in the AAD admin center, everything started working again. While it's troubling that this service was seemingly turned off without our intervention, what's more troubling is that I became curious and started checking other user records--including my own. I found that the Exchange Online (Plan 1) service was turned off--yet my mailbox was working just fine. I found other users with the same anomaly. Does anyone have any insight on how or why this would happen? For additional background, we transitioned from Exchange 2013 on-prem to Exchange Online back in 10/2020. We're not operating on hybrid exchange. It's fully online.
Solved
Jan 14, 2022 Place Microsoft Entra
Azure Active Directory (AAD)
3.2KViews
0likes
2Comments
Re: Change Teams site URL
Hello Rob, Take a look at this documentation: https://docs.microsoft.com/en-US/sharepoint/change-site-address. Scroll down to the Teams (for Microsoft 365 group-connected sites). It mentions that the files tab in channels will need to be refreshed after an address change. I tested this out and it works! All I did was click the refresh symbol in the top-right corner of each channel and the files re-appeared. Sometimes, you'll have to click the refresh symbol more than once. But in each case, it worked. So, it's a bit of a pain if the Team has a lot of channels. But it's an otherwise easy process. Hope this helps!
Nov 10, 2021 Place Microsoft Teams
37KViews
0likes
1Comment
Re: Enabled Services on Microsoft 365 commercial licenses in AAD
Thanks for the response, Bilalel. We use this user for our MFPs and we're already working on getting it transitioned to OAuth SMTP. I will check the audit logs. Thanks again.
Oct 07, 2021 Place Microsoft Entra
3KViews
0likes
0Comments

Recent Blog Articles

No content to show