Intune - Issues with Account-Driven User Enrollment Issues on iOS 18.5
Hello everyone, Since the release of iOS 18, Apple has deprecated profile-based user enrollment via the Company Portal app, requiring the use of Account-Driven User Enrollment. While this change enhances user experience, I'm encountering challenges in implementing it. Steps Taken: Apple Business Manager (ABM) Account: Created and linked the ABM account to Intune using the token. Corporate devices are successfully appearing in Intune. MDM Server Configuration: Set Intune as the default MDM server for all devices in ABM. Domain Federation: Established Entra ID federation in ABM to synchronize all users. Intune Enrollment Profile: Created an 'Enrollment Type Profile' of type 'Account-Driven User Enrollment.' MDM Push Certificate: Configured and validated the MDM Push certificate. Issue Encountered: According to https://support.apple.com/guide/deployment/account-driven-enrollment-methods-dep4d9e9cd26/web, starting with iOS 18.2, hosting a service discovery file on a web server is no longer mandatory. The device should automatically contact the ABM organization associated with the Managed Apple ID if no web server is found. On an iOS 18.5 device, I navigate to: Settings > General > VPN & Device Management > Sign in to Work or School Account After entering my Microsoft email address (which matches my Managed Apple ID due to federation), I consistently receive the error: "Your Apple ID does not support the expected services on this device." In ABM, under "Access Management" > "Apple Services," all services are activated. Could I be missing a crucial step in the configuration? Any guidance or insights would be greatly appreciated. Thank you in advance for your help. Best regards,
Apple business manager deployment - receiving pop-up bout apple account
Hello intune forum, I recently setup apple business manager in our enviroment to work with Intune. I've created the enrollment profile, setup the VPP token, etc. But now, a few of our users, myself included is getting a pop-up on our phones stating : "this apple account cannot make purchases". I made sure only the VPP apps are being pushed to the company phones and not the apps from the store. Anyone else have this issue?
licensing concept: ABM-locations and intune scopes
Hi, this is very much a conceptual stage, I currently do not have access to ABM (yet). Several departments want to by the same app with Apple, which could be turned into several locations in ABM, one for each department. Location "department a" would get 10 licenses, location "departent b" would get 5 licenses. There would be a token for each location, both tokens would be added to intune. In intune, those tokens will get different scopes, one for "department a", the other for "department b". Given the documentation I read, this should work, but I can't find the documenation to answer the big question: will intune combine those licenses to "there are 15 licenses in total, available to both department a and departent b" or will intune keep the separation of "10 licenses for department a and 5 for department b"? Or thinking more generally, independent of the store, considering android and microsoft was well: department a get 10 licenses in January, valid a year, department b gets 5 in July, valid a year. How would you prepare in order not to get into trouble, once department a's licenses expire? best regards Patrick
APNs Expired certificate
We have hundreds of devices managed in Intune: corporate and monitored in ABM (enrolled in ADE - Automated Device Enrollment). When renewing the APNs certificate, a new certificate was generated instead of renewing the old one. The previous APNs certificate, with which the mobiles were enrolled, has already expired and its grace period is over. As it is a new certificate, all the devices are non-compliance and unmanaged. To manage them again means doing a hard-reset and starting enrolment from scratch with ABM (supervised by Apple). Is there any other alternative to the hard reset? Is there any option to unlink/bind to the MDM? Is there any option to renew the previous certificate even if it has expired? thanks in advance for your helpHow to update managed Apps for iOS device
Dear forum members, Our VPP token is configured to turn off the Auto-update in the Intune for managed Apps. So how do you push out an app update if there is one? In the Airwatch, you could just select the App and it will show you all the devices that have the managed app installed, with the app version for each device. If you want to update the App, just select the devices and click update the App. I don't seem to have the equivalent settings in Intune. Thanks.
