Intune - Issues with Account-Driven User Enrollment Issues on iOS 18.5
Hello everyone, Since the release of iOS 18, Apple has deprecated profile-based user enrollment via the Company Portal app, requiring the use of Account-Driven User Enrollment. While this change enhances user experience, I'm encountering challenges in implementing it. Steps Taken: Apple Business Manager (ABM) Account: Created and linked the ABM account to Intune using the token. Corporate devices are successfully appearing in Intune. MDM Server Configuration: Set Intune as the default MDM server for all devices in ABM. Domain Federation: Established Entra ID federation in ABM to synchronize all users. Intune Enrollment Profile: Created an 'Enrollment Type Profile' of type 'Account-Driven User Enrollment.' MDM Push Certificate: Configured and validated the MDM Push certificate. Issue Encountered: According to https://support.apple.com/guide/deployment/account-driven-enrollment-methods-dep4d9e9cd26/web, starting with iOS 18.2, hosting a service discovery file on a web server is no longer mandatory. The device should automatically contact the ABM organization associated with the Managed Apple ID if no web server is found. On an iOS 18.5 device, I navigate to: Settings > General > VPN & Device Management > Sign in to Work or School Account After entering my Microsoft email address (which matches my Managed Apple ID due to federation), I consistently receive the error: "Your Apple ID does not support the expected services on this device." In ABM, under "Access Management" > "Apple Services," all services are activated. Could I be missing a crucial step in the configuration? Any guidance or insights would be greatly appreciated. Thank you in advance for your help. Best regards,
licensing concept: ABM-locations and intune scopes
Hi, this is very much a conceptual stage, I currently do not have access to ABM (yet). Several departments want to by the same app with Apple, which could be turned into several locations in ABM, one for each department. Location "department a" would get 10 licenses, location "departent b" would get 5 licenses. There would be a token for each location, both tokens would be added to intune. In intune, those tokens will get different scopes, one for "department a", the other for "department b". Given the documentation I read, this should work, but I can't find the documenation to answer the big question: will intune combine those licenses to "there are 15 licenses in total, available to both department a and departent b" or will intune keep the separation of "10 licenses for department a and 5 for department b"? Or thinking more generally, independent of the store, considering android and microsoft was well: department a get 10 licenses in January, valid a year, department b gets 5 in July, valid a year. How would you prepare in order not to get into trouble, once department a's licenses expire? best regards Patrick