Intune - Issues with Account-Driven User Enrollment Issues on iOS 18.5
Hello everyone, Since the release of iOS 18, Apple has deprecated profile-based user enrollment via the Company Portal app, requiring the use of Account-Driven User Enrollment. While this change enhances user experience, I'm encountering challenges in implementing it. Steps Taken: Apple Business Manager (ABM) Account: Created and linked the ABM account to Intune using the token. Corporate devices are successfully appearing in Intune. MDM Server Configuration: Set Intune as the default MDM server for all devices in ABM. Domain Federation: Established Entra ID federation in ABM to synchronize all users. Intune Enrollment Profile: Created an 'Enrollment Type Profile' of type 'Account-Driven User Enrollment.' MDM Push Certificate: Configured and validated the MDM Push certificate. Issue Encountered: According to https://support.apple.com/guide/deployment/account-driven-enrollment-methods-dep4d9e9cd26/web, starting with iOS 18.2, hosting a service discovery file on a web server is no longer mandatory. The device should automatically contact the ABM organization associated with the Managed Apple ID if no web server is found. On an iOS 18.5 device, I navigate to: Settings > General > VPN & Device Management > Sign in to Work or School Account After entering my Microsoft email address (which matches my Managed Apple ID due to federation), I consistently receive the error: "Your Apple ID does not support the expected services on this device." In ABM, under "Access Management" > "Apple Services," all services are activated. Could I be missing a crucial step in the configuration? Any guidance or insights would be greatly appreciated. Thank you in advance for your help. Best regards,
Twice profile installation - Apple ADE / company portal
Hi at all experts :-) I`ve setup Intune for ADE enrollment for our macOS devices. - user-affinity - modern authentication During the startup process the device shows that it belongs to our company. The user have to login with the microsoft account. --> the profile is installed on the device After starting up, the Mac can be used. Now a user want to install apps via company portal. The user opens company portal and have to download and install a profile. This results in an error during installation. I think because the profile which was installed during startup already exists. What I´ve done false?
Apple business manager deployment - receiving pop-up bout apple account
Hello intune forum, I recently setup apple business manager in our enviroment to work with Intune. I've created the enrollment profile, setup the VPP token, etc. But now, a few of our users, myself included is getting a pop-up on our phones stating : "this apple account cannot make purchases". I made sure only the VPP apps are being pushed to the company phones and not the apps from the store. Anyone else have this issue?Enroll Corporate Owned MAC devices Recommendations
Dear Community I have Corporate Owned Mac Devices and there is a requirement to enroll them. After reviewing different MS articles it's unclear where to get started. The article mentioned different approaches for MAC device enrollment however it require Apple School/Business Manager portal to proceed but as of now i donot have https://learn.microsoft.com/en-us/mem/intune/fundamentals/deployment-guide-enroll?tabs=user-owned-android%2Ccorporate-owned-apple%2Cautomatic-enrollment The other article also mentioned straight forward approach however I am not sure do I still require and need to configure Automated Device Enrollment profile https://learn.microsoft.com/en-us/mem/intune/user-help/enroll-company-device-macos Our goal is simple , need to enroll new Mac Company Owned Devices in Intune. Anyone please suggest or currently manage MAC devices via Intune for any client. What is best recommended approach to enroll MAC devices via Intune as later on we need to configure Security Policies and Configuration Profiles. As of now we have fresh tenant and there is no any configuration done so far with respect for MAC devicesRevoke VPP App Assignment for Token
Hello, Can anyone clarify if I need to uninstall the VPP apps and then remove the group assignments assigned to the VPP apps or, can I just uninstall the APP apps and leave the groups assigned, and then, I can select the option Revoke all VPP app licenses via the 'token' option? Also, the check box here throws me a curve ball, as I would think that I have to uninstall for the 'Notify users...' to notify, but then if it is a non-user affinity device, who gets notified?iPad/iPhone and Mac with Intune
Hello everyone! This is my first post. We have recently been staring to use Intune, beginning with our PC’s and Samsung phones. Now we’re discussing if we shell or shell not migrate or iPad/iPhones and Macs as well. We’ve got around 1.000 Macs and 2.000 devices. About 90-95% of the are used in school by students and teachers. For the moment we manage the in Jamf Pro. Bellow follows a couple of questions I find very interesting to get some answers for. : iPad / iOS Jamf Techer and Apple Classroom Jamf Teacher - Create and manage classes - Create and start lessons - Share a lesson - Invite students to a remote class - Send messages to class or student - Request apps for students - Manage students devices, set restrictions for ongoing lesson among other things Apple Classroom - Can do much Jamf Techer can, but not all - Allows you to remote control student - You can combine both Apple Classroom and Jamf Teacher Is there any app like Jamf Teacher connected to Intune? Mac When it comes to Mac in Intune, how long does it in average take to enroll? Is it passible and is it easy to change/renew a configuration/policy for a Mac that’s already enrolled for an example a month ago? How about creating and deploying a new coniguration/policy to a already enrolled Mac? Both iPad and Mac How close ot release of new OS’s does Microsoft support it?
Apple Management Profile reinstall
Our apple Push certificate expired on us... I have reissued a new one and all new devices connect fine and get new apps pushed. All the "older" devices that where connected to the olde certificate now cant check in. The "manual" solution is testede and working, is to remove the management profile from the device, reopen Intune Company portal, and install a new Management Profile. But i´m not trusting my users to do this, so im looking for more controlled way of doing a "reinstall" management profile.
iOS DEP enrolled devices missing Enrollment Profile (breaking dynamic group and filter logic)
Starting 31/05/2022 new iOS enrollments via Apple Business Manager Device Enrollment do not have an Enrollment Profile attribute assigned under Hardware, generally we use this attribute to define dynamic groups/filters. I have seen this on at least two different customer tenants so far. Example of a filter no longer matching a device enrollment. (previous enrollments still show the correct Enrollment Profile Note: Testing 3 tenants we only see two in APAC impacted so far. Asia Pacific 0101 Asia Pacific 0201
Enterprise Apps not shown in Intune Company Portal App for MacOS
Hi, we experience that the Intune Company Portal App for Mac did not show any Enterprise Apps . In the Windows Version of the Company Portal App, all Enterprise Apps Assigned to a User are available. Does anyone know if this is normal or do we missed something ? I did not find any documentation regarding this. Thanks best Sven
