MC703712: Move to Setup Assistant with modern authentication and JIT registration for iOS/iPadOS ADE devices

Announcement ID	MC703712	Published Date	01-04-2024
Service	Intune	Last Updated	01-04-2024
Category	Plan for change	Expiration Date	06-29-2024
Roadmap ID		Action Required by Date
Tags	Admin impact

Summary
MC703712: Move to Setup Assistant with modern authentication and JIT registration for iOS/iPadOS ADE devices

More Information
In the first half of calendar year 2024, we will stop supporting the option to Run Company Portal in Single App Mode until authentication for iOS/iPadOS automated device enrollment (ADE). Existing enrollment profiles with this configuration will not work for enrolling new devices. Additionally, you will not be able to save new enrollment profiles with this configuration. For more details, read the blog: Transforming the iOS/iPadOS ADE experience in Microsoft Intune How this will affect your organization: You have likely already moved to use Setup Assistant with modern authentication and are using Just in time (JIT) registration and compliance remediation with await final configuration set to Yes. However, if you have not, we recommend moving to this authentication method and flow as soon as possible. After this change, the setting Run Company Portal in Single App Mode until authentication (Devices > iOS/iPadOS > iOS/iPadOS enrollment > Enrollment Program Tokens > select/create Profile > Management Settings) will no longer take effect, regardless of the configuration shown in the UI. Additionally, if the Company Portal is the authentication method (Devices > iOS/iPadOS > iOS/iPadOS enrollment > Enrollment Program Tokens > select/create Profile > Enroll with user device affinity > Company Portal), the app will no longer be automatically sent with the creation of the enrollment profile. What you need to do to prepare: Review the updated documentation and several best practices blogs prior to moving. If you do not adopt the Setup Assistant with modern authentication method, new devices will be unable to enroll until you do one of the following: (Recommended) Select â€œSetup assistant with modern authenticationâ€ as the authentication method for existing and new enrollment profiles. Additionally, ensure Await final configuration is set to â€œYesâ€ within the enrollment profile and that JIT registration and compliance remediation is configured correctly for your ADE devices. Use ADE user affinity enrollment with the Company Portal as a required app with the correct app configuration policy attached. Note: The user will need to manually run the Company Portal and complete the enrollment and Microsoft Entra ID registration steps.

More Information

In the first half of calendar year 2024, we will stop supporting the option to Run Company Portal in Single App Mode until authentication for iOS/iPadOS automated device enrollment (ADE). Existing enrollment profiles with this configuration will not work for enrolling new devices. Additionally, you will not be able to save new enrollment profiles with this configuration. For more details, read the blog: Transforming the iOS/iPadOS ADE experience in Microsoft Intune

How this will affect your organization:

You have likely already moved to use Setup Assistant with modern authentication and are using Just in time (JIT) registration and compliance remediation with await final configuration set to Yes. However, if you have not, we recommend moving to this authentication method and flow as soon as possible.

After this change, the setting Run Company Portal in Single App Mode until authentication (Devices > iOS/iPadOS > iOS/iPadOS enrollment > Enrollment Program Tokens > select/create Profile > Management Settings) will no longer take effect, regardless of the configuration shown in the UI. Additionally, if the Company Portal is the authentication method (Devices > iOS/iPadOS > iOS/iPadOS enrollment > Enrollment Program Tokens > select/create Profile > Enroll with user device affinity > Company Portal), the app will no longer be automatically sent with the creation of the enrollment profile.

What you need to do to prepare:

Review the updated documentation and several best practices blogs prior to moving. If you do not adopt the Setup Assistant with modern authentication method, new devices will be unable to enroll until you do one of the following:

(Recommended) Select â€œSetup assistant with modern authenticationâ€ as the authentication method for existing and new enrollment profiles. Additionally, ensure Await final configuration is set to â€œYesâ€ within the enrollment profile and that JIT registration and compliance remediation is configured correctly for your ADE devices.
Use ADE user affinity enrollment with the Company Portal as a required app with the correct app configuration policy attached. Note: The user will need to manually run the Company Portal and complete the enrollment and Microsoft Entra ID registration steps.

Top News

MC878427: Restricted Content Discoverability for SharePoint Sites

MC761227: Microsoft Teams Phone devices: Advanced calling and contact management on non-touch phones

MC721853: Microsoft New feedback button

MC891238: Microsoft SharePoint and Microsoft Teams: Update on new Microsoft Lists rollout

MC797119: A new Start experience

MC888034: Accept Apple's new terms and conditions to ensure Intune can communicate with Apple as expected

Removing the Default Exchange Server Database: A Step-by-Step Guide

Create and Manage Exchange Groups

Creating a Mailbox in Exchange Server 2013 Using PowerShell

MC888036: Prevent/Fix: PnP PowerShell authentication failures

MC703712: Move to Setup Assistant with modern authentication and JIT registration for iOS/iPadOS ADE devices

Contact Form

Top News

MC703712: Move to Setup Assistant with modern authentication and JIT registration for iOS/iPadOS ADE devices

You Might Like

Contact Form