Intune Enrollment Flow Update for Apple’s Automated Device Enrollment for iOS/iPadOS

This post has been republished via RSS; it originally appeared at: Intune Customer Success articles.

Today, we have posted Message Center post: MC214914 with the text below. This post provides screen shots of what’s being removed in the enrollment flow.

 

Plan for Change: Intune Enrollment Flow Update for Apple’s Automated Device Enrollment for iOS/iPadOS 

In the July Company Portal release, we’ll be changing the iOS/iPadOS enrollment flow for Apple’s Automated Device Enrollment (formerly known as DEP). The enrollment flow change is only encountered during the "Enroll with User Affinity" flow when the "Select where users must authenticate" setting is set to "Setup Assistant" and "Install Company Portal" is set to "No". Previously, if you set the “Install Company Portal” to “No” as part of your configuration, users could still install the Company Portal app from the store which would then trigger enrollment where the user would add in the appropriate serial number. With this upcoming Company Portal release, we’ll be removing that serial number confirmation screen. Instead, you’ll want to create a corresponding app configuration policy to send down alongside the Company Portal to ensure that users can successfully enroll, or set the “Install Company Portal” to “Yes” as part of your configuration.

 

How does this affect me? 

Our telemetry indicates you’ve got iOS/iPadOS devices enrolled with Apple’s Automated Device Enrollment.

 

If you have set the "Select where users must authenticate" authentication option to "Company Portal" and have set the “Install Company Portal” to “Yes”, then this does not affect you, as the appropriate Company Portal app is on the device.


If you have set the “Select where users must authenticate” authentication option to “Setup Assistant”, this affects you:

 

Photo01.png

 

If you have set the “Install Company Portal” to “No”, then be aware that devices will be unable to complete enrollment unless you have created a corresponding configuration policy to assign the serial number through XML. Existing enrolled devices will not be affected by this change if your end user has already opened the Company Portal and gone through the serial number flow or if you already have a corresponding configuration policy created. If the device is already enrolled, but the Company Portal hasn’t been opened, then you will also need the corresponding configuration policy.

 

Photo02.png

 

Note: That macOS devices are not affected; this just affects iOS/iPadOS devices enrolled through Apple’s Automated Device Enrollment.

 

What do I need to do? 

Check your settings for Automated Device Enrollment. If you currently have the “Install Company Portal” set to “No”, we recommend you update it to “Yes”, or as a workaround for this upcoming change, create the configuration profile as documented. We recommend for all future Automated Device Enrollment profiles that you say “Yes” to “Install the Company Portal” from the profile create page since it will have the correct app configuration policy applied. Update your end user guidance and notify your helpdesk.

 

These are the enrollment screens we are referring to that are being removed:

ADE iPadOS.png

 

As always let us know if you have any questions or concerns on this customer-requested change!

Blog post updates:

  • 6/3/20: With an update and a screenshot to clarify the "Select where users must authenticate" Setup Assistant and Company Portal scenarios.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.