Forum Discussion

JulienSenec's avatar
JulienSenec
Copper Contributor
Jul 10, 2025

Intune - Issues with Account-Driven User Enrollment Issues on iOS 18.5

Hello everyone,

Since the release of iOS 18, Apple has deprecated profile-based user enrollment via the Company Portal app, requiring the use of Account-Driven User Enrollment. While this change enhances user experience, I'm encountering challenges in implementing it.

Steps Taken:

  1. Apple Business Manager (ABM) Account: 
    Created and linked the ABM account to Intune using the token. Corporate devices are successfully appearing in Intune.
  2. MDM Server Configuration:
    Set Intune as the default MDM server for all devices in ABM.
  3. Domain Federation:
    Established Entra ID federation in ABM to synchronize all users.
  4. Intune Enrollment Profile:
    Created an 'Enrollment Type Profile' of type 'Account-Driven User Enrollment.'
  5. MDM Push Certificate:
    Configured and validated the MDM Push certificate.

Issue Encountered:

According to https://support.apple.com/guide/deployment/account-driven-enrollment-methods-dep4d9e9cd26/web, starting with iOS 18.2, hosting a service discovery file on a web server is no longer mandatory. The device should automatically contact the ABM organization associated with the Managed Apple ID if no web server is found.

On an iOS 18.5 device, I navigate to: Settings > General > VPN & Device Management > Sign in to Work or School Account

After entering my Microsoft email address (which matches my Managed Apple ID due to federation), I consistently receive the error: "Your Apple ID does not support the expected services on this device."

In ABM, under "Access Management" > "Apple Services," all services are activated.

Could I be missing a crucial step in the configuration? Any guidance or insights would be greatly appreciated.

Thank you in advance for your help.

Best regards,

6 Replies

  • GriJ's avatar
    GriJ
    Copper Contributor

    Maybe Web Based device enrollment helps?

     

     

  • GriJ's avatar
    GriJ
    Copper Contributor

    https://learn.microsoft.com/en-us/intune/intune-service/enrollment/web-based-device-enrollment-ios

    Have you tried Web based device enrollment?

  • GriJ's avatar
    GriJ
    Copper Contributor

    Hello,

    if i understood it right you have BYOD. Have you tried Web base device enrollment?

     

    https://learn.microsoft.com/en-us/intune/intune-service/enrollment/web-based-device-enrollment-ios

  • GriJ's avatar
    GriJ
    Copper Contributor

    Hello,

    its not clear if you have BYOD or company phones. It looks like BYOD.

    Have you ever tested "Web based enrollment"? It works fine for me.

     

    BR

     

    • JulienSenec's avatar
      JulienSenec
      Copper Contributor

      The problem is that I'd like to make a separation between work and personal profiles, which only this type of wrapping allows for BYOD.

      • GriJ's avatar
        GriJ
        Copper Contributor

        Hello,

        now i understand. Have you tried a different federated user? Maybe you see some Logs in Intune or AMB with failed authentication. 

Resources