Forum Discussion
Intune - Issues with Account-Driven User Enrollment Issues on iOS 18.5
Hello everyone,
Since the release of iOS 18, Apple has deprecated profile-based user enrollment via the Company Portal app, requiring the use of Account-Driven User Enrollment. While this change enhances user experience, I'm encountering challenges in implementing it.
Steps Taken:
- Apple Business Manager (ABM) Account:
Created and linked the ABM account to Intune using the token. Corporate devices are successfully appearing in Intune. - MDM Server Configuration:
Set Intune as the default MDM server for all devices in ABM. - Domain Federation:
Established Entra ID federation in ABM to synchronize all users. - Intune Enrollment Profile:
Created an 'Enrollment Type Profile' of type 'Account-Driven User Enrollment.' - MDM Push Certificate:
Configured and validated the MDM Push certificate.
Issue Encountered:
According to https://support.apple.com/guide/deployment/account-driven-enrollment-methods-dep4d9e9cd26/web, starting with iOS 18.2, hosting a service discovery file on a web server is no longer mandatory. The device should automatically contact the ABM organization associated with the Managed Apple ID if no web server is found.
On an iOS 18.5 device, I navigate to: Settings > General > VPN & Device Management > Sign in to Work or School Account
After entering my Microsoft email address (which matches my Managed Apple ID due to federation), I consistently receive the error: "Your Apple ID does not support the expected services on this device."
In ABM, under "Access Management" > "Apple Services," all services are activated.
Could I be missing a crucial step in the configuration? Any guidance or insights would be greatly appreciated.
Thank you in advance for your help.
Best regards,
6 Replies
- GriJCopper Contributor
Maybe Web Based device enrollment helps?
- GriJCopper Contributor
https://learn.microsoft.com/en-us/intune/intune-service/enrollment/web-based-device-enrollment-ios
Have you tried Web based device enrollment?
- GriJCopper Contributor
Hello,
if i understood it right you have BYOD. Have you tried Web base device enrollment?
https://learn.microsoft.com/en-us/intune/intune-service/enrollment/web-based-device-enrollment-ios
- GriJCopper Contributor
Hello,
its not clear if you have BYOD or company phones. It looks like BYOD.
Have you ever tested "Web based enrollment"? It works fine for me.BR
- JulienSenecCopper Contributor
The problem is that I'd like to make a separation between work and personal profiles, which only this type of wrapping allows for BYOD.
- GriJCopper Contributor
Hello,
now i understand. Have you tried a different federated user? Maybe you see some Logs in Intune or AMB with failed authentication.