Intune - Issues with Account-Driven User Enrollment Issues on iOS 18.5
Hello everyone, Since the release of iOS 18, Apple has deprecated profile-based user enrollment via the Company Portal app, requiring the use of Account-Driven User Enrollment. While this change enhances user experience, I'm encountering challenges in implementing it. Steps Taken: Apple Business Manager (ABM) Account: Created and linked the ABM account to Intune using the token. Corporate devices are successfully appearing in Intune. MDM Server Configuration: Set Intune as the default MDM server for all devices in ABM. Domain Federation: Established Entra ID federation in ABM to synchronize all users. Intune Enrollment Profile: Created an 'Enrollment Type Profile' of type 'Account-Driven User Enrollment.' MDM Push Certificate: Configured and validated the MDM Push certificate. Issue Encountered: According to https://support.apple.com/guide/deployment/account-driven-enrollment-methods-dep4d9e9cd26/web, starting with iOS 18.2, hosting a service discovery file on a web server is no longer mandatory. The device should automatically contact the ABM organization associated with the Managed Apple ID if no web server is found. On an iOS 18.5 device, I navigate to: Settings > General > VPN & Device Management > Sign in to Work or School Account After entering my Microsoft email address (which matches my Managed Apple ID due to federation), I consistently receive the error: "Your Apple ID does not support the expected services on this device." In ABM, under "Access Management" > "Apple Services," all services are activated. Could I be missing a crucial step in the configuration? Any guidance or insights would be greatly appreciated. Thank you in advance for your help. Best regards,
Intune MAM - Restrict Application Access to Specific Biometric Profiles
We want our employees to be able to restrict access to company apps on private devices to only specific biometric profiles on the devices. If needed: Are you working together with Apple to make this possible? (e.g. via tiered device control levels / admin password in iOS)
Make Required applications visible in Intune Company Portal on iOS
Hi everyone, I'm new to Intune and have a question. Is it possible to make required applications visible in the Intune Company Portal on iOS (supervised devices)? Currently, only "available" apps are shown. This would be really helpful because if a user deletes a required app, the automatic re-installation can sometimes take a long time. Thanks!
Mobile keyboard issue: "Your organizations data cannot be pasted here" - Intune App Protection
I have an ongoing issue where I've setup an Intune app protection policy for unmanaged devices to restrict the ability to copy company data outside of company managed apps into personal apps. Whilst this feature works in respect to managed apps and non-managed apps, there is a UI issue on both Android and iOS where the keyboard clipboard shows straight after you copy text in a managed app: "Your organizations data cannot be pasted here". How do you stop this annoying popup that seems to relate to mobile keyboard clipboards? It's an annoying issue as users think they can't copy/paste between work apps. We have to tell them every time that if they just press down on screen then press paste, it pastes correctly. Example of our iOS policy is per below. Please help! There is also a good post here on it, will nil reply: Issue with Copy/Paste Restriction in Intune MDM on... - Android Enterprise Customer Community - 8637iOS 18.2 Configuration - App Store (settings) disappears in iOS settings
Hello, in our compandy we deploy our iOS devices using a device restrictions configuration in Intune. We have app store blocked, but until iOS 18.2 , the option of the settings for the app store was still available in the iOS settings. Now the app store disappers (on a private iPhone the app store moved under Apps). Unfortunately we need this option to configure the automatic downloads option via mobile network (and not asked for Apps over 200MB). Are there changes we can make that block the app store, yet still allow automatic updates over cellular data for managed apps? Thank you.Required and Available Apps visibility in ICP
Hi everyone, I'm new to Intune and have a question. Is it possible to make required applications visible in the Intune Company Portal on iOS (supervised devices)? Currently, only "available" apps are shown. This would be really helpful because if a user deletes a required app, the automatic re-installation can sometimes take a long time. Thanks!
iOS Intune Keychain
Hi, I have an iOS app that is distributed through Intune MDM. The app performs Microsoft login in a WebView, where the user certificate installed on the device (in the Keychain) is required. When I try to retrieve the certificate in code, I cannot access it because, by default, Apple does not allow third-party apps to retrieve certificates. What can I do? Is there a specific configuration to set up in Intune? Do I need to use the Intune SDK? Thank you.
Sync GAL to Android & IOS devicees
Hi. Does anyone have a working way of synchronizing the GAL to IOS and Android devices' native contacts app? We are using intune, and i have tried with the app protection and app configuration policies, and with device configuration, and none of them give me the wanted result. I can manage to the the Sync turned on, and manually from the outlook app select single users to sync, which works - but not the entire GAL automaticlly..... I know there is alot of licensed 3. party software that can do this - i'm hoping someone here has an intune native solution to the issue..
