To authenticate users, Microsoft recommends using the Company Portal app or the Setup Assistant with modern authentication. You want users to use the device, even when the Company Portal app isn't installed.If your company uses the Volume Purchase Program (VPP), you can automatically install the Company Portal app during enrollment without user Apple IDs. You want to automatically install the Company Portal app during enrollment.Select the Setup Assistant with modern authentication when: We recommend installing the Company Portal app during enrollment. When you create the enrollment profile and select Setup Assistant (legacy), you can install the Company Portal app. If you want devices registered in Azure AD, then install the Company Portal app. If it's acceptable to not register devices in Azure AD, then you don't need to install the Company Portal app. Setup Assistant (legacy) authenticates the user with the Apple. You don't want to register devices in Azure AD. You don't want to use modern authentication features, such as MFA. Select the Setup Assistant (legacy) when: Then, the device is unlocked, and users can use it. After it installs, users sign in to the Company Portal app with their organization Azure AD account. You want to lock the device until the Company Portal app installs.If your company uses the Volume Purchase Program (VPP), you can automatically install Company Portal app during enrollment without user Apple IDs. When they're registered, you can use features available with Azure AD, such as conditional access. You want devices registered in Azure AD.You want to prompt users to reset their expired passwords during enrollment.You want to prompt users to update their expired password when they first sign in.You want to use multi-factor authentication (MFA). Using the Company Portal app or Setup Assistant with modern authentication is considered modern authentication. Make this decision before you create the enrollment profile. For more information, see Get an Apple MDM push certificate.ĭecide how users will authenticate on their devices: the Company Portal app, Setup Assistant (legacy), or Setup Assistant with modern authentication. This certificate is required to enroll iOS/iPadOS devices. For more specific information, see Get an Apple ADE token.īe sure the Apple MDM push certificate is added to Intune, and is active. Need access to the Apple Business Manager (ABM) portal, or the Apple School Manager (ASM) portal.īe sure the Apple token (.p7m) is active. For more specific information, see Apple Business Manager enrollment or Apple School Manager enrollment. You use the device enrollment manager (DEM) account. Since these devices are organization-owned, we recommend enrolling in Intune. Or, you can use MAM to manage specifics apps on the device. ❌ To be fully managed by Intune, users must unenroll from the current MDM provider, and then enroll in Intune. ❌ Existing devices should be enrolled using Apple Configurator (in this article).ĭevices are managed by another MDM provider. Applications on BYOD or personal devices can be managed using MAM (opens another Microsoft article), or User and Device enrollment (in this article). Need to enroll a few devices, or a large number of devices (bulk enrollment).ĭevices are associated with a single user.ĭevices are user-less, such as kiosk or dedicated device. ✔️ Supervised mode deploys software updates, restricts features, allows and blocks apps, and more.ĭevices are owned by the organization or school.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |