You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: memdocs/intune/fundamentals/deployment-guide-enrollment-ios-ipados.md
+12-11Lines changed: 12 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,7 +7,7 @@ keywords:
7
7
author: MandiOhlinger
8
8
ms.author: mandia
9
9
manager: dougeby
10
-
ms.date: 01/20/2022
10
+
ms.date: 01/25/2022
11
11
ms.topic: conceptual
12
12
ms.service: microsoft-intune
13
13
ms.subservice: enrollment
@@ -191,28 +191,29 @@ When you create an enrollment profile in the [Endpoint Manager admin center](htt
191
191
1. When the device is turned on, the Apple Setup Assistant runs. Users enter their Apple ID (`[email protected]` or `[email protected]`).
192
192
2. The Setup Assistant prompts the user for information, and enrolls the device in Intune. The device isn't registered in Azure AD.
193
193
194
-
-**Enroll with user affinity + Setup Assistant with modern authentication + Company Portal app**:
194
+
-**Enroll with user affinity + Setup Assistant with modern authentication**:
195
195
196
196
:::image type="content" source="./media/deployment-guide-enrollment-ios-ipados/ade-user-affinity-setup-assistant-modern-authentication.png" alt-text="In the Endpoint Manager admin center and Microsoft Intune, enroll iOS/iPadOS devices using automated device enrollment (ADE). Select enroll with user affinity, and use the Setup Assistant for authentication. The Company Portal app automatically installs.":::
When users enter their Azure AD credentials, the enrollment starts.
201
201
202
-
2. Setup Assistant prompts the user for additional information. When the home screen appears, setup is complete. The device is fully enrolled, and user device affinity is established. Users can use their devices and see your apps and policies on their devices. At this point, however, the device isn't fully registered with Azure AD.
203
-
3. The Company Portal app automatically installs. Users open the Company Portal app, and sign in with their work or school account (`[email protected]`) again.
204
-
4. Users complete registration in Company Portal, which fully registers the device with Azure AD. Users then gain access to corporate resources protected by conditional access policies.
202
+
2. Setup Assistant prompts the user for additional information. When the home screen appears, setup is complete. The device is fully enrolled, and user device affinity is established. Users can use their devices and see your apps and policies on their devices.
205
203
206
-
-**Enroll with user affinity + Setup Assistant with modern authentication - Company Portal app**:
204
+
At this point, the device isn't fully registered with Azure AD.
207
205
208
-
:::image type="content" source="./media/deployment-guide-enrollment-ios-ipados/ade-user-affinity-setup-assistant-modern-authentication.png" alt-text="In the Endpoint Manager admin center and Microsoft Intune, enroll iOS/iPadOS devices using automated device enrollment (ADE). Select enroll with user affinity and use the Setup Assistant for authentication. The Company Portal app automatically installs.":::
206
+
3. If you **Install Company Portal app with VPP** (recommended), then the Company Portal app automatically installs. Users open the Company Portal app, and sign in with their work or school account (`[email protected]`) again. They complete Azure AD registration in the Company Portal app, which fully registers the device with Azure AD. Users then gain access to corporate resources protected by conditional access policies.
209
207
210
-
1. When the device is turned on, the Apple Setup Assistant runs. Users enter their Apple ID (`[email protected]` or `[email protected]`) and their organization Azure AD credentials.
208
+
4. If you don't **Install Company Portal app with VPP**, and want to use the Company Portal app, then:
211
209
212
-
When users enter their Azure AD credentials, the enrollment starts.
210
+
1. Users sign in to the Apple app store with their Apple ID (`[email protected]` or `[email protected]`). When they sign in, the Company Portal app automatically installs.
211
+
212
+
This extra sign-in step slows the enrollment, especially if users don't sign in immediately.
213
+
214
+
If they don't sign in to the app store, then the Company Portal app doesn't install. If the app isn't installed, then users can't register the device in Azure AD. Since the device hasn't completed registration, the device shows as non-compliant in Azure AD. Any resources depending on conditional access aren't available.
213
215
214
-
2. The Setup Assistant prompts the user for additional information. When it completes, users can use the device. When the home screen shows, the enrollment is complete. Users will see your apps and policies on the device.
215
-
3. The Company Portal app automatically installs. Users don't need to open the Company Portal app, or sign in to the app. If they don't sign in, then the device isn't registered with Azure AD. The device is shown as non-compliant in Azure AD since it has not completed registration within the Company Portal. Any resources depending on conditional access aren't available.
216
+
2. Users open the Company Portal app, and sign in with their work or school account (`[email protected]`) again. They complete Azure AD registration in the Company Portal app, which fully registers the device with Azure AD. At the next check-in, users gain access to corporate resources protected by conditional access policies.
216
217
217
218
-**Enroll without user affinity**: No actions. Be sure they don't install the Company Portal app from the Apple app store.
0 commit comments