![]() If you want devices registered in Microsoft Entra ID, then install the Company Portal app. If it's acceptable to not register devices in Microsoft Entra ID, then you don't need to install the Company Portal app. Setup Assistant (legacy) authenticates the user with the Apple. ![]() You don't want to register devices in Microsoft Entra ID. You don't want to use modern authentication features, such as MFA. Select the Setup Assistant (legacy) when: ![]() Then, the device is unlocked, and users can use it. After it installs, users sign in to the Company Portal app with their organization Microsoft Entra account. You want to lock the device until the Company Portal app installs.If your company uses the Volume Purchase Program (VPP), you can automatically install Company Portal app during enrollment without user Apple IDs. You want to automatically install the Company Portal app during enrollment.When they're registered, you can use features available with Microsoft Entra ID, such as conditional access. You want devices registered in Microsoft Entra ID.You want to prompt users to reset their expired passwords during enrollment.You want to prompt users to update their expired password when they first sign in.You want to use multi-factor authentication (MFA). ![]() Using the Company Portal app or Setup Assistant with modern authentication is considered modern authentication. Make this decision before you create the enrollment profile. For more information, see Get an Apple MDM push certificate.ĭecide how users will authenticate on their devices: the Company Portal app, Setup Assistant (legacy), or Setup Assistant with modern authentication. This certificate is required to enroll iOS/iPadOS devices. For more specific information, see Get an Apple ADE token.īe sure the Apple MDM push certificate is added to Intune, and is active. Need access to the Apple Business Manager (ABM) portal, or the Apple School Manager (ASM) portal.īe sure the Apple token (.p7m) is active. For more specific information, see Apple Business Manager enrollment or Apple School Manager enrollment. You use the device enrollment manager (DEM) account. Since these devices are organization-owned, we recommend enrolling in Intune. Or, you can use MAM to manage specifics apps on the device. ❌ To be fully managed by Intune, users must unenroll from the current MDM provider, and then enroll in Intune. ❌ Existing devices should be enrolled using Apple Configurator (in this article).ĭevices are managed by another MDM provider. Applications on BYOD or personal devices can be managed using MAM (opens another Microsoft article), or User and Device enrollment (in this article). Need to enroll a few devices, or a large number of devices (bulk enrollment).ĭevices are associated with a single user.ĭevices are user-less, such as kiosk or dedicated device. ✔️ Supervised mode deploys software updates, restricts features, allows and blocks apps, and more.ĭevices are owned by the organization or school.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |