I'm trying to get iOS User Enrollment to work with Intune. I have done the following:
- Created a Group for my pilot users
- Added an Apple MDM Push certificate
- Signed up for Apple Business Manager
- Connected ABM to Azure AD for Federated Authentication
- Created an Enrollment Type Profile in Intune that only allows User Enrollment, and assigned this profile to the pilot group. (It's the only iOS Enrollment Type Profile, so it's definitely got priority)
I have tested the enrollment process with two users on two devices. Here are the results:
Device #1:
Device has been in use by user for over a year. Installed Company Portal app. Signed in to MS account via Company Portal app. Agreed to download configuration profile. Activated configuration profile in Settings app. Asked to sign in to Managed Apple ID. Email field is greyed out and can't be changed, user must sign in with the same email address as their MS account. User enters same password as MS account. User informed that their credentials are incorrect.
Device #2:
Device has been factory reset due to exited employee. Set up as new device. Created new Apple ID. Installed Company Portal app. Signed in to MS account via Company Portal app. Agreed to download configuration profile. Activated configuration profile in Settings app. Agreed that company will have control over device. Device enrolled successfully.
But it appears to be Device Enrollment, not User Enrollment. The user was not asked to sign in to a Managed Apple ID. Tested by using "Wipe" function in Intune. Device fully factory reset, including personal data.
Does anyone have any suggestions of what I could be doing wrong?
