Microsoft streamlines just-in-time Apple device enrollment with Intune


Microsoft is launching Just-In-Time Registration for Setup Assistant with Modern Authentication for iOS and iPadOS devices that enroll through Apple’s Automated Device Enrollment.

According to a Microsoft blog, this is an improvement to the setup wizard with a modern authentication enrollment method, as it no longer requires the Company Portal app for Azure AD registration or compliance review.

Microsoft says that by removing the Company Portal requirement, it eliminated unnecessary steps, removed required app downloads that cannot be changed, and ended the switching between apps to make the device compliant. This is designed to streamline user flow.

With JIT registration, once the user completes registration during the setup wizard and lands on the welcome screen, user authentication can be performed in any Microsoft application Office to register the device with Azure AD and initiate compliance, according to Microsoft.

Compliance checks are built right into the Office app used for authentication, so the user doesn’t have to switch between multiple apps to understand the steps they need to take to become compliant, says the society.

Microsoft uses Apple’s Single Sign-On (SSO) extension feature to significantly reduce authentication prompts. The first authentication in the setup wizard completes enrollment and establishes user device affinity while the next authentication handles Azure AD enrollment in a pre-authorized Office application.

According to Microsoft, this ensures that SSO is fully established across the entire device. These authentications are all that is needed to fully enroll the corporate device with Intune, register it with Azure AD, and achieve on-device compliance with a fully integrated compliance experience directly in any which Office application.

Read the Microsoft blog on how to configure admin-side configuration for JIT logging for ADE, or watch this video.


About Author

Comments are closed.