Apple's Automated Device Enrollment (ADE) setup assistant with modern authentication replaces the outdated ADE enrollment flow and requires authentication prior to ADE enrollment. Modern Auth is now an OS-provided WebView, and therefore, is more reliable, consistent, and stable than the same authentication method used for Company Portal - running the portal as a single app until authentication has been completed.
Setup Assistant with modern authentication is an authentication method you can select when creating an ADE enrollment profile. When using ADE, you can require authentication via Azure Active Directory (Azure AD) during the out-of-the-box experience (OOBE) during Setup Assistant enrollment before users are allowed access to the home screen. Depending on the settings in your Conditional Access policy, you can require multi-factor authentication (MFA) as well.
The user still must log in to Company Portal post enrollment to gain access to Conditional Access resources, but, the device is immediately registered to the user, so apps and configurations assigned to that user flow down to the device before the user logs in. There are many users who are confused about why they have to open an app and sign in before they can use their apps. It is important to keep in mind, however, that Azure AD registration will not be completed until the Company Portal is signed in.
1) To enable and test out this new authentication method, you can set your Authentication Method to Setup Assistant with modern authentication in your test Enrolment Profile in the Devices > Enrollment program tokens section in the Microsoft Endpoint Manager portal.
2) On the {YourEnrollmentToken} | Profiles page, click Create profile > iOS/iPadOS to open the Create profile wizard
3) On the Basics page, provide the following information and click Next
4) On the Management Settings, select Authentication method as Setup Assistant with modern Authentication
An enrollment experience for the Setup Assistant that uses modern authentication
1) When setting up Corp DEP device, the device receives Remote management profile > followed by Microsoft authentication
2) Apps and profiles will be downloaded to the device while the Company Portal apps are installed automatically (via VPP).
3) Complete the enrollment process with company portal
Comments