Got an question,
is there a way how to quickly get device restriction profile on the device after the device is enrolled with Intune.
We are using the enrolment with single app lock for Intune Company Portal, but when the user will register there is about 15 minutes delay (sometimes) to obtain restrictions profile, in that time user is able to log in with his Apple ID and even download some applications. Which is not a good behaviour when you are talking about secure company only device…
The scenario is DEP company owned device - that gets the restrictions immediately after user will enrol.
What is the app configured in single app, is it native or 3rd party, if its 3rd party until the app is downloaded it would not apply the restriction. Also, to note you may remove the unwanted apps assigned for this device/user to speed up the process.
I think this is currently a flaw with how Intune operates, I don’t really see how you can speed it up without Microsoft making changes to Intune/AAD.
Even if you remove user affinity and deploy policies to device directly it would take time to build a dynamic group to actually push these resources.
Yop, this is the outcome we expected. But I must say it is really disappointing one. Like 20 minutes in dependency how quick / slow the network is. It is really disappointing if you consider that the most needed profile for device to be considered secure waits such a long time to be delivered with you to have full control over it.
Sounds like iOS 13 will resolve this issue with changes to the setup assistant. Federated auth should be possible during the setup assistant in iOS 13 / iPadOS.
Good to know, do you have some article for this?
It was announced during WWDC 19 that you could customize the setup assistant in order to leverage federated auth.
This will allow for modern auth during the DEP setup