locked
Apple Device enrollment with User Affinity - Do I need to have ADFS for this to work? RRS feed

  • Question

  • Hello Experts, Please see screenshot below for details. We just recently enabled Apple School Manager and InTune. I can see all of our Apple Devices in the InTune portal, so we are starting to enroll them and assign them a profile. My question is about apple device enrollment with user affinity. Referring to the guide @ https://docs.microsoft.com/en-us/intune/enrollment/device-enrollment-program-enroll-macos it mentions "If using ADFS, user affinity requires WS-Trust 1.3 Username/Mixed endpointLearn more." but we do not have ADFS or a federated identity service. Do we need this in order for InTune user affinity to work? I ask because when I setup the enrollment profile, one of the options is to enroll with or without user affinity, and it mentions that "authentication is required to enroll with user affinity" but I'm unclear what it means by authentication - does that mean the intune client authenticates to our server OR the user must authenticate somewhere, maybe using ADFS ?

    Tuesday, October 8, 2019 7:02 PM

Answers

  • Don’t worry. You can use User Affinity without ADFS. If you chose Enroll with User Affinity, you can let users authenticate with Company Portal instead of the Apple Setup Assistant.

    Note:

    If you want do any of the following, set Select where users must authenticate to Company Portal.

    • use multifactor authentication
    • prompt users who need to change their password when they first sign in
    • prompt users to reset their expired passwords during enrollment

    These aren't supported when authenticating with Apple Setup Assistant.

    Reference(iOS is similar with MacOS in enrollment): https://docs.microsoft.com/en-us/intune/enrollment/device-enrollment-program-enroll-ios

    Best regards,

    Cici Wu


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by tekknyne Wednesday, October 9, 2019 12:54 PM
    Wednesday, October 9, 2019 7:31 AM

All replies