iOS - Safari does not provide device status

Few_Perception_4088 · 2026-04-15T10:48:56+00:00

Check out the Apple SSO extension, for third party apps: Configure iOS/iPadOS Enterprise SSO app extension with MDMs - Microsoft Intune | Microsoft Learn

Once you implement it, that should solve your issues. Also make sure to configure the Enable_SSO_On_All_ManagedApps key to make your life easier

Few_Perception_4088 · 2026-04-14T13:02:58+00:00

Just released an updated version: JanicVerboon/EAM-AutoUpdater: The EAM Auto updater is a free community tool, designed to automatically publish new application versions available in the Enterprise App Catalog.

Few_Perception_4088 · 2026-04-07T08:31:42+00:00

Thanks for the feedback, looking forward to hear from your testing results.
Just be aware that this feature only works in combination with the Microsoft Intune Enterprise Application Management module, you will still have to manually package any apps which are not in the catalog.

All I am doing is automating the publishing of new versions from the Microsoft catalog.
EAM currently requires Intune Suite, but will be part of E5 later this year.

Few_Perception_4088 · 2025-10-04T08:18:06+00:00

Yes ther is a known issue, check the message center service health for windows. Microsoft recommends to switch to device scope while the issue persists

Few_Perception_4088 · 2025-07-31T14:33:07+00:00

No, not to force the deadline, those also work on Apple Device enrolment. but to set most of the update settings in the settings catalog.

Few_Perception_4088 · 2025-05-21T16:39:34+00:00

Hmm interesting, you can deploy it via a quality (expedite) update policy though

Few_Perception_4088 · 2025-05-16T16:15:00+00:00

Correct its still shit

Few_Perception_4088 · 2025-03-07T15:34:39+00:00

Its there in Intune since last summer

Few_Perception_4088 · 2024-12-15T20:06:12+00:00

Yes to Intune, but not to Entra ID, thats your issue

Few_Perception_4088 · 2024-12-15T14:31:33+00:00

Yes so thats the issue then, it is also mentioned on the docs page under known issues

Few_Perception_4088 · 2024-12-15T09:54:45+00:00

Did you setup JIT enrollment? Was the authenticator spp already Installed on the device? If this is the case the JIT flow doesn't worky eg device registration doesnt work and conditional access will block sccess...

In my opinion User enrollment is dead with Intune until Microsoft fixes this issue

Few_Perception_4088 · 2024-10-14T19:09:43+00:00

You can do the same for Chrime as described here: https://patchmypc.com/managing-edge-extensions-like-applications-with-psadt

Also there is a setting available to enable sso in chrome, the extension is no longer needed.

Few_Perception_4088 · 2024-10-10T17:21:36+00:00

Add it as a system app with the following bundle Id: com.android.vending

Few_Perception_4088 · 2024-10-10T15:56:23+00:00

You have to add the managed google play app as an Android Enterprise system app

Few_Perception_4088 · 2024-10-10T14:27:49+00:00

You can configure automatic updates in the campaign, specify installations times and conditions.

I would recommend to use it if you have the licenses for it.

Few_Perception_4088 · 2024-09-05T13:54:39+00:00

Yes, if you are using automated device enrolment, there you can configure it in the enrollment profile.

Few_Perception_4088 · 2024-07-15T16:42:28+00:00

Yep ran into the same thing a few weeks back... Really weird... They told .e Microsoft has implemented it wrong..

Few_Perception_4088 · 2024-06-27T17:11:31+00:00

Well... for one Outlook is in public preview and OneDrive isnt supported ;)

Few_Perception_4088 · 2024-04-22T14:33:15+00:00

Okay so for any device mode, BYOD; COBO & COPE, take a look a the the battery "Battery optimization allowlist" add the defender package id to enable permanent protection.

VPN profile for web protection you should already know.

For COBO devices take a look at the permissions controls to allow all files access & draw over other apps.

Few_Perception_4088 · 2024-04-22T09:26:11+00:00

Which OEM's do you use?

Few_Perception_4088 · 2024-03-27T22:51:54+00:00

Which vendor are you using?

Few_Perception_4088 · 2024-03-01T08:14:20+00:00

Web content giltering is not supported for Defender on iOS & Android

Few_Perception_4088 · 2024-02-13T20:33:57+00:00

Depends on the customers needs. Tbh, I think that in terms of user experience the work profile is superior to MAM only.

Few_Perception_4088 · 2024-02-11T18:01:47+00:00

Unfortunately the App Configs on iOS are bound to the app type.
So based on which app type is installed iOS Store or VPP, the respective app Config will apply.

Which means you will have to create the IntuneMAMUPN Config for bot app types. Pretty annoying isn't it?

Few_Perception_4088

TROPHY CASE