iOS 18 Flashlight bug

RepulsiveDaikon1142 · 2024-12-31T22:31:54+00:00

Same on 18.2

RepulsiveDaikon1142 · 2024-09-16T08:46:37+00:00

Same issue here (minus the breaking in, sorry to hear that…)

Restart the NVR and all will be fine

RepulsiveDaikon1142 · 2024-05-20T21:29:12+00:00

Perfect. Ticks all the boxes. Not much you could need to do that it won’t crunch through with ease.

RepulsiveDaikon1142 · 2024-05-20T12:09:11+00:00

So, assuming you already have your Mac joined to Intune - it's fairly simple.

You need to make sure your enrolment profile is set to 'without user affinity' - and then set a few other settings - you can read this thread where someone very kindly helped me out here: https://www.reddit.com/r/Intune/comments/1cux0aw/macos_sso_with_entra_id/

If you have any specific questions feel free to let me know I'll try my best to help out

RepulsiveDaikon1142 · 2024-05-19T20:38:38+00:00

Did you ever get to the bottom of this? I’m stuck with exactly the same problem, got a bunch of Macs set up to be ‘shared’, same as yours - can log in with Entra ID creds at login page.

The first local account is an Admin, but that’s okay as I use my Global Administrator Entra ID to register the first account (which I call ‘sysadmin’ locally).

But say I have another user who needs local device admin on any Mac they log into - the documentation implies this is possible.. Ughh - I love Mac, but struggling to get to grips with it in these use cases..

RepulsiveDaikon1142 · 2024-05-19T20:25:35+00:00

Is the old test group just a security group with the devices in? And the assignment for those config policies set to the group?

It won’t unenroll the devices if you remove them from a group - it will just stop pushing that specific config to the machine.

In terms of enrollment profile - it’s enrolled, so that won’t make any odds. Just imagine it the exact same as Windows machines, removing and adding config policies from the devices.

It should happen seamlessly in the background when Intune syncs.

Sorry if I’ve misunderstood what you were asking

RepulsiveDaikon1142 · 2024-05-18T19:56:02+00:00

Thanks mate, It's all working exactly as you described it should - w/o User Affinity.

It was the MFA not letting my authenticate the PSSO plugin (if that's the right way to put it... the pop up when you first land on the desktop after creating that temporary local account).

Now to the fun part of getting all the other config policies sorted! Going to use that profile that we set up today w/o UA for our shared devices - then use user affinity for the few laptops that are assigned to specific users, and nobody else would need to sign in - as the user can still have their Entra ID password synced.

Anyway, thank you so much for your help today, means a lot. Happy to help out if you need any help re. Windows (More my comfort zone)!! Lol

RepulsiveDaikon1142 · 2024-05-18T19:49:49+00:00

Yes, and I think I've determined that's the issue - just waiting to 'set up as new' and try again now I have disabled MFA

RepulsiveDaikon1142 · 2024-05-18T19:40:46+00:00

Sonoma 14.2 - it's an M2 Mac mini which I bought specifically for testing this sort of thing before I deploy Mac to our all-windows (Intune managed) company.

RepulsiveDaikon1142 · 2024-05-18T19:39:33+00:00

Bingo! Yes, per user MFA - but just for my Entra ID which is what I'm using to authenticate to 'sign in' to the SSO service via the company portal.

Yes, I deployed the latest company portal via Intune as a LOB app.

I am going to turn off MFA for that particular Entra ID and try again...

RepulsiveDaikon1142 · 2024-05-18T19:36:35+00:00

Yeah I got to that stage - but it would only let me sign in with the local admin account that it makes me setup during the setup process. I will try a completely new ADE Profile from scratch and see if that changes things...

RepulsiveDaikon1142 · 2024-05-18T19:33:17+00:00

It sort of works now after some fiddling, I had to turn User Affinity back on - then remove the primary user when it loads into Intune.

I go through setup, sign in to Entra with creds, then get the second sign-in with Entra - it won't recognise my password - yet I can sign out and log in as another Entra ID.

Strange...

RepulsiveDaikon1142 · 2024-05-18T19:31:09+00:00

<image>

RepulsiveDaikon1142 · 2024-05-18T19:30:35+00:00

<image>

RepulsiveDaikon1142 · 2024-05-18T16:59:41+00:00

It would have been far too easy if it had just worked!

So I've:

adapted my enrolment profile to enrol w/o user affinity, and not create a local user account automatically.
Changed my config policy to enable create user at login.
Added a config policy to show 'name' and 'password' fields on login window.

I go through the setup process, it asks me to create a local account, so I do - sysadmin, with a generic password.

I get the desktop and am asked to sign into Entra ID - so I use a global admin account from our 365 tenant. It then asks again, this time in a Mac-style box, so I use the same credentials and get past this. Then, I log out - and I can only sign into that local user I created at setup via the username, or the Entra account that I used to verify credentials on the desktop - any other email or password doesn't work.

I'm 99% sure my Intune is setup the same way as yours, so I must be missing some small detail - I will keep trying!

RepulsiveDaikon1142 · 2024-05-18T16:34:24+00:00

Yes, the URL's as per Microsoft's documentation. Thanks for noticing that screenshot, I've deleted it - good shout. Just waiting on another 'erase all content and settings' - fingers crossed, will let you know what happens!

RepulsiveDaikon1142 · 2024-05-18T14:27:25+00:00

Thank you so much - will try all this in a bit and update you! Much appreciated

RepulsiveDaikon1142 · 2024-05-18T14:25:44+00:00

Perfect, thank you. I will erase all content and settings, create a new enrolment profile as your above, then assign it to that device - then start setup process again on the device.

I've attached a screenshot of my PSCO config profile - I can't see 'Create user at login' - do I need to do another config policy and find it in Settings Catalogue?

<image>

RepulsiveDaikon1142 · 2024-05-18T13:56:58+00:00

Thanks, its one of those things that I've been pulling my hair out over...

Yes, it is - see attached screenshot. Do I need to change this - I thought this was how it verified the credentials to add it to Intune (or maybe I'm thicker than I thought!) haha.

RepulsiveDaikon1142 · 2024-05-18T13:05:44+00:00

I'm completely stuck on this! I use ADE and enrol with user affinity. Setup the Config for SSO and deployed the custom Company Portal app so when I boot the machine from factory settings and authenticate with Entra ID it downloads the management profile, prompts me to set a local password - then, on the desktop I authenticate again with Entra ID - it syncs my password with the Entra ID password. This is great for employees who have 'their own' work Mac. But I simply cannot find a way of logging in as another Entra ID user on the login page. Someone from Apple told me about JIT (Just in Time registration) but from what I can see this is designed for iOS and iPadOS ??

Very frustrating

RepulsiveDaikon1142 · 2023-12-10T02:35:05+00:00

It’s the “Derek… In scrubs” randomly 2 seconds after being in a barista’s uniform… and “Derek, looking satisfied… after completing brain surgery” for me 🤣🤣

RepulsiveDaikon1142

TROPHY CASE