We have a Conditional Access policy configured which says that access to cloud apps is granted only to devices that are enrolled to our intune. The policy works correctly with users devices. Devices that is not enrolled to intune has no access to cloud apps like Teams is it.
I have a problem with shared ipad. We synchronize devices with ABM to our intune. In enrollment token I created a profile for shared ipad. In this profile, we configure option that the device name should be like xx-sharedipad-{{serial}}. The enrolment process itself is correct, the device is enroll to intune, the name is correct, the required applications are installed (Teams, Authenticator). All devices enroll with this profile is added do AAD dynamic group.
When a new user sign in to the device, everything seems to be correct, the iPad settings show the name according to the template configured in the enrollment profile for the shared iPad. The problem starts when the user wants to sign in to Teams, the device does not successfully pass the conditional access policy stating that only devices added to our intune can access cloud apps. In the sign in logs in AAD, I see that user tried to sign in to Teams, but in the device tab there is a completely different, new device. The new device has a totally random name, it is not added to intune, it appears in AAD only as Azure AD registered.
Have you encountered such a problem before?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 44%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
