This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 27%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFC%3C/text%3E%3C/svg%3E)
Hi all,
I am not expert about Intune and I have a doubt.
After different attempts, we enrolled iPhone inside Microsoft Intune MDM using Zero Touch Enrollment with success.
After zero touch enrollment, I would deploy iOS apps like MS Outlook, MS Teams, Google Maps etc...
I tried to deploy iOS Apps and Intune worked fine.
Should I deploy "Intune Company Portal" app (link here: https://apps.apple.com/us/app/intune-company-portal/id719171358) too?
Is it really necessary?
I would avoid to deploy worthless Apps on company mobile phones.
I noted that in Devices > iOS/iPad OS > Enrollment program tokens there is MDM enrollment profile.
Inside this profile, "Install Company Portal" option is enabled (values is "YES").
This option isn't a mandatory option.
For example I noted, during MS Outlook configuration on company mobile iPhone, that employee need to configure "Intune Company Portal" app too,
otherwise they can not configure and run MS Outlook properly!
In my case, iPhone devices are going to be fully managed by Intune MDM.
I know that I can partially manage iPhone devices using "Intune Company Portal", but it isn't company goal.
Company need to manage at all mobile phones using Intune profile configuration after zero touch enrollment.
Thanks for your help!
Federico
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Federico Coppola , From your description, it seems we enroll iOS devices into Intune by using Apple's Automated Device Enrollment. If there's any misunderstanding, please let us know.
https://learn.microsoft.com/en-us/mem/intune/enrollment/device-enrollment-program-enroll-ios
For corporate devices we usually don't assign the Company Portal app from the app store directly on ADE-enrolled devices. But we provision it through ADE as an VPP app so it will be installed after default iOS configuration. We can see more details in the following link:
https://learn.microsoft.com/en-us/mem/intune/fundamentals/deployment-guide-enrollment-ios-ipados#ade-administrator-tasks
From my point of view, Microsoft Intune Company Portal is needed. We can deploy it as an VPP app.
Hope it can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hello,
Yes we are using Apple's Automated Device Enrollment.
We register devices on Apple Business Manager and InTune via Apple Configurator 2.
For corporate devices we usually don't assign the Company Portal app from >the app store directly on ADE-enrolled devices
Good to know. I already downloaded other apps using VPP as MS Outlook.
After that, inside suggested documentation web pages, is written:
ADE enrollments aren't compatible with the App Store version of the Company Portal app. You can give users access to the Company Portal app on an ADE device. You might want to provide this access for one of the following reasons:
To let users choose which corporate apps they want to use on their devices
To use modern authentication to complete the enrollment process
To provide a staged enrollment in which the device is enrolled and receives device policies before users authenticate in Company Portal
In my case, we try to deploy iPhone mobiles using ADE enrolling without modern authentication and we are using staged enrollment.
Does mobile ADE-enrolled, download and apply APP profile configuration and iOS configuration without Company Portal?
Thanks
Federico
@Federico Coppola , From your description, it seems you are enrolling devices with Setup Assistant. If there's any misunderstanding, please let me know.
https://learn.microsoft.com/en-us/mem/intune/enrollment/apple-configurator-enroll-ios#enroll-devices-with-setup-assistant
If we do not want to register devices in Azure AD, then we don't need to install the Company Portal app. Keep using the Setup Assistant, If we want devices registered in Azure AD, then installing the Company Portal app is needed.
Hope it can help.
@Federico Coppola ,, Hope things are going well. If there's anything else we can help, feel free to let us know.