question

FedericoCoppola-2569 avatar image
0 Votes"
FedericoCoppola-2569 asked Crystal-MSFT commented

Should I deploy Intune company portal app using iOS Intune MDM?

Hi all,
I am not expert about Intune and I have a doubt.

After different attempts, we enrolled iPhone inside Microsoft Intune MDM using Zero Touch Enrollment with success.
After zero touch enrollment, I would deploy iOS apps like MS Outlook, MS Teams, Google Maps etc...
I tried to deploy iOS Apps and Intune worked fine.

Should I deploy "Intune Company Portal" app (link here: https://apps.apple.com/us/app/intune-company-portal/id719171358) too?
Is it really necessary?
I would avoid to deploy worthless Apps on company mobile phones.
I noted that in Devices > iOS/iPad OS > Enrollment program tokens there is MDM enrollment profile.
Inside this profile, "Install Company Portal" option is enabled (values is "YES").
This option isn't a mandatory option.

For example I noted, during MS Outlook configuration on company mobile iPhone, that employee need to configure "Intune Company Portal" app too,
otherwise they can not configure and run MS Outlook properly!

In my case, iPhone devices are going to be fully managed by Intune MDM.
I know that I can partially manage iPhone devices using "Intune Company Portal", but it isn't company goal.
Company need to manage at all mobile phones using Intune profile configuration after zero touch enrollment.


Thanks for your help!
Federico

mem-intune-generalmem-intune-enrollment
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Crystal-MSFT avatar image
1 Vote"
Crystal-MSFT answered Crystal-MSFT edited

@FedericoCoppola-2569, From your description, it seems we enroll iOS devices into Intune by using Apple's Automated Device Enrollment. If there's any misunderstanding, please let us know.
https://docs.microsoft.com/en-us/mem/intune/enrollment/device-enrollment-program-enroll-ios

For corporate devices we usually don't assign the Company Portal app from the app store directly on ADE-enrolled devices. But we provision it through ADE as an VPP app so it will be installed after default iOS configuration. We can see more details in the following link:
https://docs.microsoft.com/en-us/mem/intune/fundamentals/deployment-guide-enrollment-ios-ipados#ade-administrator-tasks

From my point of view, Microsoft Intune Company Portal is needed. We can deploy it as an VPP app.

Hope it can help.


If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FedericoCoppola-2569 avatar image
0 Votes"
FedericoCoppola-2569 answered Crystal-MSFT commented

Hello,
Yes we are using Apple's Automated Device Enrollment.
We register devices on Apple Business Manager and InTune via Apple Configurator 2.

For corporate devices we usually don't assign the Company Portal app from >the app store directly on ADE-enrolled devices

Good to know. I already downloaded other apps using VPP as MS Outlook.

After that, inside suggested documentation web pages, is written:

ADE enrollments aren't compatible with the App Store version of the Company Portal app. You can give users access to the Company Portal app on an ADE device. You might want to provide this access for one of the following reasons:

To let users choose which corporate apps they want to use on their devices
To use modern authentication to complete the enrollment process
To provide a staged enrollment in which the device is enrolled and receives device policies before users authenticate in Company Portal

In my case, we try to deploy iPhone mobiles using ADE enrolling without modern authentication and we are using staged enrollment.

Does mobile ADE-enrolled, download and apply APP profile configuration and iOS configuration without Company Portal?

Thanks
Federico

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@FedericoCoppola-2569, From your description, it seems you are enrolling devices with Setup Assistant. If there's any misunderstanding, please let me know.
https://docs.microsoft.com/en-us/mem/intune/enrollment/apple-configurator-enroll-ios#enroll-devices-with-setup-assistant

If we do not want to register devices in Azure AD, then we don't need to install the Company Portal app. Keep using the Setup Assistant, If we want devices registered in Azure AD, then installing the Company Portal app is needed.

Hope it can help.

0 Votes 0 ·

@FedericoCoppola-2569,, Hope things are going well. If there's anything else we can help, feel free to let us know.

0 Votes 0 ·