This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 6%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECZ%3C/text%3E%3C/svg%3E)
For some context, I created a conditional access rule that will block any non registered device from accessing O365 content within our tenant. All users have been assigned an IPhone, and enrolled as corporate devices with Intune.
The Devices all show up in both Intune and Entra, however only a few phones are showing as "registered" to users. The enrollment profile forces company portal to install, and I've even tested some users trying to disconnect and re login with company portal. Still, only a few users are showing registered.
Is there something I'm missing with device enrollment that restricting users to register the devices to their profile?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 76%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
Hi Coltin Zielke,
Thank you for reaching out to us on the Microsoft Q&A forum.
This topic is currently not supported in the Q&A forums.
I recommend initiating a new discussion through the Microsoft Intune admin center
Moderators are readily available there to assist you and provide guidance.
Please don't forget to Accept helpful answer and close this thread.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 61%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXM%3C/text%3E%3C/svg%3E)
@Coltin Zielke Thanks for posting in our Q&A. From your description, did you mean that the registered device can't access O365 content because of this conditional access policy? If there is anything misunderstanding, please correct me.
To clarify this issue, we appreciate your help to collect some information:
1.Did this registered device exist in intune portal? And it shows compliant?
2.Did you select "Require device to be marked as compliant" under Grant in this conditional access policy?
If there is anything update, feel free to let us know.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
@Coltin Zielke We haven't heard back from you. Could you please provide an update on your issue? Then we will continue to discuss this issue
The conditional access policy is not part of the problem unfortunately. The Problem is devices are not showing as registered devices in intune, or entra ID. They are enrolled by users as corporate devices, and show the users as primary users. However, only a few devices will actually show as entra ID registered. All devices were enrolled with intune in the same manner, but not all will register with Entra.
@Coltin Zielke It's strange. Based on my experience, if the device is enrolled to intune, it will also be registered to Entra ID. Could you please tell us how did you enroll your iPhones?
Yes, they were enrolled as corporate owned devices. They are IOS devices, so we added them via Apple business manager MDM server to Intune. The enrollment profile is set to Enroll with user affinity.