We've just set up a pilot for Jamf Setup Single logon and are also experiencing this, I've reached out to Jamf for support to confirm this:
Requirements
While the Shared Device Mode for Azure SSO Extension for iOS is in preview, a user with Global Device Administrator rights in Microsoft Azure must open Microsoft Authenticator and sign in on each client device. This will activate "Shared Device Mode" on the iOS device.
Agreed, very problematic. We have an open support case as well.
I didn't think this was a requirement anymore. Doesn't deploying Authenticator in Shared Device Mode resolve this?
I didn't think this was a requirement anymore. Doesn't deploying Authenticator in Shared Device Mode resolve this?
No, it still requires a cloud device administrator to launch the authenticator app and register the device manually.
I just found this setting.
However it still doesnt resolve the registration requirements.
Microsoft Enterprise SSO plug-in for Apple devices - Microsoft identity platform | Microsoft Learn
Configure Microsoft Entra device registration
For Intune-managed devices, the Microsoft Enterprise SSO plug-in can perform Microsoft Entra device registration when a user is trying to access resources. This enables a more streamlined end-user experience.
Use the following configuration to enable Just in Time Registration for iOS/iPadOS with Microsoft Intune:
- Key: device_registration
- Type: String
- Value: {{DEVICEREGISTRATION}}
Learn more about Just in Time Registration here.
