We're trying to roll CA (conditional access) policies to our Mac users as part of a security initiative. We're noticing one small user experience issue that I'm wondering if anyone else has encountered/fixed.
Here's our repeatable process to break and then "fix" things.
1. Have user run through Intune enrollment in Self Service.
2. Launch a managed Microsoft application, like Skype for Business or Outlook.
3. Receive the "You can't get there from here" prompt from ADFS after authenticating ADFS prompt.
4. Reopen Company Portal, and sign-in
5. No more "You can't get there from here" prompt in S4B or Outlook.
I don't want an end user to need to re-open Company Portal after running through the Intune enrollment to become an Intune Compliant device. Another thing that I've seen to work is waiting an extended period of time (I let a computer patch when I left work last night, and when I came in this morning it was compliant).