Help

Setup and Entra requirement for device registration

SteveS
New Contributor III

Posted on ‎10-20-2023 09:44 AM

We have been using Jamf Setup with Entra SSO for a year now. Since the begining one of the first steps required is to log into Microsoft authenticator and register the device to the tenant using an account with cloud device administrator access.

 

At JNUC I asked one of the sessions and they thought that requirement has been removed. I look at the documentation but I am not seeing any configuration changes but any device we setup still requires that step. Can anyone point to what I need to change to no longer require that registration step?

4 REPLIES 4

juliej
New Contributor II

Posted on ‎12-13-2023 05:13 PM

We've just set up a pilot for Jamf Setup Single logon and are also experiencing this, I've reached out to Jamf for support to confirm this: 

 
Requirements
While the Shared Device Mode for Azure SSO Extension for iOS is in preview, a user with Global Device Administrator rights in Microsoft Azure must open Microsoft Authenticator and sign in on each client device. This will activate "Shared Device Mode" on the iOS device.
0 Kudos

birdsofafeather
New Contributor

Posted on ‎12-21-2023 02:59 PM

Agreed, very problematic. We have an open support case as well.

0 Kudos

mikegetchell
New Contributor III

Posted on ‎02-22-2024 09:30 AM

I didn't think this was a requirement anymore.  Doesn't deploying Authenticator in Shared Device Mode resolve this?

0 Kudos

SteveS
New Contributor III
In response to mikegetchell

3 weeks ago

No, it still requires a cloud device administrator to launch the authenticator app and register the device manually.

I just found this setting.
However it still doesnt resolve the registration requirements.

Microsoft Enterprise SSO plug-in for Apple devices - Microsoft identity platform | Microsoft Learn

Configure Microsoft Entra device registration

For Intune-managed devices, the Microsoft Enterprise SSO plug-in can perform Microsoft Entra device registration when a user is trying to access resources. This enables a more streamlined end-user experience.

Use the following configuration to enable Just in Time Registration for iOS/iPadOS with Microsoft Intune:

  • Key: device_registration
  • Type: String
  • Value: {{DEVICEREGISTRATION}}

Learn more about Just in Time Registration here.

0 Kudos