Skip to main content
Question

Setup and Entra requirement for device registration

  • October 20, 2023
  • 4 replies
  • 114 views
SteveS
Forum|alt.badge.img+5

We have been using Jamf Setup with Entra SSO for a year now. Since the begining one of the first steps required is to log into Microsoft authenticator and register the device to the tenant using an account with cloud device administrator access.

 

At JNUC I asked one of the sessions and they thought that requirement has been removed. I look at the documentation but I am not seeing any configuration changes but any device we setup still requires that step. Can anyone point to what I need to change to no longer require that registration step?

    4 replies

    J
    Forum|alt.badge.img+1
    • juliej
    • New Contributor
    • 8 replies
    • December 14, 2023

    We've just set up a pilot for Jamf Setup Single logon and are also experiencing this, I've reached out to Jamf for support to confirm this: 

     
    Requirements
    While the Shared Device Mode for Azure SSO Extension for iOS is in preview, a user with Global Device Administrator rights in Microsoft Azure must open Microsoft Authenticator and sign in on each client device. This will activate "Shared Device Mode" on the iOS device.
    B
    Forum|alt.badge.img
    • birdsofafeather
    • New Contributor
    • 1 reply
    • December 21, 2023

    Agreed, very problematic. We have an open support case as well.

    M
    Forum|alt.badge.img+5
    • mikegetchell
    • Contributor
    • 10 replies
    • February 22, 2024

    I didn't think this was a requirement anymore.  Doesn't deploying Authenticator in Shared Device Mode resolve this?

    SteveS
    Forum|alt.badge.img+5
    • SteveS
    • Author
    • Contributor
    • 23 replies
    • September 12, 2024

    I didn't think this was a requirement anymore.  Doesn't deploying Authenticator in Shared Device Mode resolve this?


    No, it still requires a cloud device administrator to launch the authenticator app and register the device manually.

    I just found this setting.
    However it still doesnt resolve the registration requirements.

    Microsoft Enterprise SSO plug-in for Apple devices - Microsoft identity platform | Microsoft Learn

    Configure Microsoft Entra device registration

    For Intune-managed devices, the Microsoft Enterprise SSO plug-in can perform Microsoft Entra device registration when a user is trying to access resources. This enables a more streamlined end-user experience.

    Use the following configuration to enable Just in Time Registration for iOS/iPadOS with Microsoft Intune:

    • Key: device_registration
    • Type: String
    • Value: {{DEVICEREGISTRATION}}

    Learn more about Just in Time Registration here.


    Terms & ConditionsCookie settingsAccessibility statement