Setup and Entra requirement for device registration

New Contributor III

We have been using Jamf Setup with Entra SSO for a year now. Since the begining one of the first steps required is to log into Microsoft authenticator and register the device to the tenant using an account with cloud device administrator access.


At JNUC I asked one of the sessions and they thought that requirement has been removed. I look at the documentation but I am not seeing any configuration changes but any device we setup still requires that step. Can anyone point to what I need to change to no longer require that registration step?


New Contributor II

We've just set up a pilot for Jamf Setup Single logon and are also experiencing this, I've reached out to Jamf for support to confirm this: 

While the Shared Device Mode for Azure SSO Extension for iOS is in preview, a user with Global Device Administrator rights in Microsoft Azure must open Microsoft Authenticator and sign in on each client device. This will activate "Shared Device Mode" on the iOS device.

New Contributor

Agreed, very problematic. We have an open support case as well.

New Contributor III

I didn't think this was a requirement anymore.  Doesn't deploying Authenticator in Shared Device Mode resolve this?