The hits keep rolling..
No RBAC support for managing the Company-owned node in SCCM. You have to be Full Administrator with no Scope limits.
No way to unassign a device from a DEP enrollment profile. Once assigned, it can only be reassigned to another profile.
Enrolling using the Company Portal after DEP doesn't appear to be a viable option. Apps, although required in the SCCM deployment are not enforced and can be removed. Since they are not required they will not come back down. Not all apps
came down either and no apps in the company portal.
Moral of the story, DEP integration is worthless at this time unless you do not plan on deploying any Microsoft Office (i.e managed) apps, or conditional access. Looks like we will need to remove the DEP integration and touch every device with Apple
Configurator to Supervise.
Here's a couple of quotes from the Intune support contact:
After reviewing the public facing articles, I haven't seen any documentation stating either way that pushing Managed Apps is possible/not possible at the present time. I can submit a request to have these articles updated to clarify such information
to hopefully prevent confusion in the future.
Just to confirm, I have verified with multiple engineers in the product group that this scenario is not possible at this time.
And:
This is a direct quote from one of our Product Group engineers:
DEP (Apple's Device Enrollment Program) enrolled devices are not compatible with:
- Conditional Access
- Mobile Application Management (MAM, aka. Managed Apps)
- Company Portal App (WPJ features)
NOTE: Using CA or MAM with DEP enrolled devices is unsupported.
During the DEP account setup process, the Microsoft Intune account is uploaded to the Apple Admin Console and is tied to the DEP account. Intune is deployed as part of the DEP package and does not use
the Company Portal app for enrollment. Therefore, Workplace Join does not occur, which MAM and Conditional Access require for use.
ALSO NOTE: The customer won't be able to use these features with DEP enrolled devices. Applying a MAM policy to the device will cause login issues because the device is looking
for (Company Portal app) enrollment which is required to be compliant
-
Edited by
William Bracken
Friday, September 11, 2015 6:39 PM