Everything should work from simply DEP enrolling -pushing out LOB apps automatically and CA
As a Microsoft Partner we are frequently coming across business's using DEP to streamline their enrolment into Intune.
When user affinity is used with DEP the device gets registered in Intune where as the traditional method of enrolment, enrolling my the company portal enrolls the user.
As such, business's have to then ALSO enroll using the company portal to use conditional access which defeats the object of using DEP in this first place.
My customer is using DEP with Intune Hybrid. When deploying an Azure AD App Proxy app, and the device attempts to access the app it states the device is not enrolled. This should not be the case. Everything should work from simply DEP enrolling including pushing out line of business apps automatically, accessing services using conditional access.
Same issue. I also notice the Microsoft documentation for DEP conveniently misses out the need to get the user to manually enroll their corporate device in Comp Portal, immediately after it's done for them via DEP.
I literally CANNOT believe this is how it works. I have spent months getting DEP setup and am now running into this problem. this is just horrific.
I second that!
I agree. In our configuration, email also gets pushed but is immediately blocked and requires to sign into Company Portal to enroll. If the enrollment process was easy, it wont be a problem. However, it requires the end user to follow a longer guided step to retrieve the last four digits of the serial number, and enter it. What is the point of configuring the DEP profile and having the user register there, then having to download the Company Portal app to complete another enrollment process?