Support Multi-Factor Authentication when enrolling via DEP
MacOS Catalina appears to now support web form sign-in during DEP enrollment: https://developer.apple.com/documentation/devicemanagement/accountconfigurationcommand/command?changes=latest_minor
This may allow us to provide an onboarding experience more closely aligned to AutoPilot - ideally, user would be able to complete account recovery setup and MFA setup during DEP enrollment as opposed to what we have today: basic auth without support for MFA.
For customers who rely exclusively on Intune for MDM, this makes onboarding a bit more difficult and may dissuade them from using DEP enrollment altogether with the absence of support for MFA.
Salih Zengin commented
Did anyone understand this modern authentification with Company Portal on macOS? Why the company portal is required for this?
Why not easy peasy via webform as apple mentioned?
Also Mosyle (an MDM vendor for $1) provides this. With Microsoft SSO. And Microsoft Intune not?
New modern authentication method with Apple Setup Assistant
As a temporary work around you can enroll using user affinity and just have Azure MFA settings place intune in an excluded zone .
Nathan Davies commented
This continues to be a problem for us too. We NEED to be able to enrol MacOS devices with user affinity where MFA is enforced.
As a CSP Partner, we are required in our tenant to either have the Baseline Policies under Conditional Access enforced or AAD Default Security - both of which force users to use MFA across the board, thus taking away any ability of ours to enrol these devices with user affinity