SSO Microsoft 365 su iOS ed iPadOS
Zero-touch Enrollment and Managed Apple ID
Thanks to Apple Business Manager or Apple School Manager, devices can be configured in a blink of an eye. In fact, after connecting Apple portal with Ermetix UEM, devices must be switched on and it will receive automatically all the configurations over-the-air.
Admin has to enable Azure federation on Apple Business Manager. As a result, users can leverage their Azure AD usernames (User Principal Name) and passwords as Managed Apple IDs.
MDM Configuration
Ermetix UEM allows integration with Azure on Ermetix Admin, so the users can insert their Microsoft account to authorize the Remote Management phase.
Admin has to create a rule that assigns and auto installs Microsoft Apps from Ermetix Admin, using VPP licensing.
Note: It is very important that Microsoft Authenticator app is installed because it will manage the SSO procedures.
Another thing to do on the Ermetix Admin is to create a configuration profile containing the Extensible SSO payload, compatible from iOS 13 and iPadOS 13.
Additional info for this configuration are available at this link.
User Experience
At this point, users unbox the new received device that was prepared to follow the zero-touch configuration and the enrollment with Ermetix UEM.
Follow the Setup Assistant after powering on the device, set country, language, wifi or cellular connection. After some seconds, Remote Management screen will popup. User can easily authenticate via a Microsoft account thanks to the integration between Ermetix UEM and Azure SSO.
The device has been enrolled on Ermetix UEM and automatically starts to download work apps, settings and restrictions.
User could add its own Managed Apple ID using Azure federation and, one more time, the Microsoft account in one app.
In fact, after this “last” authentication, Microsoft Authenticator app will assist every access on compatible apps and sites.