This guide applies to macOS, iOS, and iPadOS devices
Microsoft Company Portal (macOS)
To add this Library Item to your Iru Endpoint Library, follow the steps outlined in the Library Overview article.1
Assign Label and Blueprints
Optionally, assign a Label and assign to your desired Blueprints.If this is the first time deploying Microsoft Device Compliance (MSDC), it is a good idea to deploy to a test Blueprint scoped to a limited number of macOS devices so that you can see how it functions when deployed.
2
Configure Installation Type
For the Installation type, choose Install and continuously enforce.
3
Set Version Enforcement
Select an option from the Version Enforcement dropdown. Your options include the following:
- Do not manage updates
- Automatically enforce new updates
- Manually enforce a minimum version
4
Save Configuration
Click Save.
Microsoft Authenticator & Iru Endpoint Self Service (iOS & iPadOS)
In order to configure MSDC for iOS and iPadOS, you must first Configure Apps and Books, and add the Microsoft Authenticator and Iru Endpoint Self Service App Store Apps to your Iru Endpoint library. For instructions on adding apps from Apps and Books to Iru Endpoint, follow this guide.
1
Navigate to Library
Navigate to Library in the left-hand navigation bar.
2
Select Microsoft Authenticator
Under App Store Apps, select Microsoft Authenticator.
3
Assign to Blueprints
Assign to your desired Blueprints.If this is the first time deploying MSDC, it is a good idea to deploy to a test blueprint scoped to a limited number of iOS/iPadOS devices so that you can see how it functions when deployed.
4
Configure Installation Type
Under Installation Type, choose Install and continuously enforce. If Microsoft Authenticator is installed on some devices, this process will not reinstall the app; instead, Iru Endpoint will take over its management.
5
Enable Microsoft Device Compliance
In the Microsoft Device Compliance section, toggle the switch On.
6
Save Configuration
Click Save.
7
Configure Iru Endpoint Self Service
Repeat the above steps for Iru Endpoint Self Service, ensuring that both apps are applied to the same Blueprints.
User Registration
macOS
Once the Microsoft Company portal is installed on the Mac, the Kandji Agent will attempt to launch the app automatically, following a specific process required by Microsoft so that end users can begin the registration process. For more information about what users should expect, see our Microsoft Device Compliance: User Registration Experience support article.iOS & iPadOS
Once the Microsoft Authenticator app is installed on a mobile device, users will find an option in the Iru Endpoint Self Service app labeled ‘Microsoft Device Compliance Device.’ This is where they can start the registration process.How to Reset Microsoft Device Registration
You can use the Reset Microsoft Registration action on macOS, iOS, and iPadOS to reset the registration. This command does not require any supervision. Prerequisites that should be in place before the action will appear in the action menu- The Microsoft Device Compliance integration should be setup both in Iru Endpoint and in Microsoft Intune portal.
- On macOS, the Microsoft Company Portal app Library Item is scoped to the device and installed.
- On iOS and iPadOS, the Microsoft Authenticator App Store app Library Item is scoped to the device and the Microsoft Device Compliance setting is toggled on and installed.
1
Navigate to Device Record
Navigate to the Device record.
2
Open Device Action Menu
Open the Device Action Menu.
3
Select Reset Microsoft Registration
Select Reset Microsoft registration.
4
Confirm Reset
Click Reset Device Registration.
5
Wait for Processing
Iru Endpoint sends an update to Microsoft Entra ID that the device is no longer managed and is not compliant.
6
Reset Registration Status
Iru Endpoint resets the MSDC registration status for the device record in Iru Endpoint.
7
Re-register Device
The end-user can now re-register the device.
-
On macOS, the Kandji Agent sees that the device is no longer registered and prompts the user to register their device again.
- This will happen at agent check in or if a manual check in is performed on the Mac.
- If the Microsoft Company Portal app is open, it will need to be closed in order to get the re-registration prompt.
- If the Microsoft Company Portal app is closed, once the device checks in with the Kandji Agent, they will receive a prompt to re-register.
- If the Microsoft Company Portal app is closed, re-launching the Microsoft Company Portal will prompt to re-register immediately.
- On iOS and iPadOS, the user can follow the registration process as if registering the device for the first time.
8
Update Device Record
Iru Endpoint updates the device record in Microsoft Entra ID letting Entra know that the device is now managed by Iru Endpoint again and compliant.
| Message | Description |
|---|---|
| ”No active Microsoft device registration found.” | This means that the device has a record in Iru Endpoint, and there is a Microsoft device registration for the device in Iru Endpoint but is is not active. This is generally due to the device no longer being enrolled in Iru Endpoint either because the MDM profile was removed locally on the device or the erased device action was sent from Iru Endpoint. To remediate, the device needs to be reenrolled to Iru Endpoint and the MSDC registration needs to be completed again locally on the device. |
| ”Device is not registered” | This means that the device has all of the prerequisites in place but has not yet registered with Microsoft through the Iru Endpoint MSDC integration. If the device was registered with Microsoft previously through another MDM solution, the end-user will need to complete the registration process again through the Iru Endpoint integration. See MSDC registration for more details. |
| ”Reset Registration failed” | Default error message if none of the above. |