As highlighted in the Microsoft simplifies Endpoint Manager enrollment for Apple updates - Microsoft Tech Community post, we’ve been preparing for the iOS 16/iPadOS 16 by testing each beta release. We recently discovered an issue in Apple’s User Enrollment process. Both Intune and Apple are working on updates, but in the interim, if you enroll devices with User Enrollment you’ll want to understand the background and options as iOS/iPadOS 16 releases.
Impacted devices are:
If we believe you have devices that meet the criteria above, we also posted Service Health Dashboard post IT428176 on your dashboard.
The user experience:
Immediate mitigation:
Work underway for mitigation:
Once both fixes are complete, users will not receive the update error and can easily update to iOS 16/iPadOS 16.
We will keep this post updated as we have additional information and as fixes are released. If you have questions, reply to this post or reach out to @IntuneSuppTeam on Twitter.
Continue reading...
Impacted devices are:
- Enrolled with User Enrollment, and on iOS 15 or iPadOS 15.
- User Enrolled devices into Intune between September 16, 2021, (Intune’s 2109 service release) and the August (2208) Intune releases. You can see the device enrollment date within the Microsoft Endpoint Manager admin center reporting by going Devices > iOS/iPadOS, on the overview page see the Enrollment date column. If you’re looking on an actual iOS device, you can see the enrollment date under Settings -> General > VPN & Device management -> Management Profile -> then look at when the Device Identity Certificate expires – if it’s between September 2022 and September 2023 it’s likely impacted as most customers use a one-year certificate.
If we believe you have devices that meet the criteria above, we also posted Service Health Dashboard post IT428176 on your dashboard.
The user experience:
- If the device updates from iOS/iPadOS 15 to iOS/iPadOS 16, the user will be presented with a “new MDM payload does not match the old payload" error. At the device level, the enrolled devices are not able to update their management profile. When management profiles are not updated, the device could lose compliance, which depending on your policies, may block access to company resources.
Immediate mitigation:
- A device can be un-enrolled and re-enrolled which will apply a new management profile and the new OS. We're working on a mitigation where you don’t need to take this step.
Work underway for mitigation:
- Intune is releasing a fix which will be completely rolled out to the entire Intune environment by September 16; and
- Apple is working on an update to iOS/iPadOS 16, however we don’t know if it’ll release with 16 or with 16.x (an upcoming release). We will keep this post updated.
Once both fixes are complete, users will not receive the update error and can easily update to iOS 16/iPadOS 16.
We will keep this post updated as we have additional information and as fixes are released. If you have questions, reply to this post or reach out to @IntuneSuppTeam on Twitter.
Continue reading...
Last edited:
