Just wanted to give you the next part of my experience with Intune (Cloud-only) and Apple DEP. First of all I want to clarify that this is regarding a single case, but could probably help some of you with one or more issues, because most of this is still not documented. Not even inside Microsoft.
After some bureaucratic issues with the Intune “Pro” support (the free one) and MS Premier support, we started to move forward. We also ran into some ADFS issues, but that’s another story. Our assigned support technician got some more logs out of a few iPads using a program called xcode. I’m including the instructions we got from the support, so that you may create them and add them if you need to open a case in the future. (As Jörgen Nilsson (@ccmexec) use to say “If you are going to work with Intune, ask your boss to buy an Mac for you.” J)
“The Xcode logs require a MAC to get and so if they don’t have one, there isn’t any other way to get them. Please validate if they have a MAC available and if so, please have them follow the following process:
- Get a MAC. 1a. Update to latest OS. 1b. Install XCODE from Mac Store. 2. Plug in device. 3. Open XCODE. 4. Go to “Windows” and click “Devices”. 5. Click on your device. 6. Reproduce the issue. 7. There is a little export arrow on the bottom right of the window. 8. Send us the log(s).”
When we did this, we had some issues with access rights to the iPad because of the DEP-enrollment. If you run into the same issue, factory reset the iPad, connect it to the Mac and collect the logs while enrolling the device.
Anyways. This actually gave us, or the Premier Support in this case, some valuable info.
To remind you of the issue: When we enroll DEP-enabled iPads they end up in EITHER the correct (assigned) group, the group assigned to the default DEP-policy or “Ungrouped devices”. Because of how the iPads are named, and also because of how often this info updates – this gives us quiet a lot of work. This also could be the reason for our policy errors (see previous post) but this is the next issue to look into.
So, when the Premier Support looked into the logs they found that for some reason the iPad can’t contact Apples DEP-services. It keeps trying and trying, and eventually fails. When this happens, the iPad only knows that it’s DEP-enabled but not which policy to choose. Therefore, it ends up in either the Default Group or Ungrouped devices. Why it choose one of those over the other in some cases is still something to look into. The only thing we know is that all the iPads were enrolled on the same WiFi, at the same time and with (in most cases) the same account. Starting on Monday I’ll start talking to Apple-support to find out more about why it fails.
Will be back with more info.
P.S Just want to give a big thanks to Dominic at the Premier Support for handling our case. J D.S