Update your Apple Configurator profile if Enrollments are Failing with Setup Assistant
Note : This only impacts the iOS/iPadOS device enrollment using Apple Configurator. Only setup assistant workflow is impacted – all other iOS/iPad enrollment workflows are not affected.
There was a certificate mismatch between Apple Configurator profiles and the Intune certificate issuing service for iOS/iPadOS enrollment through this setup experience.
Existing devices remain enrolled as they have already established trust through the Apple configurator setup assistant workflow. However, if you plan to enroll new devices there is some steps to follow in order to enroll new devices.
How will you know you are affected?
- You have an enrollment profile that has worked historically to enroll new devices, but now those new devices (userless or user-based) fail enrollment. The error in device logs either indicates there’s no service response or enrollment can’t succeed so no errors are logged.
Steps for new enrollments after February 10, 2021:
You can check this blog post for additional information on the certificate rotation.
In Apple Configurator 2, right click the devices and select Re-export the URL and repaste that into your server list in Apple Configurator 2. When you go through the resolution, it will ensure all components involved in your enrollment profile work as expected.
- Navigate to https://enrollment.manage.microsoft.com/EnrollmentServer/Discovery.svc/iOS/ESProxy. This will load an empty page.
- In the Microsoft Endpoint Manager admin center, under Home > Devices > iOS/iPadOS > Apple Configurator, select the profile, and then “Export Profile”
- Copy the Profile URL from the blade.
- In Apple Configurator 2, right click the device and select “Prepare.”
- Choose “Manual Configuration” in the “Prepare with:” drop down.
- Select “New Server” and paste the URL from step 3 into the “Host name or URL” text box.
- Click “Next” and proceed as usual.
No Comments