Why should you change your enrollment setup for iOS device?
Upcoming changes to iOS/iPadOS Company Portal app deployment for Setup Assistant with modern auth – Microsoft Community Hub
Enrollment profile configuration
Make sure you have selected the following options in your enrollment profile.
Single sign-on app extension
This is where we will configure the settings that enables JIT (Just in Time Registration)
Microsoft Documentation Set up Just In Time Registration
Create a Device features profile with the settings below.
Make sure you assign the profile to Devices. (You can use filters and then use All devices, filter based on corporate devices for example)
You are done. When the user signs-in to a 365 service for the first time, the device registration completes and the user sees the screen below, device is checking the compliancy policy.
If you need to configure specific apps to allow SSO you can also do this by adding more values to the configuration.
Microsoft Enterprise SSO plug-in for Apple devices – Microsoft Entra | Microsoft Learn
Configure iOS/iPadOS Enterprise SSO plug-in with MDM | Microsoft Learn
Extra Setup Outlook App Configuration policy to pre-populate the user’s email address
This creates a little better experience for the end-user, they don’t have to fill in their email again, they just open the Outlook app, and the account is pre-populated, the user still needs to enter the password and sign-in. After the sign-in to outlook is done the SSO can be used on other applications like Teams, etc. (You can also configure this for native iOS mail app)
Create an App configuration policy.
Select device enrollment type: Managed devices
Platform: iOS/iPadOS
Targeted app: Microsoft Outlook
The following settings below will pre-populate the users email address in the Outlook app.
