Microsoft Intune is revamping iOS/iPadOS Automated Device Enrollment (ADE) policies with a new infrastructure launching in Q4 2025. The update improves authentication, removes deprecated settings, and offers granular admin controls. Existing profiles remain, but new policies are recommended for faster, streamlined device management. Unique :
What’s New with iOS/iPadOS ADE Enrollment Policies?
Microsoft Intune is rolling out a revamped experience for iOS/iPadOS Automated Device Enrollment (ADE) policies. Expected in Q4 CY25, this upgrade moves ADE policies to a new infrastructure. This change aims to speed up feature delivery and improve policy management.
One major update is the removal of the Company Portal authentication method and automatic app deployment. Instead, Setup Assistant with modern authentication is now the recommended approach. Apple-deprecated settings are also cleaned up, and admins gain more granular controls on the policies page.
Major Updates to Enrollment Policies
Newly created enrollment policies will automatically use this new experience. Existing profiles remain functional but cannot be created anew in the old style. Microsoft recommends creating new policies and setting them as default for smooth transition.
In the Microsoft Intune admin center, admins can create new enrollment policies by navigating to Devices > Enrollment > Apple > Enrollment program tokens > select a token > Enrollment policies > Create. From here, policies can be assigned, edited, or deleted with ease.
Improved Usability Features
- Column controls let you pick default, primary, and visible columns.
- The search bar supports case-insensitive searches across all columns.
- Filters allow sorting by platform, with more filters coming soon.
- Sorting by ascending or descending order is just a click away.
Company Portal App Changes
The Company Portal app will no longer deploy automatically with enrollment policies. Instead, Microsoft suggests using Setup Assistant with modern authentication. This method eliminates the need for the Company Portal app during enrollment.
If you still want the app, deploy it separately using userless authentication and the right app configuration policy. Assigning the correct XML configuration is crucial to avoid device issues and ensure smooth auto-updates.
“The key benefit is that the need for the Company Portal app has been removed for enrollment.” – Anya Novicheva, Sr Product Manager, Microsoft Intune
Important Notes for Admins
Existing enrollment profiles remain editable but cannot be created anew. Deleting old profiles disables device rename enforcement, so proceed carefully.
Admins should migrate devices from old profiles to new policies and always enable the “Await final configuration” setting.
Device assignment flow remains the same. Just select devices under the policy’s Devices tab and assign the new enrollment policy.
Stay Updated
Keep an eye on the Microsoft Intune blog and roadmap for release updates. The ETA shifted to Q4 CY25, so plan your migration accordingly.
“We recommend creating a new enrollment policy and setting it as the default so new enrollments will use the new policy as soon as possible.” – Intune Support Team
For detailed guidance, check Microsoft’s official docs and community discussions. This update is a big step toward modernizing iOS/iPadOS device management with Intune.
From the Intune Customer Success articles
Windows Server Devices Now Recognized as a New OS in Intune Microsoft has announced that Windows Server devices are Read more
Microsoft Power Platform is leading the way in AI-generated low-code app development. With the help of AI, users can quickly Read more
Microsoft Intune is an enterprise mobility management platform that helps organizations manage mobile devices, applications, and data. The October edition Read more
Microsoft Intune has released its November edition, featuring new updates to help IT admins better manage their organization’s mobile devices. Read more
