top of page
Search

Issue: iOS or iPadOS device is stuck on an enrollment screen




This article fixes an issue where iOS/iPadOS devices are stuck on a Microsoft Intune enrollment screen for more than 10 minutes. An enrolling device may get stuck in either of two screens:

  • Awaiting final configuration from "Microsoft"

  • Guided Access app unavailable. Please contact your administrator.



Cause


There are two potential causes for this issue:

  • There's a temporary outage with Apple services.

  • iOS/iPadOS enrollment is set to use VPP tokens (as shown in the table below) but there's something wrong with the VPP token.

Expand table

Enrollment settings

Value

Platform

iOS/iPadOS

User Affinity

Enroll with User Affinity

Authenticate with Company Portal instead of Apple Setup Assistant

Yes

Install Company Portal with VPP

Use token: token address

Run Company Portal in Single App Mode until authentication

Yes



Solution

To fix the problem, complete the procedures in this section:

  1. Determine if there's something wrong with the VPP token and fix it.

  2. Identify which devices are blocked.

  3. Wipe the affected devices.

  4. Tell the user to restart the enrollment process.



Determine if there's something wrong with the VPP token


  1. In the Microsoft Intune admin center, choose Devices > iOS/iPadOS > iOS enrollment > Enrollment program tokens > token name > Profiles > profile name > Manage > Properties.

  2. Review the properties to see if any errors similar to the following appear:

    • This token has expired.

    • This token is out of Company Portal licenses.

    • This token is being used by another service.

    • This token is being used by another tenant.

    • This token was deleted.

  3. Fix the issues for the token.


Identify which devices are blocked by the VPP token


  1. In the Microsoft Intune admin center, choose Devices > iOS/iPadOSk > iOS enrollment > Enrollment program tokens > token name > Devices.

  2. Filter the Profile status column by Blocked.

  3. Make a note of the serial numbers for all the devices that are Blocked.

Remotely wipe the blocked devices

After you've fixed the issues with the VPP token, you must wipe the devices that are blocked.

  1. In the Microsoft Intune admin center, choose Devices > All devices > Columns > Serial number > Apply.

  2. For each blocked device, choose it in the All devices list and then choose Wipe > Yes.


Tell the users to restart the enrollment process


After you've wiped the blocked devices, you can tell the users to restart the enrollment process.






Have a question or need help! Contact me 😊❤️

Commentaires

bottom of page