Troubleshooting Missing iOS Devices in Intune Portal
Several administrators report that their enrolled iPhones and iPads suddenly disappear from the Microsoft Intune portal, even though devices still show up under Azure AD (Entra ID) and no deletion events appear in audit logs. Occasional brief reappearances only to vanish again add to the confusion. This guide explores potential causes, diagnostic steps, and workarounds.
1. Confirm Enrollment Status in Apple Business/School Manager
- ASM/ABM Terms
- Ensure the Apple Business Manager (ABM) or Apple School Manager (ASM) agreement is accepted in Intune.
- Although T&C acceptance typically affects new enrollments, a sync glitch can hide existing devices if terms aren’t propagated.
- Sync Schedule
- In the Intune portal, navigate to Devices > Enroll devices > Apple enrollment.
- Under Enrollment program tokens, select your token and click Sync.
- Watch the status; errors here can prevent device visibility.
2. Check Device Management Authority
- Intune vs. SCCM
- Confirm Intune is the sole MDM authority for iOS. Hybrid setups or leftover ConfigMgr connectors may conflict.
- In Tenant administration > Connectors and tokens, ensure only valid Apple tokens exist.
3. Review Device Object and Compliance Policies
- Azure AD Device Objects
- Devices appear in Entra ID but may lack a valid MDM registration.
- In Entra ID, open a device object and check Registered by MDM. If blank or incorrect, Intune won’t list it.
- Compliance Filter
- If you apply a dynamic group filter (e.g., only show compliant devices), transient compliance failures can hide devices.
- Verify compliance policy assignments haven’t changed and that conditions (like OS version or encryption) still match.
4. Investigate Enrollment Program Token Health
- Token Expiry or Renewal
- Apple MDM tokens expire annually. Even if your token shows valid, it may need renewal in both ASM/ABM and the Intune portal.
- Generate a new server token in ASM/ABM and re-upload it to Intune.
- Certificate Issues
- The APNs certificate used by Intune must be current.
- In Intune, go to Endpoint security > Certificate connectors and confirm the Apple Push Notification certificate status.
5. Examine Intune Service Health
- Microsoft 365 Admin Center
- Check the Intune service health dashboard for ongoing incidents affecting Apple enrollment or device inventory synchronization.
- A transient backend issue can cause devices to vanish and reappear.
6. Workarounds and Next Steps
- Force Re-Enroll a Test Device
- On a sample iPhone, remove the Intune management profile.
- Re-enroll via Company Portal and observe if it reliably appears in the portal.
- Validate via Graph API
- Use Microsoft Graph Explorer to query
/deviceManagement/managedDevicesfiltered for iOS. - If Graph returns devices but the portal does not, it indicates a portal UI issue.
- Use Microsoft Graph Explorer to query
- Open Microsoft Support Ticket
- Given multiple tenants are affected and no community solution exists, escalate with Microsoft. Provide timestamps, audit logs, and Graph query results.
- Monitor ABM Sync Logs
- Enable enhanced logging under Apple enrollment and gather sync logs for support.
Conclusion
Missing iOS devices in Intune despite active Azure AD records usually point to enrollment token sync problems, compliance filters, or transient service issues. By verifying ABM/ASM tokens, APNs certificates, compliance policy scopes, and using Graph API diagnostics, you can narrow down the root cause. If devices still disappear, work with Microsoft Support to resolve backend sync errors.
