AutoEnrollOnLaunch behaviour has changed

[andrejacobs-unily]

Describe the bug: We embed the IntuneMAM (Swift) framework into our product and have the AutoEnrollOnLaunch set to True and MAMPolicyRequired set to True. We have also been using the Intune MAM SDK like this in our product for 5+ years.

The behaviour used to be that when the app launches, the MAM SDK somehow (black boxed / swizzled) the code execution and our application(didFinishLaunchingWithOptions:) only would get run once the MAM SDK's view was dismissed. However the behaviour right now (and I suspect it has changed a few versions back) is that application(didFinishLaunchingWithOptions) is called while MAM is still doing the enrollment process.

It also means that our initial view controller gets loaded, viewDidAppear gets called and we start the MSAL authentication process. While at the same time MAM has actually taken control of the screen. Looking at the view hiearchy it appears we now have a UIWindowScene with a couple of obfuscated views/window names from MAM and our initial vc.

So the question is, is this the new expected behaviour? and if yes what is the solution for us to be able to tell when our vc is actually shown to the user and we have a way to be informed that MAM is done and have dismissed?

For a test, I have added an enrollment delegate to our application(didFinishLaunchingWithOptions) IntuneMAMEnrollmentManager.instance().delegate as the first code to execute and the enrollmentRequest and policyRequest methods do get called during the user's enrollment. However there is no status or delegate to inform us when MAM is done done and have dismissed.

To Reproduce Our current test process given that for us we get a double authentication issue because trying to acquire MSAL token during MAM process before MAM is finished is this:

1. Factory reset device or Erase all settings and content for Simulator
2. Run app.
3. Notice that MAM is being presented for enrollment while at the same time main app's code executes and a VC is created ... but not visually shown to user.

Expected behavior: Not sure if old behaviour is still doable. But rather what should be the correct way to know when MAM is done and dismissed?

Smartphone (please complete the following information):

• Device: Multiple iPhone types
• OS: Seen this on iOS 17.x and iOS 18.x

Intune App SDK for iOS (please complete the following information):

• What version of the Intune SDK are you using? Using v19.7.1 because of the iOS 18.1 issue.

• What platform is your app based in (native, Xamarin based, Cordova, etc)? Native Swift. Seen the issue with Xcode 15.3 and Xcode 16 (although haven't upgraded to v20.x of Intune). Also I think this change happened a while back.

• For errors during build, does the app build without Intune SDK integration? No errors and yes app builds with and without Intune SDK

• For errors post build, does the app launch without being Intune SDK integrated? No errors and yes app launches with and without Intune SDK.

• Who is the customer? Right now this is affecting 30 of our clients with which at least 4 is in the top 10 of the S&P 500.

• Do you see a trend with it only being reproduced on a specific device? Nope, happens on any iPhone (8 up to 16)

Additional context: N/A.

Thank you for reviewing this.

[andrejacobs-unily]

@Kyle-Reis can we please get this escalated for someone on your team to review? There is most likely an easy solution that can maybe also be added to implementation documentation. I will continue to see if there is some new more modern way in iOS to tell when the MAM views get dismissed.

Much appreciate the help.