Solved: The configuration for your iPad/iPhone could not be downloaded. Invalid profile.

Some clients are just the best. They allow us to implement out recommendations because we've earned their trust over a 20 year year working relationship. Its these clients for whom we bend over backward.

Some clients listen to our recommendations, nod their heads approvingly, acknowledge that they'll pursue our recommended course of action, but then don't, and ask us to work extra hard so they could save a few hundred dollars. Such is the two-sided sword of providing managed IT services on a fixed-fee model.

Last summer, a client asked us to help them set up just one iPad for work use. They said that they planned on buying more, so I took several hours setting up Apple Business Manager and integrating it with their Intune environment with their assurance that they would let us know when they're ready to buy the rest of the iPads so we could buy them through our reseller who would provision them in our client's ABM tenant. This way, when the iPads arrived, all they'd have to do is unbox them, turn them on, and sign in with their Microsoft 365 credentials.

I'm sure you see where this is going, and it's why you Google search led you to this page.

A few months later, we got the call. The new iPads arrived and they'd like us to set them up 🙄

"Can you return them so we can order them the right way, as you agreed we'd do?" "Sorry, we got them on sale."

Translation: We chose to save money at your expense.

As you'll see though, they did not save any money, or at least not its equivelent: time.

I went on site and started manually enrolling their iPads via Apple Configurator. It took a while to get the first one going because I had to reconfigure enrollment profiles, etc. in Intune, but after a while, I got one or two enrolled and called it a day.

Something, the holidays perhaps, caused me to not return for a while, but when I did, nothing worked. Nothing but errors, but the critical one that I fought for weeks if not months was this one:

What was invalid about the profile? It was fine the last time I enrolled a device. The associated certificate was still valid. Intune and ABM were synchronized 😖

After hours and hours of reading Reddit and blog posts, I started from the beginning: Microsoft's enrollment instructions and read every single line, during which I found this nugget:

An enrollment profile file is only valid for two weeks at which time you must re-create it.

Le sigh. After recreating the enrollment profile Intune and exporting it to Apple Configurator, the remaining iPads enrolled just fine.

I hopes this helps someone and perhaps even salvages your relationship with a client.