Using ABM VPP Token with ASM-Enrolled Devices in Intune: Supported Configuration?

The reason I’m asking is because I didn’t set up this configuration myself, and from my logical standpoint, it doesn’t make sense to use an ABM VPP token specifically for deploying the Company Portal, while all other apps are deployed using an ASM VPP token.

Current Working Setup

We currently have a successful deployment configuration across multiple domains, with the following setup:

Device Enrollment: Apple School Manager (ASM)-enrolled iOS/iPadOS devices

ADE Profile Settings:

User Affinity: Enroll with User Affinity

  *Authentication Method:* Setup Assistant with modern authentication
  
  **Company Portal Deployment:**
  
     Install Company Portal: Yes
     
        Install using VPP Token: **ABM VPP Token** (associated with `******@abm.se`)
        

The Concern

Although this configuration is working reliably, I’m unsure if using a VPP token from Apple Business Manager (ABM) to deploy the Company Portal on ASM-enrolled devices is a supported or logical approach.

Cross-Framework Concerns

Are there known risks, limitations, or potential future compatibility issues with mixing ABM tokens and ASM-enrolled devices?

Is this configuration officially supported by Microsoft and Apple?

Is there any documentation that explains when and why this setup might be acceptable?

Environment Details

MDM Platform: Microsoft Intune

Devices: iOS/iPadOS

• Deployment Model: Mixed environment (both ABM and ASM in use)The reason I’m asking is because I didn’t set up this configuration myself, and from a logical standpoint, it doesn’t make sense to use an ABM VPP token specifically for deploying the Company Portal, while all other apps are deployed using an ASM VPP token.