@barrycuda Here's an EA that will tell you the state of the Jamf AAD configuration:

#!/bin/sh

# Originally written by Ben Whitis - 08/11/2022
# Revised by @sdagley 2023-09-27

# EA - Intune Registration Status
# Returns one of the following:
# "Not Registered"
# No MSOrganizationAccess certificate found so user has not enrolled via Company Portal
# "Registered"
# Enrolled with Company Portal and Jamf AAD
# "MSOrganizationAccessCert present but AAD ID not acquired"
# User has enrolled with Company Portal but Jamf AAD enrollment not completed
# "MSOrganizationAccess Cert present but JamfAAD Plist missing"
# User has enrolled with Company Portal but Jamf AAD settings file not found

loggedInUser=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name && ! /loginwindow/ { print $3 }' )

# Presume not registered
result="Not Registered"

# Check if MSOrganizationAccess certificate is present
MSOrganizationAccessCert=$(security dump "/Users/$loggedInUser/Library/Keychains/login.keychain-db" | grep MS-ORGANIZATION-ACCESS)
if [ -n "$MSOrganizationAccessCert" ]; then
# MSOrganizationAccess certificate is present, check if jamfAAD plist exists
jamfAADPlist="/Users/$loggedInUser/Library/Preferences/com.jamf.management.jamfAAD.plist"

if [ -f "$jamfAADPlist" ]; then
# jamfAAD.plist exists, check if jamfAAD has acquired AAD ID
AAD_ID=$(defaults read "/Users/$loggedInUser/Library/Preferences/com.jamf.management.jamfAAD.plist" have_an_Azure_id)

if [ "$AAD_ID" -eq "1" ]; then
# jamfAAD ID exists
result="Registered"
else
# MSOrganizationAccess certificate is present but no AAD ID acquired:
result="MSOrganizationAccessCert Present but AAD ID not acquired"
fi

else
# jamfAAD.plist doesn't exist
result="MSOrganizationAccess Cert present but JamfAAD Plist missing"
fi
fi

echo "<result>$result</result>"

My thanks to Jeff Anderson on MacAdmins Slack who originally let me know about Ben's original version of this EA

@barrycuda Here's an EA that will tell you the state of the Jamf AAD configuration:

#!/bin/sh

# Originally written by Ben Whitis - 08/11/2022
# Revised by @sdagley 2023-09-27

# EA - Intune Registration Status
# Returns one of the following:
# "Not Registered"
# No MSOrganizationAccess certificate found so user has not enrolled via Company Portal
# "Registered"
# Enrolled with Company Portal and Jamf AAD
# "MSOrganizationAccessCert present but AAD ID not acquired"
# User has enrolled with Company Portal but Jamf AAD enrollment not completed
# "MSOrganizationAccess Cert present but JamfAAD Plist missing"
# User has enrolled with Company Portal but Jamf AAD settings file not found

loggedInUser=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name && ! /loginwindow/ { print $3 }' )

# Presume not registered
result="Not Registered"

# Check if MSOrganizationAccess certificate is present
MSOrganizationAccessCert=$(security dump "/Users/$loggedInUser/Library/Keychains/login.keychain-db" | grep MS-ORGANIZATION-ACCESS)
if [ -n "$MSOrganizationAccessCert" ]; then
# MSOrganizationAccess certificate is present, check if jamfAAD plist exists
jamfAADPlist="/Users/$loggedInUser/Library/Preferences/com.jamf.management.jamfAAD.plist"

if [ -f "$jamfAADPlist" ]; then
# jamfAAD.plist exists, check if jamfAAD has acquired AAD ID
AAD_ID=$(defaults read "/Users/$loggedInUser/Library/Preferences/com.jamf.management.jamfAAD.plist" have_an_Azure_id)

if [ "$AAD_ID" -eq "1" ]; then
# jamfAAD ID exists
result="Registered"
else
# MSOrganizationAccess certificate is present but no AAD ID acquired:
result="MSOrganizationAccessCert Present but AAD ID not acquired"
fi

else
# jamfAAD.plist doesn't exist
result="MSOrganizationAccess Cert present but JamfAAD Plist missing"
fi
fi

echo "<result>$result</result>"

My thanks to Jeff Anderson on MacAdmins Slack who originally let me know about Ben's original version of this EA

That is awesome... Works like a charm