According to this article the device_aad_information is written to the Jamf database, how can I use this to create a smart group or at least show in Jamf if it is registered with Azure AD
https://learn.jamf.com/bundle/technical-paper-microsoft-intune-current/page/Computer_Regisration_for_End_Users.html
@barrycuda Here's an EA that will tell you the state of the Jamf AAD configuration:
#!/bin/sh
# Originally written by Ben Whitis - 08/11/2022
# Revised by @sdagley 2023-09-27
# EA - Intune Registration Status
# Returns one of the following:
# "Not Registered"
# No MSOrganizationAccess certificate found so user has not enrolled via Company Portal
# "Registered"
# Enrolled with Company Portal and Jamf AAD
# "MSOrganizationAccessCert present but AAD ID not acquired"
# User has enrolled with Company Portal but Jamf AAD enrollment not completed
# "MSOrganizationAccess Cert present but JamfAAD Plist missing"
# User has enrolled with Company Portal but Jamf AAD settings file not found
loggedInUser=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
# Presume not registered
result="Not Registered"
# Check if MSOrganizationAccess certificate is present
MSOrganizationAccessCert=$(security dump "/Users/$loggedInUser/Library/Keychains/login.keychain-db" | grep MS-ORGANIZATION-ACCESS)
if [ -n "$MSOrganizationAccessCert" ]; then
# MSOrganizationAccess certificate is present, check if jamfAAD plist exists
jamfAADPlist="/Users/$loggedInUser/Library/Preferences/com.jamf.management.jamfAAD.plist"
if [ -f "$jamfAADPlist" ]; then
# jamfAAD.plist exists, check if jamfAAD has acquired AAD ID
AAD_ID=$(defaults read "/Users/$loggedInUser/Library/Preferences/com.jamf.management.jamfAAD.plist" have_an_Azure_id)
if [ "$AAD_ID" -eq "1" ]; then
# jamfAAD ID exists
result="Registered"
else
# MSOrganizationAccess certificate is present but no AAD ID acquired:
result="MSOrganizationAccessCert Present but AAD ID not acquired"
fi
else
# jamfAAD.plist doesn't exist
result="MSOrganizationAccess Cert present but JamfAAD Plist missing"
fi
fi
echo "<result>$result</result>"My thanks to Jeff Anderson on MacAdmins Slack who originally let me know about Ben's original version of this EA
@barrycuda Here's an EA that will tell you the state of the Jamf AAD configuration:
#!/bin/sh
# Originally written by Ben Whitis - 08/11/2022
# Revised by @sdagley 2023-09-27
# EA - Intune Registration Status
# Returns one of the following:
# "Not Registered"
# No MSOrganizationAccess certificate found so user has not enrolled via Company Portal
# "Registered"
# Enrolled with Company Portal and Jamf AAD
# "MSOrganizationAccessCert present but AAD ID not acquired"
# User has enrolled with Company Portal but Jamf AAD enrollment not completed
# "MSOrganizationAccess Cert present but JamfAAD Plist missing"
# User has enrolled with Company Portal but Jamf AAD settings file not found
loggedInUser=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
# Presume not registered
result="Not Registered"
# Check if MSOrganizationAccess certificate is present
MSOrganizationAccessCert=$(security dump "/Users/$loggedInUser/Library/Keychains/login.keychain-db" | grep MS-ORGANIZATION-ACCESS)
if [ -n "$MSOrganizationAccessCert" ]; then
# MSOrganizationAccess certificate is present, check if jamfAAD plist exists
jamfAADPlist="/Users/$loggedInUser/Library/Preferences/com.jamf.management.jamfAAD.plist"
if [ -f "$jamfAADPlist" ]; then
# jamfAAD.plist exists, check if jamfAAD has acquired AAD ID
AAD_ID=$(defaults read "/Users/$loggedInUser/Library/Preferences/com.jamf.management.jamfAAD.plist" have_an_Azure_id)
if [ "$AAD_ID" -eq "1" ]; then
# jamfAAD ID exists
result="Registered"
else
# MSOrganizationAccess certificate is present but no AAD ID acquired:
result="MSOrganizationAccessCert Present but AAD ID not acquired"
fi
else
# jamfAAD.plist doesn't exist
result="MSOrganizationAccess Cert present but JamfAAD Plist missing"
fi
fi
echo "<result>$result</result>"My thanks to Jeff Anderson on MacAdmins Slack who originally let me know about Ben's original version of this EA
That is awesome... Works like a charm
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.