+9Hello Team,
Our organization's mac devices are getting managed by JAMF but device has to be registered in Intune/AAD to implement conditional access policy, and this process is manual, I mean users are supposed to open Self-Service app and run the Intune registration app to follow the next steps to register their mac in Intune/AAD. My question is that, is it possible to automate this job so that all mac devices will be registered automatically in Intune/AAD at the time of enrollment in JAMF?
+26No, this is not possible. The function of logging in to the Comp Portal, is to register the device in AAD and in turn Microsoft Endpoint Manager. Microsoft does not provide a workflow for any MDM to be able to facilitate registering a device automatically for a user in to AAD.
+9No, this is not possible. The function of logging in to the Comp Portal, is to register the device in AAD and in turn Microsoft Endpoint Manager. Microsoft does not provide a workflow for any MDM to be able to facilitate registering a device automatically for a user in to AAD.
So you want to mean that it is not possible for now due to Microsoft's design not for Jamf?
I have a JAMF Helper script run during enrollment scoped to Macs where the Intune Registration is pending. When they click ok, it will launch the Self Service Policy for them.
#!/bin/bash
answer=$( "/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper" \\
-windowType utility \\
-title "<your company>" \\
-description "Please register your Mac with Intune to enable access Office 365 by selecting Register and logging into the Company Portal Application. When prompted for JamfAAD, enter your password and choose Always Allow." \\
-icon /Applications/Company\\ Portal.app/Contents/Resources/AppIcon.icns \\
-button1 Register \\
-defaultButton 1 )
echo $answer
if [[ $answer -eq 0 ]];then
/usr/local/bin/jamf policy trigger -id <your intune policy>
else
echo "Something has gone horribly wrong, definitely abort..."
fi+9I have a JAMF Helper script run during enrollment scoped to Macs where the Intune Registration is pending. When they click ok, it will launch the Self Service Policy for them.
#!/bin/bash
answer=$( "/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper" \\
-windowType utility \\
-title "<your company>" \\
-description "Please register your Mac with Intune to enable access Office 365 by selecting Register and logging into the Company Portal Application. When prompted for JamfAAD, enter your password and choose Always Allow." \\
-icon /Applications/Company\\ Portal.app/Contents/Resources/AppIcon.icns \\
-button1 Register \\
-defaultButton 1 )
echo $answer
if [[ $answer -eq 0 ]];then
/usr/local/bin/jamf policy trigger -id <your intune policy>
else
echo "Something has gone horribly wrong, definitely abort..."
fiI understood the logic of the script, but my question is to register the mac by running the app from Self-Service and to register the mac calling the policy by its corresponding policy ID is same logically?
I understood the logic of the script, but my question is to register the mac by running the app from Self-Service and to register the mac calling the policy by its corresponding policy ID is same logically?
By design in the documentation, the end user must register by means of the Self Service policy. This script will simply prompt them to launch it. Otherwise, they won't until they attempt to access an Office 365 resource.
By design in the documentation, the end user must register by means of the Self Service policy. This script will simply prompt them to launch it. Otherwise, they won't until they attempt to access an Office 365 resource.
Sorry. The Jamf Helper script should be set to launch the Self Service policy that someone would use to manually register.
+11I have a JAMF Helper script run during enrollment scoped to Macs where the Intune Registration is pending. When they click ok, it will launch the Self Service Policy for them.
#!/bin/bash
answer=$( "/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper" \\
-windowType utility \\
-title "<your company>" \\
-description "Please register your Mac with Intune to enable access Office 365 by selecting Register and logging into the Company Portal Application. When prompted for JamfAAD, enter your password and choose Always Allow." \\
-icon /Applications/Company\\ Portal.app/Contents/Resources/AppIcon.icns \\
-button1 Register \\
-defaultButton 1 )
echo $answer
if [[ $answer -eq 0 ]];then
/usr/local/bin/jamf policy trigger -id <your intune policy>
else
echo "Something has gone horribly wrong, definitely abort..."
fiThis worked for my needs. Thank you
+1Not sure if anyone has seen the following behavior before but our manual registrations almost always fail the first time requiring us to "Flush" the job in Jamf before a second attempt. Second attempt is almost always successful, but we'd have to flush 2-3 times before.
Does this script help with that behavior by chance? Doesn't sound like it since it's simply evoking the Self Service registration. It's been super frustrating; Azure registration should be a simple thing.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.