Skip to main content

We use JAMF and Microsoft to integrate device compliance for many of our devices. However, in the last two weeks, we have observed that some devices randomly lose the 'Microsoft Intune' field in Azure and become non-compliant. When we check the company portal, the compliance managed by JAMF is also missing.

Due to the lack of compliance, these devices start to show conditional access errors. We can fix this quickly by running the azure registration policy again, but we don't know the root cause of this problem. For example, one device had to be re-registered three times in two weeks. Others only once, and some never.

We did find this MS known issue with Intune and macOS:
Known issues with Microsoft Intune - Intune | Microsoft Learn

Could this be the cause of our problem, or is there something else I might have overlooked?

@Dobson Odds are you're running into PI113193, and Jamf Pro 11.0.1 is supposed to be available this week with a fix for the issue.

@Dobson Odds are you're running into PI113193, and Jamf Pro 11.0.1 is supposed to be available this week with a fix for the issue.


Ah I was previously unaware of this log!
https://account.jamf.com/products/jamf-pro/known-issues

Thanks for sharing - I reckon this is it!

Did you ever find a solution to this issue? I am now on latest JAMF release (11.1.3) and still this is randomly happening to some users.

Did you ever find a solution to this issue? I am now on latest JAMF release (11.1.3) and still this is randomly happening to some users.


I have not seen the issue re-occur since upgrading. we are on 11.1.1

I have not seen the issue re-occur since upgrading. we are on 11.1.1


Thanks. I have a troubleshoot session with JAMF support today. Will see what that discovery finds.

Thanks. I have a troubleshoot session with JAMF support today. Will see what that discovery finds.


Any joy?
We are getting this a lot - 14 devices in last two days.
Even when the device in question was off!

Any joy?
We are getting this a lot - 14 devices in last two days.
Even when the device in question was off!


Not totally resolved yet, but much better. 

JAMF support recommended configuring JamfAAD to use WebView as well as configuring JamfAAD to recheck for a valid Microsoft Entra ID token.

Both those options can be found in this article:  Troubleshooting Microsoft Entra ID Login Using JamfAAD - Technical Articles | Jamf

Once that policy is deployed I ask user to reregister to Intune with self service tool. Have not had a reoccurring case since then, only new ones

Reply


Terms & ConditionsCookie settings