Skip to main content
Question

JAMF/EntraID Device Compliance - All devices marked as Non-Compliant since Friday

  • November 1, 2023
  • 10 replies
  • 70 views
R
Forum|alt.badge.img+4

Hi All,

We have been working on setting up Device compliance with EntraID for a while and had everything in place to begin rolling it out this week, everything was working as expected with devices being marked with the correct compliance.  As of Friday all of our test devices were marked as non-compliant and registering devices now seems to take significantly longer than usual, almost as if it's waiting for a 24hr sync before the devices are marked as registered in Intune and marked as non-compliant.  This seems to coincide with the timing of our update to Jamf Pro 11.

Devices and users are in the correct groups and everything still appears normal from a setup perspective.

Has anyone else had similar issues?

Thanks,

Ryan

    10 replies

    J
    Forum|alt.badge.img+3
    • jscherer
    • New Contributor
    • November 1, 2023

    is this with the old compliance integration or the new integration with smart groups?

    R
    R
    Forum|alt.badge.img+4
    • Rolden
    • Author
    • Contributor
    • November 1, 2023

    It’s with the new smart groups.  We have allocated them all correctly and got them the right way around (won’t make that mistake again).  We are just checking against OS version at the moment.

    D
    Forum|alt.badge.img+1
    • David_Jenkins
    • New Contributor
    • November 2, 2023

    We have the same issue, but it was like this before upgrade to 11.

    Devices show Intune under the MDM column in Entra - devices, but they all go non compliant.

    Have tickets open with JAMF (been escalated) and MS (had a remote session but nothing else yet)

     

     

    D
    Forum|alt.badge.img+1
    • David_Jenkins
    • New Contributor
    • November 2, 2023

    Update - Jamf guys say all good their side, after doing all the dev logging / agent logs / Company portal logs.

    They are doing a session with me tomorrow to look at the Azure config.

    R
    Forum|alt.badge.img+4
    • Rolden
    • Author
    • Contributor
    • November 2, 2023

    With us it was all our doing, we had used a test group in Azure and as we were heading towards deployment changed it to all users.  Turns out this was a major no no, we have now moved back to groups and it resolved the issue.

    D
    Forum|alt.badge.img+1
    • David_Jenkins
    • New Contributor
    • November 2, 2023

    Self inflicted eh? if only.
    We have been using a Jamf users AD group and moving people in as their Mac was Jamf'ed.
    We are migrating from Intune, but even clean / fresh Mac's suffer the same fate atm.

    R
    R
    Forum|alt.badge.img+4
    • Rolden
    • Author
    • Contributor
    • November 2, 2023

    Self inflicted eh? if only.
    We have been using a Jamf users AD group and moving people in as their Mac was Jamf'ed.
    We are migrating from Intune, but even clean / fresh Mac's suffer the same fate atm.


    Indeed

    The only other time I’ve seen that behaviour is when the compliance and applicable group were the wrong way around which is quite easy to do given the way the documentation presents things.

     

    I hope you find out what’s wrong.

    D
    Forum|alt.badge.img+1
    • David_Jenkins
    • New Contributor
    • November 3, 2023

    This is now resolved!!
    Had a live session with Jamf again - this time we re-created the device compliance connector with Intune.
    Once done, kick all devices out of your compliance smart group, then put them back in (I did mine by saying they had to have a stupid serial number).
    About a minute later, they all started popping up as compliant in Entra.

    Hoorah!

    R
    Forum|alt.badge.img+4
    • Rolden
    • Author
    • Contributor
    • November 3, 2023

    This is now resolved!!
    Had a live session with Jamf again - this time we re-created the device compliance connector with Intune.
    Once done, kick all devices out of your compliance smart group, then put them back in (I did mine by saying they had to have a stupid serial number).
    About a minute later, they all started popping up as compliant in Entra.

    Hoorah!


    Amazing news.

    We've just realised that as a result of this users cannot enroll personal devices in intune, I'm a bit at odds here as we wanted to allow users to have both corporate and personal devices.

    E
    D
    Forum|alt.badge.img+1
    • David_Jenkins
    • New Contributor
    • November 3, 2023

    Amazing news.

    We've just realised that as a result of this users cannot enroll personal devices in intune, I'm a bit at odds here as we wanted to allow users to have both corporate and personal devices.


    We only have been doing Macs and havent done any by DEP, so in that regard, they are all personal?

    Terms & ConditionsCookie settingsAccessibility statement