As you said all your syncing is working, there is not much in JAMF to check.
- Check your Smart groups and ensure they are configured correctly.
- Check the devices to make sure it is showing as compliant in JAMF.
- Check to make sure you are using the correct Compliance Group in Settings > Device Compliance.
Literally everything else is on the Azure side. I would suggest opening a ticket with Microsoft or starting a discussion on Technet.
High level things to check on the Azure side.
- Make sure the device's activity is current.
- Make sure the Device is showing as compliant (assuming its compliant in JAMF).
- If either of these are not correct, the device needs to be reregistered.
We stood up conditional access 4th quarter last year, and learned it is really just not worth it. You can target the same compliance and non-compliance groups at JAMF App restrictions and force quit apps for non-compliant devices and basically perform conditional access with just JAMF and not deal with Azure at all. Devices also love to just stop syncing which requires device level troubleshooting and often a reregister.
@dav25bangor If the Mac is showing as compliant in Entra ID (the 2nd screen shot in your post) that implies your access rules are not set up correctly in Intune to allow Entra ID compliant Macs access. You'd want someone who really understands the "logic" (quoted because I find it anything but logical) that Microsoft uses for those rules to review your configuration because it's pretty easy to have conflicting rules which will prevent the expected access.
@AJPinto and @sdagley thank you for the pointers, it appears we had a couple of issues which masked the problem, one of them being the tenancy stopping the installation of OneDrive sync client on the Mac. The other issue was related to configuring Jamf Connect for Entra with Conditional Access
Integrating Jamf Connect with Microsoft Entra ID - Jamf Connect Documentation 2.31.0 | Jamf document updated 10/1/2024. Thanks again, we may just have this sorted...
