Skip to main content

So i have Jamf and intune talking fine the app ID is all good and all says its fine.



I can enrol from self service and the Mac shows in Azure as registered but then it never seems to talk to InTune to pass on the computer details and become compliant.



Is anyone else having trouble with this? I use version 1.5 of company portal but have had this issue since version 1.1. It worked once for one device but now its fully broken and nothing enrols correctly.



Any help would be amazing as even Microsoft have no idea and the case is still ongoing.

We are having Company Portal Enrollment inconsistency issues mostly for existing Intune Enrolled users, whenever we tried to enroll in JAMF door existing Intune Enrolled users, it always a pain. So I always remove Intune Profile from System Preferences and delete Devices from Azure. But Everytime I used to enroll Company Portal from Self Service always throws error Company Portal Retry, Ok and Report.



I tried to delete devices from Azure many times and tried to remove keychain item /Library/Keychains/aspd.keychain, every time when I tried to enroll Company Portal from Self Service.I always see Report ,Ok and Retry . I checked in Azure logs , failure reason is JAMF Native macOS Connector, strange part is this issue only arising for Intune Enrolled users, sometime it works after removing and adding Device ,But for one off user I tried many things for couple of time. unfortunately there is no success.. do anyone have there inputs on this. Or anyone can suggest what other troubleshooting I can perform.. even I tried to check device compliance in portal.manage.microsoft.com .I found nothing. even we reset user system password but still there was no success.



I am left with no options as what I feel but I am wondering if anyone can provide expert advice, will be great help for sure..

I'm having my own InTune problems so I was pointed to this thread. I'm not seeing the same issue, but I learned a lot by the file locations and keychain items. The keychain items triggered a new thought: Since keychains are fragile like tissue paper, what happens when we have to blow out a user's keychain to fix other problems and the user tries to use their Office 365 apps without the various keychain items inserted by InTune registration? Will the user need to redo the whole process or are there easier ways of getting them back to normal as far as InTune is concerned?

@AVmcclint - I can share some of what we are seeing internally. We've setup our Macs with the LAPS solution from GitHub for the purpose of providing a local admin password option in certain account management troubleshooting scenarios. Now that we've introduced Intune registration into the mix we've determined that if the LAPS account is used to log into the Mac this will break Intune registration for the main user account. Apparently, LAPS isn't playing nicely with the JamfAAD keychain entry (or maybe its just tissue paper) and this is causing us to have to delete these impacted devices from Intune and ask our users to register thru the Company Portal again. In fact, we're doing quite a bit of Intune device deletion in general whenever a Mac is handed in by an employee and rebuilt for another employee - or if said employee has a Mac in a state that just requires a rebuild. We're spending quite a bit of time deleting device records from Intune because deleting a device from the Jamf console doesn't carry over to Intune and subsequent Intune registration attempts fails.

Hey @txhaflaire ,



can't see this in JamF. (attached Image) Everything else looks the same as you have described it.
In intune my mac is shown as uncomplient.



Do you have any idea what i can do?



Best regards
Felix



Okay. One Device now is shown as complient, the other one isn't.



Non of them are shown in jamf like in the picture above.

Reply


Terms & ConditionsCookie settings