Skip to main content

Last week I set up the conditional access integration with Jamf, 2 test machines were added successfully, JamfAAD popup appeared and I was able to go through the authorization process in the keychain, then I registered another 10 machines, this time of other employees, but as I assume due to the fact that their main browser was not Safari, they did not receive a JamfAAD window during registration.

I thought that if they do it later (when logging in, for example, to office.com, mac asks for a certificate) there will be no problem, but today, after the weekend, I noticed that the machines do not report their status in Intune, as shown in the screenshots, the first one is my test Mac which I managed to add successfully, the second is another employee who does not report the status, does anyone know how can I fix it? 

Today I decide to make some test with some custom settings for SSO Extention & JamfAAD, but as you can guess popup window still did not show up.

  • My mac

  • Other employee mac


I also include my current config for CA Integration 

  • JamfAAD Configuration

  •  SSO Extention

I also use This Extention Attribute to check status, and for example on broken mac it gives me:
WPJ Key present, JamfAAD PLIST missing from user home: /Users/XXX
Which I understand clearly indicates a problem as the user has not gone through the Key Chain process

End users didnt get this JamfAAD window

 

 

if you're using Device Compliance and already have the SSO Configuration profile, you won't get the JAMFAAD Prompt.  you just need to sign in Company Portal.

if you're using Device Compliance and already have the SSO Configuration profile, you won't get the JAMFAAD Prompt.  you just need to sign in Company Portal.


this doesn't work, as you can see in the screenshots I attached to the post, macs didn't send compliance status, also extension attribute indicates a problem

you might want to take a look here

https://learn.jamf.com/en-US/bundle/technical-paper-microsoft-intune-current/page/Creating_a_Policy_Directing_Users_to_Register_Mac_Computers_with_Azure_Active_Directory.html#ariaid-title2

I end up create a profile and force eveyone to use Webview so it popup no matter what browser they are using.

 

you might want to take a look here

https://learn.jamf.com/en-US/bundle/technical-paper-microsoft-intune-current/page/Creating_a_Policy_Directing_Users_to_Register_Mac_Computers_with_Azure_Active_Directory.html#ariaid-title2

I end up create a profile and force eveyone to use Webview so it popup no matter what browser they are using.

 


already did that, I noticed that if execute this commands from terminal
sudo jamf manage and
/usr/local/jamf/bin/jamfAAD registerWithIntune
it works (tested on fresh enroll, and it only works when safari set as a default browser)

 

i use this profile, it takes away the need for defining a browser. i was having a ton of issues and this was the key contributor to resolving most of them. 

 

 

i use this profile, it takes away the need for defining a browser. i was having a ton of issues and this was the key contributor to resolving most of them. 

 

 


I had this issue as well (the JAMF AAD window didn't show) and I had to remove the Platform SSO extension that I was testing and then it registered OK for the users.  I wish I could get pSSO working as I have some MS users that are web users only, but it is causing several problems for me 

Terms & ConditionsCookie settings