Skip to main content
Solved

Updated Intune Extension Attribute/Smart Group

  • February 7, 2023
  • 6 replies
  • 89 views
spesh
Forum|alt.badge.img+8

I found this thread for an Intune EA, but am getting conflicting information. I check if a user is enrolled in Jamf by navigating to their computer, clicking the History tab, then navigating to macOS Intune Integration Logs. The extension attribute will return "None" despite the user being enrolled with Intune (see screenshots attached). 

 

 

I have tried to find documentation on creating a smart group based upon the Intune Integration reporting Jamf already has, but have not been able to find any. I also quickly glanced through the Jamf Pro API reference and documentation to see if this could be accomplished via the API but was unsuccessful. 

Any help would be appreciated! Thank you for your time! 

Best answer by jhalvorson

I use this EA for Intune Registration:

https://github.com/benwhitis/Jamf_Conditional_Access/blob/main/EA_registrationStatus

Additional background info is available here:https://community.jamf.com/t5/tech-thoughts/macos-conditional-access-best-practices/ba-p/273760

    6 replies

    J
    Forum|alt.badge.img+26
    • jhalvorson
    • Honored Contributor
    • Answer
    • February 8, 2023

    I use this EA for Intune Registration:

    https://github.com/benwhitis/Jamf_Conditional_Access/blob/main/EA_registrationStatus

    Additional background info is available here:https://community.jamf.com/t5/tech-thoughts/macos-conditional-access-best-practices/ba-p/273760

    spesh
    spesh
    Forum|alt.badge.img+8
    • spesh
    • Author
    • Jamf Heroes
    • February 10, 2023

    I use this EA for Intune Registration:

    https://github.com/benwhitis/Jamf_Conditional_Access/blob/main/EA_registrationStatus

    Additional background info is available here:https://community.jamf.com/t5/tech-thoughts/macos-conditional-access-best-practices/ba-p/273760


    That so far has worked perfectly. Thank you so much! 

    V
    Forum|alt.badge.img+5
    • verticalben
    • New Contributor
    • February 13, 2023

    That so far has worked perfectly. Thank you so much! 


    Hi guys, thanks for this, I've set up the EA but it's coming up blank in the computer's inventory. Does it take a long time to sync?

    DMH2000
    Forum|alt.badge.img+7
    • DMH2000
    • Valued Contributor
    • June 1, 2023

    I set up the EA but do not see "aad registration state" criteria to pick from. And like @verticalben my EA is blank for all computers that recently checked in.  Is the"aad registration state" criteria something that needs to be added? How is it added?

    spesh
    Forum|alt.badge.img+8
    • spesh
    • Author
    • Jamf Heroes
    • June 1, 2023

    @verticalben @DMH2000 A few things have changed since posting this. Overall, I personally stopped trying to track Intune integration as I continued receiving conflicting information. 

    I know Jamf has changed conditional access integration, and will be stopping support for it in estimated late 2023. If you go to Settings → Global → Conditional Access, you can see the warning message directly from them. Now its device compliance, and from what I gather, you select a smart group to base compliance off of which then sends a true/false to Intune. I could be wrong about that. 

    Jamf also changed the binary for Azure Active Directory integration from jamfAAD to Jamf Conditional Access which can be found here: 

    /Library/Application Support/JAMF/Jamf.app/Contents/MacOS/Jamf Conditional Access.app/Contents/MacOS/Jamf Conditional Access

    The last thing I will say is that when I was using the EA from the GitHub repo in the solution, I did notice it took longer than expected to populate that information. Doesn't entirely surprise me because of how difficult Intune has been, but not sure if Intune is just problematic for my company or if its a disaster for everyone else. 

    DMH2000
    bern
    DMH2000
    Forum|alt.badge.img+7
    • DMH2000
    • Valued Contributor
    • June 1, 2023

    @spesh Thank you! Yeah, my manager had us looking at Intune MDM for Mac... I think I'd retire first before going there!!!  Thank you for the explanation, and yes I did see that warning message... Another bucket of worms.

    Terms & ConditionsCookie settingsAccessibility statement