Check your Scopes. Make sure the device you are testing on is scoped for the policies.
it's scoped, and it's installed to the Applications folder but don't see any self service appearance. Is there a "kick start" to force Jamf to reconnect and download software? It seems typical to wait hours for a download to occur.
it's scoped, and it's installed to the Applications folder but don't see any self service appearance. Is there a "kick start" to force Jamf to reconnect and download software? It seems typical to wait hours for a download to occur.
You need two policies. One to install Comp Portal, and a second policy for macOS Intune Registration. The registration policy runs the comp portal with a CLI switch to register with Azure.
*The Azure (intune/endpoint) registration basically just runs this command /usr/local/jamf/bin/jamfAAD registerWithIntune.
Thanks, I believe I have both. Are you saying the registration is automated once installed and does not require the user to launch company portal and logon? I had been manually launching in applications and registering manually until I saw the KBs above. They point to doing in self service but I'm missing the app in there. Right not I just have some office apps I provisioned under MAC Apps.
Thanks, I believe I have both. Are you saying the registration is automated once installed and does not require the user to launch company portal and logon? I had been manually launching in applications and registering manually until I saw the KBs above. They point to doing in self service but I'm missing the app in there. Right not I just have some office apps I provisioned under MAC Apps.
I've made the Registration Policy visible in Self Service too but don't see that either. Self service problem?
Thanks, I believe I have both. Are you saying the registration is automated once installed and does not require the user to launch company portal and logon? I had been manually launching in applications and registering manually until I saw the KBs above. They point to doing in self service but I'm missing the app in there. Right not I just have some office apps I provisioned under MAC Apps.
Dont manually launch the comp portal. That workflow is to directly enroll a device with Intune/Endpoint. You must use the Azure/Intune registration policy from JAMF.
It is recommended to put the Azure/Intune registration policy in selfservice so the user can control it. However, you could have it set to run automatically. The users would just get a surprise popup.
JAMF calls it Intune Registration. Technically Intune has been rebranded to endpoint, and the registration is happening with Azure not Endpoint. This is why I keep putting both names.
I've made the Registration Policy visible in Self Service too but don't see that either. Self service problem?
What is your scope? Also make sure you have the Intune registration payload on the policy.
Intune/Comp Portal policy
Registration Policy
Self Service
I have the intune/comp portal in selfservice and use a custom trigger, just how I want to do it. Then the Azure/Intune Registration which should be in selfservice.
*Pickle rick is legit and professional.
Dont manually launch the comp portal. That workflow is to directly enroll a device with Intune/Endpoint. You must use the Azure/Intune registration policy from JAMF.
It is recommended to put the Azure/Intune registration policy in selfservice so the user can control it. However, you could have it set to run automatically. The users would just get a surprise popup.
JAMF calls it Intune Registration. Technically Intune has been rebranded to endpoint, and the registration is happening with Azure not Endpoint. This is why I keep putting both names.
Looking at Self service in history I see Device Registration Policy installed 6/29 and Company portal installed 6/30 (Out of sequence). Should I be seeing an icon for company portal or registration in Self Service? Do notifications need to ne enabled? Says I need a proxy token if they do.
Looking at Self service in history I see Device Registration Policy installed 6/29 and Company portal installed 6/30 (Out of sequence). Should I be seeing an icon for company portal or registration in Self Service? Do notifications need to ne enabled? Says I need a proxy token if they do.
- You need to sort JAMF policy history. Its dumb but its not auto sorted by date.
- Icons need to be manually created and uploaded. You can use things like Show ME your ID 2.0 if you dont want to manually make the icons, but I suggest playing with making them manually
- Notifications are up to you and your employer. Though you not having a proxy token is a bit concerning. Was your environment fully setup before you took over?
HCS Technology Group - Show Me Your ID 2.0 (hcsonline.com)
This is a new deployment with no JAMF history. I do have a push cert that expires next year but not sure what the notifications mean or if I want it. Main goal is to be able to enroll macs and enforce conditional access and SSO. Seem to have SSO working (except the 2.13 update broke it completely) and now trying to get a handle on the registration process. Think I would prefer the manual vs. auto as we may have multiple users logging in (like an admin) but would only want one to register. Thanks for the guidance so far!
looking through your pics, the custom event "Install Intune", what is that? The user clicking? I'll take some screen shots...
looking through your pics, the custom event "Install Intune", what is that? The user clicking? I'll take some screen shots...
I usually make multiple policies for the same thing depending on how it is to be installed.
- Force for when the policy is to be forced for whatever reason. Will use recurring checkin, whatever interval and smart/static groups
- On Demand for when I want the policy to be manually called. SelfService and Custom triggers (For terminal installs) fall here.
The thing you noticed for Install_Intune is so I can call the policy from terminal if I need to. Say I want to SSH a device and run sudo jamf policy -event isntall_intune it will run the policy on the spot. Its easier to remember something like Install_Intune than it is to remember a policy ID.
looking through your pics, the custom event "Install Intune", what is that? The user clicking? I'll take some screen shots...
I usually make multiple policies for the same thing depending on how it is to be installed.
- Force for when the policy is to be forced for whatever reason. Will use recurring checkin, whatever interval and smart/static groups
- On Demand for when I want the policy to be manually called. SelfService and Custom triggers (For terminal installs) fall here.
The thing you noticed for Install_Intune is so I can call the policy from terminal if I need to. Say I want to SSH a device and run sudo jamf policy -event isntall_intune it will run the policy on the spot. Its easier to remember something like Install_Intune than it is to remember a policy ID.
Some progress (then maybe a screw up). So I finally saw a device registration menu option appear and I clicked and it did launch company portal but I hit cancel because I wasn't logged in with the account I wanted to register. I got a message registration failed and the option disappeared. Normal behavior?
Some progress (then maybe a screw up). So I finally saw a device registration menu option appear and I clicked and it did launch company portal but I hit cancel because I wasn't logged in with the account I wanted to register. I got a message registration failed and the option disappeared. Normal behavior?
Yep, you canceled out of registration. If you get through registration and get that error, its really not fun. JAMF will want you on 10.37 to get a webconsole to troubleshoot intune. Microsoft has no idea comp portal on macOS works. Ya, not fun.
Yep, you canceled out of registration. If you get through registration and get that error, its really not fun. JAMF will want you on 10.37 to get a webconsole to troubleshoot intune. Microsoft has no idea comp portal on macOS works. Ya, not fun.
awesome. I will probably just wipe the computer again. So that's a one shot deal? None of this has been fun 🤐 . Trying to figure this out has been disappointing. Thanks for all your input!
