Posted on 07-01-2022 10:55 AM
New JAMF customer and trying to figure things out. Initially I was deploying Intune Company portal like this: https://docs.jamf.com/technical-papers/jamf-pro/microsoft-intune/10.36.0/Deploying_the_Company_Porta...
But then in this link it states Users must launch company portal from the self service tab and warns about launching it from applications.
I've been unable to get Company portal to appear on self service. On the JAMF PRO Policy I selected Self Service as a trigger for the package and on Mac Apps I also added the Company Portal app form the Jamf App Catalog. So far I do not see the company portal appearing in the Self Service. Am I missing something? Is the documentation correct on only register from the Self Service app?
Thanks
Posted on 07-01-2022 11:48 AM
Check your Scopes. Make sure the device you are testing on is scoped for the policies.
Posted on 07-01-2022 12:11 PM
it's scoped, and it's installed to the Applications folder but don't see any self service appearance. Is there a "kick start" to force Jamf to reconnect and download software? It seems typical to wait hours for a download to occur.
Posted on 07-01-2022 12:16 PM
You need two policies. One to install Comp Portal, and a second policy for macOS Intune Registration. The registration policy runs the comp portal with a CLI switch to register with Azure.
*The Azure (intune/endpoint) registration basically just runs this command /usr/local/jamf/bin/jamfAAD registerWithIntune.
Posted on 07-01-2022 12:26 PM
Thanks, I believe I have both. Are you saying the registration is automated once installed and does not require the user to launch company portal and logon? I had been manually launching in applications and registering manually until I saw the KBs above. They point to doing in self service but I'm missing the app in there. Right not I just have some office apps I provisioned under MAC Apps.
Posted on 07-01-2022 12:29 PM
I've made the Registration Policy visible in Self Service too but don't see that either. Self service problem?
07-01-2022 12:31 PM - edited 07-01-2022 12:37 PM
What is your scope? Also make sure you have the Intune registration payload on the policy.
Intune/Comp Portal policy
Registration Policy
Self Service
I have the intune/comp portal in selfservice and use a custom trigger, just how I want to do it. Then the Azure/Intune Registration which should be in selfservice.
*Pickle rick is legit and professional.
Posted on 07-01-2022 12:30 PM
Dont manually launch the comp portal. That workflow is to directly enroll a device with Intune/Endpoint. You must use the Azure/Intune registration policy from JAMF.
It is recommended to put the Azure/Intune registration policy in selfservice so the user can control it. However, you could have it set to run automatically. The users would just get a surprise popup.
JAMF calls it Intune Registration. Technically Intune has been rebranded to endpoint, and the registration is happening with Azure not Endpoint. This is why I keep putting both names.
Posted on 07-01-2022 12:37 PM
Looking at Self service in history I see Device Registration Policy installed 6/29 and Company portal installed 6/30 (Out of sequence). Should I be seeing an icon for company portal or registration in Self Service? Do notifications need to ne enabled? Says I need a proxy token if they do.
Posted on 07-01-2022 12:45 PM
Posted on 07-01-2022 12:55 PM
This is a new deployment with no JAMF history. I do have a push cert that expires next year but not sure what the notifications mean or if I want it. Main goal is to be able to enroll macs and enforce conditional access and SSO. Seem to have SSO working (except the 2.13 update broke it completely) and now trying to get a handle on the registration process. Think I would prefer the manual vs. auto as we may have multiple users logging in (like an admin) but would only want one to register. Thanks for the guidance so far!
Posted on 07-01-2022 01:00 PM
looking through your pics, the custom event "Install Intune", what is that? The user clicking? I'll take some screen shots...
Posted on 07-01-2022 01:06 PM
I usually make multiple policies for the same thing depending on how it is to be installed.
The thing you noticed for Install_Intune is so I can call the policy from terminal if I need to. Say I want to SSH a device and run sudo jamf policy -event isntall_intune it will run the policy on the spot. Its easier to remember something like Install_Intune than it is to remember a policy ID.
07-01-2022 01:15 PM - edited 07-01-2022 01:21 PM
Some progress (then maybe a screw up). So I finally saw a device registration menu option appear and I clicked and it did launch company portal but I hit cancel because I wasn't logged in with the account I wanted to register. I got a message registration failed and the option disappeared. Normal behavior?
Posted on 07-01-2022 02:00 PM
Yep, you canceled out of registration. If you get through registration and get that error, its really not fun. JAMF will want you on 10.37 to get a webconsole to troubleshoot intune. Microsoft has no idea comp portal on macOS works. Ya, not fun.
Posted on 07-01-2022 02:25 PM
awesome. I will probably just wipe the computer again. So that's a one shot deal? None of this has been fun 🤐 . Trying to figure this out has been disappointing. Thanks for all your input!
Posted on 07-01-2022 01:07 PM