Help

Intune Company Portal Self Service

RSM
New Contributor II

Posted on ‎07-01-2022 10:55 AM

New JAMF customer and trying to figure things out. Initially I was deploying Intune Company portal like this: https://docs.jamf.com/technical-papers/jamf-pro/microsoft-intune/10.36.0/Deploying_the_Company_Porta...

But then in this link it states Users must launch company portal from the self service tab and warns about launching it from applications.

https://docs.jamf.com/technical-papers/jamf-pro/microsoft-intune/10.36.0/Creating_a_Policy_Directing...

 

I've been unable to get Company portal to appear on self service. On the JAMF PRO Policy I selected  Self Service as a trigger for the package and on Mac Apps I also added the Company Portal app form the Jamf App Catalog.  So far I do not see the company portal appearing in the Self Service.  Am I missing something? Is the documentation correct on only register from the Self Service app?

Thanks

 

 

0 Kudos
Reply
16 REPLIES 16

AJPinto
Esteemed Contributor

Posted on ‎07-01-2022 11:48 AM

Check your Scopes. Make sure the device you are testing on is scoped for the policies. 

Reply

RSM
New Contributor II

Posted on ‎07-01-2022 12:11 PM

it's scoped, and it's installed to the Applications folder but don't see any self service appearance. Is there a "kick start" to force Jamf to reconnect and download software? It seems typical to wait hours for a download to occur.

0 Kudos
Reply

AJPinto
Esteemed Contributor
In response to RSM

Posted on ‎07-01-2022 12:16 PM

You need two policies. One to install Comp Portal, and a second policy for macOS Intune Registration. The registration policy runs the comp portal with a CLI switch to register with Azure.

*The Azure (intune/endpoint) registration basically just runs this command /usr/local/jamf/bin/jamfAAD registerWithIntune.

 

AJPinto_0-1656702887519.png

 

 

Reply

RSM
New Contributor II

Posted on ‎07-01-2022 12:26 PM

Thanks, I believe I have both. Are you saying the registration is automated once installed and does not require the user to launch company portal and logon?   I had been manually launching in applications and registering manually until I saw the KBs above. They point to doing in self service but I'm missing the app in there. Right not I just have some office apps I provisioned under MAC Apps.

0 Kudos
Reply

RSM
New Contributor II
In response to RSM

Posted on ‎07-01-2022 12:29 PM

I've made the Registration Policy visible in Self Service too but don't see that either. Self service problem?

RSM_1-1656703752469.png

 

0 Kudos
Reply

AJPinto
Esteemed Contributor
In response to RSM

‎07-01-2022 12:31 PM - edited ‎07-01-2022 12:37 PM

What is your scope? Also make sure you have the Intune registration payload on the policy. 

Intune/Comp Portal policy

AJPinto_3-1656704052579.png

AJPinto_4-1656704073612.png

AJPinto_5-1656704086482.png

 

Registration Policy

AJPinto_0-1656703969836.png

AJPinto_1-1656703981470.png

AJPinto_2-1656703989896.png

Self Service

I have the intune/comp portal in selfservice and use a custom trigger, just how I want to do it. Then the Azure/Intune Registration which should be in selfservice.

*Pickle rick is legit and professional.

AJPinto_7-1656704253118.png

 

 

Reply

AJPinto
Esteemed Contributor
In response to RSM

Posted on ‎07-01-2022 12:30 PM

 Dont manually launch the comp portal. That workflow is to directly enroll a device with Intune/Endpoint. You must use the Azure/Intune registration policy from JAMF. 

It is recommended to put the Azure/Intune registration policy in selfservice so the user can control it. However, you could have it set to run automatically. The users would just get a surprise popup. 

 

JAMF calls it Intune Registration. Technically Intune has been rebranded to endpoint, and the registration is happening with Azure not Endpoint. This is why I keep putting both names. 

Reply

RSM
New Contributor II
In response to AJPinto

Posted on ‎07-01-2022 12:37 PM

Looking at Self service in history I see Device Registration Policy installed 6/29 and Company portal installed 6/30 (Out of sequence). Should I be seeing an icon for company portal or registration in Self Service? Do notifications need to ne enabled? Says I need a proxy token if they do.

0 Kudos
Reply

AJPinto
Esteemed Contributor
In response to RSM

Posted on ‎07-01-2022 12:45 PM

  • You need to sort JAMF policy history. Its dumb but its not auto sorted by date. 
  • Icons need to be manually created and uploaded. You can use things like Show ME your ID 2.0 if you dont want to manually make the icons, but I suggest playing with making them manually
  • Notifications are up to you and your employer. Though you not having a proxy token is a bit concerning. Was your environment fully setup before you took over?

HCS Technology Group - Show Me Your ID 2.0 (hcsonline.com)

Reply

RSM
New Contributor II

Posted on ‎07-01-2022 12:55 PM

This is a new deployment with no JAMF history.  I do have a push cert that expires next year but not sure what the notifications mean or if I want it. Main goal is to be able to enroll macs and enforce conditional access and SSO.  Seem to have SSO working (except the 2.13 update broke it completely) and now trying to get a handle on the registration process. Think I would prefer the manual vs. auto as we may have multiple users logging in (like an admin) but would only want one to register. Thanks for the guidance so far!  

0 Kudos
Reply

RSM
New Contributor II

Posted on ‎07-01-2022 01:00 PM

looking through your pics, the custom event "Install Intune", what is that? The user clicking? I'll take some screen shots...

 

0 Kudos
Reply

AJPinto
Esteemed Contributor
In response to RSM

Posted on ‎07-01-2022 01:06 PM

I usually make multiple policies for the same thing depending on how it is to be installed. 

  • Force for when the policy is to be forced for whatever reason. Will use recurring checkin, whatever interval and smart/static groups
  • On Demand for when I want the policy to be manually called. SelfService and Custom triggers (For terminal installs) fall here.

The thing you noticed for Install_Intune is so I can call the policy from terminal if I need to. Say I want to SSH a device and run sudo jamf policy -event isntall_intune it will run the policy on the spot. Its easier to remember something like Install_Intune than it is to remember a policy ID.

Reply

RSM
New Contributor II
In response to AJPinto

‎07-01-2022 01:15 PM - edited ‎07-01-2022 01:21 PM

Some progress (then maybe a screw up). So I finally saw a device registration menu option appear and I clicked and it did launch company portal but I hit cancel because I wasn't logged in with the account I wanted to register. I got a message registration failed and the option disappeared. Normal behavior?

0 Kudos
Reply

AJPinto
Esteemed Contributor
In response to RSM

Posted on ‎07-01-2022 02:00 PM

Yep, you canceled out of registration. If you get through registration and get that error, its really not fun. JAMF will want you on 10.37 to get a webconsole to troubleshoot intune. Microsoft has no idea comp portal on macOS works. Ya, not fun.

Reply

RSM
New Contributor II
In response to AJPinto

Posted on ‎07-01-2022 02:25 PM

awesome. I will probably just wipe the computer again. So that's a one shot deal? None of this has been fun 🤐 . Trying to figure this out has been disappointing. Thanks for all your input!

0 Kudos
Reply

RSM
New Contributor II
In response to RSM

Posted on ‎07-01-2022 01:07 PM

1.JPG

2.JPG

3.JPG

4.JPG

5.JPG

6.JPG

7.JPG

0 Kudos
Reply
Back to Top