Jamf Nation Community

You need two policies. One to install Comp Portal, and a second policy for macOS Intune Registration. The registration policy runs the comp portal with a CLI switch to register with Azure.

*The Azure (intune/endpoint) registration basically just runs this command /usr/local/jamf/bin/jamfAAD registerWithIntune.

I've made the Registration Policy visible in Self Service too but don't see that either. Self service problem?

What is your scope? Also make sure you have the Intune registration payload on the policy. 

Intune/Comp Portal policy

Registration Policy

Self Service

I have the intune/comp portal in selfservice and use a custom trigger, just how I want to do it. Then the Azure/Intune Registration which should be in selfservice.

*Pickle rick is legit and professional.

 Dont manually launch the comp portal. That workflow is to directly enroll a device with Intune/Endpoint. You must use the Azure/Intune registration policy from JAMF. 

It is recommended to put the Azure/Intune registration policy in selfservice so the user can control it. However, you could have it set to run automatically. The users would just get a surprise popup. 

JAMF calls it Intune Registration. Technically Intune has been rebranded to endpoint, and the registration is happening with Azure not Endpoint. This is why I keep putting both names. 

Looking at Self service in history I see Device Registration Policy installed 6/29 and Company portal installed 6/30 (Out of sequence). Should I be seeing an icon for company portal or registration in Self Service? Do notifications need to ne enabled? Says I need a proxy token if they do.

• You need to sort JAMF policy history. Its dumb but its not auto sorted by date. 
• Icons need to be manually created and uploaded. You can use things like Show ME your ID 2.0 if you dont want to manually make the icons, but I suggest playing with making them manually
• Notifications are up to you and your employer. Though you not having a proxy token is a bit concerning. Was your environment fully setup before you took over?

HCS Technology Group - Show Me Your ID 2.0 (hcsonline.com)

I usually make multiple policies for the same thing depending on how it is to be installed. 

• Force for when the policy is to be forced for whatever reason. Will use recurring checkin, whatever interval and smart/static groups
• On Demand for when I want the policy to be manually called. SelfService and Custom triggers (For terminal installs) fall here.

The thing you noticed for Install_Intune is so I can call the policy from terminal if I need to. Say I want to SSH a device and run sudo jamf policy -event isntall_intune it will run the policy on the spot. Its easier to remember something like Install_Intune than it is to remember a policy ID.

Some progress (then maybe a screw up). So I finally saw a device registration menu option appear and I clicked and it did launch company portal but I hit cancel because I wasn't logged in with the account I wanted to register. I got a message registration failed and the option disappeared. Normal behavior?

Yep, you canceled out of registration. If you get through registration and get that error, its really not fun. JAMF will want you on 10.37 to get a webconsole to troubleshoot intune. Microsoft has no idea comp portal on macOS works. Ya, not fun.

awesome. I will probably just wipe the computer again. So that's a one shot deal? None of this has been fun 🤐 . Trying to figure this out has been disappointing. Thanks for all your input!