AAD Registration - objects no longer being created in Intune

verticalben
New Contributor III

Hi All,

We have been able to get our AAD Registration to work again, so users can enrol their device with Azure, Azure deems the device is Compliant, and satisfies Conditional Access/allows users to sign in.

Prior to the 10.43 update, this process would create an object in Azure AD under the user's name, and it would also show in Intune, with the "Managed by" field showing as Jamf. It would also create an attribute in Jamf Pro for the "Computer Azure Active Directory ID".

Screenshot 2023-02-09 at 09.45.25.png

After the 10.43 update, an object is still being created in AAD, and marked as Compliant, but I'm now not having anything come up in Intune. Not the end of the world, but we're also not getting an attribute in Jamf Pro now for the "Computer Azure Active Directory ID" - this is more problematic, as we use Smart Groups to determine which devices have registered - now we don't have any visibility of this in Jamf Pro.

Has anyone seen this since the update?

Thanks in advance.

1 ACCEPTED SOLUTION

verticalben
New Contributor III

Jamf Support have confirmed that, with the 10.43 update, registered devices now only show in AAD, and don't show in Intune anymore. As a result, there doesn't look to be any way to see in Jamf Pro which devices have AAD registered.

View solution in original post

10 REPLIES 10

piotrr
Contributor III

When was the 10.43 update anyway? Because many Microsoft services have had outages these past few days, including Intune and enrollment. Some issues still remain within APAC and Australia. 

I won't swear that's what's affecting you, but I would at least give it more time. 

verticalben
New Contributor III

The update went live, for us, we think on 28th January. I've enrolled 4 devices since then, over the last 9 days or so, and unfortunately all show in AAD but none have entered Intune

Okay, that sucks. Hold on, let me wipe one of my machines and see if I can reproduce this with you. 

Oh actually before I do that - have you searched for the devices in Intune - perhaps by listing all Macs sorted by enroll date, to see if the devices are registered but not connected to the user? 

verticalben
New Contributor III

I've been searching based on the device's machine names in Intune. I just ticked the option for Enrollment date in Intune, and interestingly the Jamf devices don't show an Enrollment date. Perhaps because they weren't technically enrolled with Intune?

I have three devices in Intune that are Jamf managed, and all three show a Last check-in of three days ago. Wondering if something has gone awry with our set up again, even though we haven't made any changes.

I started a wipe of my machine, removed it from Intune and AzureAD, removed it from Jamf, reinstalled it, enrolled it again (ADE), went through Jamf Connect, ran the Intune Integration in Self Service and the machine is now registered in AzureAD and Intune, the Manage link on the device in AAD leads to the Intune object. It took a microsoft moment, but it's there. I did for a moment see what you saw: AAD listed the device as Compliant before it was visible in Intune. 


One peculiarity for all of our machines in Intune though is that they only have "Enrolled by" user, there is no "Primary user" listed, and never has been for us. 

I see the same - no enrollment date for Jamf Macs in Intune device listings, but it _is_ visible on the Device screen, hardware category. My Azure consultant says it's because the device _isn't_ enrolled - in Intune. It's enrolled in Jamf. I still think if the information is there, it should be in the lists too. 

piotrr_0-1675943948803.png

 

verticalben
New Contributor III

Thanks for your efforts with reproducing it. If I look in AAD at ours, the Manage button is greyed out:

Screenshot 2023-02-09 at 12.15.39.png

The device does show up in AAD as Compliant, and users can access company resources as our C.A policies are happy the device is compliant. Just really odd that they no longer show up in Intune, and a Computer AAD ID isn't being fed back into Jamf Pro

verticalben
New Contributor III

Jamf Support have confirmed that, with the 10.43 update, registered devices now only show in AAD, and don't show in Intune anymore. As a result, there doesn't look to be any way to see in Jamf Pro which devices have AAD registered.

Must be like an intermittent thing, or in certain scenarios only. Because I onboarded a new Mac yesterday and it shows up in Intune and a working Manage link from AAD.