Help

AAD Registration - objects no longer being created in Intune

Go to solution
verticalben
New Contributor III

Posted on ‎02-09-2023 01:48 AM

Hi All,

We have been able to get our AAD Registration to work again, so users can enrol their device with Azure, Azure deems the device is Compliant, and satisfies Conditional Access/allows users to sign in.

Prior to the 10.43 update, this process would create an object in Azure AD under the user's name, and it would also show in Intune, with the "Managed by" field showing as Jamf. It would also create an attribute in Jamf Pro for the "Computer Azure Active Directory ID".

Screenshot 2023-02-09 at 09.45.25.png

After the 10.43 update, an object is still being created in AAD, and marked as Compliant, but I'm now not having anything come up in Intune. Not the end of the world, but we're also not getting an attribute in Jamf Pro now for the "Computer Azure Active Directory ID" - this is more problematic, as we use Smart Groups to determine which devices have registered - now we don't have any visibility of this in Jamf Pro.

Has anyone seen this since the update?

Thanks in advance.

0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
verticalben
New Contributor III

Posted on ‎02-13-2023 03:37 AM

Jamf Support have confirmed that, with the 10.43 update, registered devices now only show in AAD, and don't show in Intune anymore. As a result, there doesn't look to be any way to see in Jamf Pro which devices have AAD registered.

View solution in original post

Reply
10 REPLIES 10

Go to solution
piotrr
Contributor III

Posted on ‎02-09-2023 02:42 AM

When was the 10.43 update anyway? Because many Microsoft services have had outages these past few days, including Intune and enrollment. Some issues still remain within APAC and Australia. 

I won't swear that's what's affecting you, but I would at least give it more time. 

0 Kudos
Reply

Go to solution
verticalben
New Contributor III
In response to piotrr

Posted on ‎02-09-2023 02:44 AM

The update went live, for us, we think on 28th January. I've enrolled 4 devices since then, over the last 9 days or so, and unfortunately all show in AAD but none have entered Intune

0 Kudos
Reply

Go to solution
piotrr
Contributor III
In response to verticalben

Posted on ‎02-09-2023 02:46 AM

Okay, that sucks. Hold on, let me wipe one of my machines and see if I can reproduce this with you. 

Reply

Go to solution
piotrr
Contributor III
In response to verticalben

Posted on ‎02-09-2023 02:48 AM

Oh actually before I do that - have you searched for the devices in Intune - perhaps by listing all Macs sorted by enroll date, to see if the devices are registered but not connected to the user? 

0 Kudos
Reply

Go to solution
verticalben
New Contributor III
In response to piotrr

Posted on ‎02-09-2023 02:58 AM

I've been searching based on the device's machine names in Intune. I just ticked the option for Enrollment date in Intune, and interestingly the Jamf devices don't show an Enrollment date. Perhaps because they weren't technically enrolled with Intune?

I have three devices in Intune that are Jamf managed, and all three show a Last check-in of three days ago. Wondering if something has gone awry with our set up again, even though we haven't made any changes.

0 Kudos
Reply

Go to solution
piotrr
Contributor III
In response to verticalben

Posted on ‎02-09-2023 03:56 AM

I started a wipe of my machine, removed it from Intune and AzureAD, removed it from Jamf, reinstalled it, enrolled it again (ADE), went through Jamf Connect, ran the Intune Integration in Self Service and the machine is now registered in AzureAD and Intune, the Manage link on the device in AAD leads to the Intune object. It took a microsoft moment, but it's there. I did for a moment see what you saw: AAD listed the device as Compliant before it was visible in Intune. 


One peculiarity for all of our machines in Intune though is that they only have "Enrolled by" user, there is no "Primary user" listed, and never has been for us. 

0 Kudos
Reply

Go to solution
piotrr
Contributor III
In response to verticalben

Posted on ‎02-09-2023 03:59 AM

I see the same - no enrollment date for Jamf Macs in Intune device listings, but it _is_ visible on the Device screen, hardware category. My Azure consultant says it's because the device _isn't_ enrolled - in Intune. It's enrolled in Jamf. I still think if the information is there, it should be in the lists too. 

piotrr_0-1675943948803.png

 

0 Kudos
Reply

Go to solution
verticalben
New Contributor III
In response to piotrr

Posted on ‎02-09-2023 04:16 AM

Thanks for your efforts with reproducing it. If I look in AAD at ours, the Manage button is greyed out:

Screenshot 2023-02-09 at 12.15.39.png

The device does show up in AAD as Compliant, and users can access company resources as our C.A policies are happy the device is compliant. Just really odd that they no longer show up in Intune, and a Computer AAD ID isn't being fed back into Jamf Pro

0 Kudos
Reply

Go to solution
verticalben
New Contributor III

Posted on ‎02-13-2023 03:37 AM

Jamf Support have confirmed that, with the 10.43 update, registered devices now only show in AAD, and don't show in Intune anymore. As a result, there doesn't look to be any way to see in Jamf Pro which devices have AAD registered.

Reply

Go to solution
piotrr
Contributor III
In response to verticalben

Posted on ‎02-14-2023 01:43 AM

Must be like an intermittent thing, or in certain scenarios only. Because I onboarded a new Mac yesterday and it shows up in Intune and a working Manage link from AAD. 

0 Kudos
Reply