We are in the process of setting up Jamf Pro and added our Azure tenant as a cloud IDP.
Jamf Connect has been setup so we are able to sign into the device with our AAD credentials and the account is synced with a local account on the device. This is working as expected.
I am slightly confused as the User and Location information is missing from the device inventory, should this not be pulling the information from our Azure cloud IDP?
Also is it possible to target applications/policies and configuration profiles with AAD groups?
Apologies if this is a simple answer however we are new to Jamf coming from a Windows background so slightly confused at the moment!
And you also need to make sure that the "Username" field is filled in on the device record. Otherwise the Directory Service information will not be pulled. The integration needs to have some data to query Azure AD with to pull back the user info. The Username field is not populated by default on Computer devices. You need to pull that info and send it up to Jamf Pro so that it gets populated.
You can see some ideas on how to pull that info from Jamf Connect in this post.
You would need to use the AAD group as a Limitation in the scoping tabs. On the Target tab you would scope to a Smart Group that included either all of your devices or a subset, and then utilize the "Directory Service User Groups" tab under the Limitations. This would then scope to that subset of devices, BUT limit it's "visibility" to members of that AAD group.
We have setup a test profile as per your instructions however the users are not appearing in the scope after adding all devices and then limiting to an AAD user group with 1 member. Have you tested this in your environment? How often does Jamf check AAD for group membership updates?
If you are deploying a User Level configuration profile, the user in that AAD group needs to be MDM enabled on that device. This Jamf Nation post discusses that.
Also, the logged in user on the device needs to match the user name identified on the device record in Jamf Pro. https://learn.jamf.com/bundle/jamf-pro-documentation-current/page/Scope.html
Hmm I have a policy, I targeted a subset of computers, in the limitation tab, i found the AAD group I want " which has 3 members" added in there and saved, the policy is not working as if I didn't scope it to anyone !
I suppose to see the package in that policy installed on those 3 members part of that AAD group, right? what did go wrong @stevewood ?