Jamf Nation Community

@barrycuda Here's an EA that will tell you the state of the Jamf AAD configuration:

#!/bin/sh

# Originally written by Ben Whitis - 08/11/2022
# Revised by @sdagley 2023-09-27

# EA - Intune Registration Status
#	Returns one of the following:
# 		"Not Registered"
# 			No MSOrganizationAccess certificate found so user has not enrolled via Company Portal
# 		"Registered"
# 			Enrolled with Company Portal and Jamf AAD
# 		"MSOrganizationAccessCert present but AAD ID not acquired"
# 			User has enrolled with Company Portal but Jamf AAD enrollment not completed
# 		"MSOrganizationAccess Cert present but JamfAAD Plist missing"
# 			User has enrolled with Company Portal but Jamf AAD settings file not found

loggedInUser=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ && ! /loginwindow/ { print $3 }' )

# Presume not registered
result="Not Registered"

# Check if MSOrganizationAccess certificate is present
MSOrganizationAccessCert=$(security dump "/Users/$loggedInUser/Library/Keychains/login.keychain-db" | grep MS-ORGANIZATION-ACCESS)
if [ -n "$MSOrganizationAccessCert" ]; then
	# MSOrganizationAccess certificate is present, check if jamfAAD plist exists
	jamfAADPlist="/Users/$loggedInUser/Library/Preferences/com.jamf.management.jamfAAD.plist"
  
	if [ -f "$jamfAADPlist" ]; then
		# jamfAAD.plist exists, check if jamfAAD has acquired AAD ID
		AAD_ID=$(defaults read  "/Users/$loggedInUser/Library/Preferences/com.jamf.management.jamfAAD.plist" have_an_Azure_id)

		if [ "$AAD_ID" -eq "1" ]; then
			# jamfAAD ID exists
			result="Registered"
		else
			# MSOrganizationAccess certificate is present but no AAD ID acquired:
			result="MSOrganizationAccessCert Present but AAD ID not acquired"
		fi

	else
		# jamfAAD.plist doesn't exist
		result="MSOrganizationAccess Cert present but JamfAAD Plist missing"
	fi
fi

echo "<result>$result</result>"

My thanks to Jeff Anderson on MacAdmins Slack who originally let me know about Ben's original version of this EA