Jamf Nation Community

DJJazzyJamf · a week ago

Hello,

I have recently set up a device compliance connection between Jamf Pro and Intune. I was able to successfully register my test devices without issue so I pushed it out to a handful of IT users. When they try to register, they are receiving an error that states:

"Helpdesk support required

Your organization needs to enable partner device management for you before you can enroll. Please contact your helpdesk"

Our legacy conditional access policy is currently terminated and was never scoped out to any users, so I am unsure why this message appears. Any advice?

Shyamsundar · a week ago

While you register for Intune, you might have added the user AD group in SCope. if the users are not in the Group which you scoped, they will get this error, Please check and add the users to the AD group

View solution in original post

JMaximusPrime · a week ago

Hi DJJazzyJamf,

I'm in the same boat. We are new to Jamf and were also trying to associate our CAP in Azure with Jamf. We're running into the following error:

Robert092 · a week ago

that's not an Azure / Jamf Issue.

You might need to configure a SSO Extension and give the apps you want to use with SSO access to the credentials.

https://learn.microsoft.com/en-us/mem/intune/configuration/use-enterprise-sso-plug-in-macos-with-int...

in this case you need to add a custom plist with the bundleID of the Cisco Client

ks25 · a week ago

Hello all,

In Intune, we have to register the Jamf under 'Partner Device Management' session to work with device compliance partner. Hope this will help to register the device in Intune.

Shyamsundar · a week ago

While you register for Intune, you might have added the user AD group in SCope. if the users are not in the Group which you scoped, they will get this error, Please check and add the users to the AD group

Robert092 · a week ago

Also make sure to not use the "ALL USERS" Option, it will only cause trouble.

ref.: https://learn.jamf.com/en-US/bundle/technical-paper-microsoft-intune-current/page/Configuring_the_Mi...

DJJazzyJamf · a week ago

This was it. I completely forgot that I had only scoped it out to my small test group. Thanks.

Samstar777 · a week ago

@DJJazzyJamf For the error : "

"Helpdesk support required

Your organization needs to enable partner device management for you before you can enroll. Please contact your helpdesk" --> You need to make sure that this IT Users are part of the Azure / Entra ID Groups which you have scoped in Partners Compliance Management > Assignment"

@JMaximusPrime You need to configure Microsoft Enterprise SSO for Apple Devices to avoid this Pop Up message.

Hope this helps

--Sam

JMaximusPrime · a week ago

@Samstar777

Before I reached out, I configured the Microsoft Enterprise SSO for Apple Devices, following the documentation and keeping everything to default.

I also confirmed that Jamf Device Compliance is configured and "All Users" is included.

I have a small environment, and both devices are scoped out.