Help

Device Compliance

Go to solution
DJJazzyJamf
New Contributor II

Posted on ‎11-12-2024 12:16 PM

Hello,

I have recently set up a device compliance connection between Jamf Pro and Intune.  I was able to successfully register my test devices without issue so I pushed it out to a handful of IT users.  When they try to register, they are receiving an error that states:

"Helpdesk support required

Your organization needs to enable partner device management for you before you can enroll.  Please contact your helpdesk"

Our legacy conditional access policy is currently terminated and was never scoped out to any users, so I am unsure why this message appears.  Any advice?

0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
Shyamsundar
Contributor

Posted on ‎11-13-2024 12:03 AM

While you register for Intune, you might have added the user AD group in SCope. if the users are not in the Group which you scoped, they will get this error, Please check and add the users to the AD group

View solution in original post

0 Kudos
Reply
8 REPLIES 8

Go to solution
JMaximusPrime
New Contributor II

Posted on ‎11-12-2024 04:09 PM

Hi DJJazzyJamf,

I'm in the same boat. We are new to Jamf and were also trying to associate our CAP in Azure with Jamf. We're running into the following error: 

J_Maximus_Prime_0-1731456548451.png

 



0 Kudos
Reply

Go to solution
Robert092
New Contributor
In response to JMaximusPrime

Posted on ‎11-13-2024 07:27 AM

that's not an Azure / Jamf Issue.

You might need to configure a SSO Extension and give the apps you want to use with SSO access to the credentials.

https://learn.microsoft.com/en-us/mem/intune/configuration/use-enterprise-sso-plug-in-macos-with-int... 

in this case you need to add a custom plist with the bundleID of the Cisco Client

0 Kudos
Reply

Go to solution
ks25
New Contributor III

Posted on ‎11-12-2024 08:00 PM

Hello all,

In Intune, we have to register the Jamf under 'Partner Device Management' session to work with device compliance partner. Hope this will help to register the device in Intune.

Screenshot 2024-11-13 at 9.28.25 AM.png

 

0 Kudos
Reply

Go to solution
Shyamsundar
Contributor

Posted on ‎11-13-2024 12:03 AM

While you register for Intune, you might have added the user AD group in SCope. if the users are not in the Group which you scoped, they will get this error, Please check and add the users to the AD group

0 Kudos
Reply

Go to solution
Robert092
New Contributor
In response to Shyamsundar

Posted on ‎11-13-2024 07:22 AM

Also make sure to not use the "ALL USERS" Option, it will only cause trouble.

ref.: https://learn.jamf.com/en-US/bundle/technical-paper-microsoft-intune-current/page/Configuring_the_Mi...

0 Kudos
Reply

Go to solution
DJJazzyJamf
New Contributor II
In response to Shyamsundar

Posted on ‎11-14-2024 06:25 AM

This was it.  I completely forgot that I had only scoped it out to my small test group.  Thanks.

0 Kudos
Reply

Go to solution
Samstar777
Contributor II

Posted on ‎11-14-2024 03:02 AM

@DJJazzyJamf  For the error : "

"Helpdesk support required

Your organization needs to enable partner device management for you before you can enroll.  Please contact your helpdesk" --> You need to make sure that this IT Users are part of the Azure / Entra ID Groups which you have scoped in Partners Compliance Management > Assignment"

@JMaximusPrime You need to configure Microsoft Enterprise SSO for Apple Devices to avoid this Pop Up message. 

Hope this helps

--Sam

0 Kudos
Reply

Go to solution
JMaximusPrime
New Contributor II
In response to Samstar777

Posted on ‎11-14-2024 06:54 AM

@Samstar777 

 Before I reached out, I configured the Microsoft Enterprise SSO for Apple Devices, following the documentation and keeping everything to default. 

I also confirmed that Jamf Device Compliance is configured and "All Users" is included.

I have a small environment, and both devices are scoped out. 

0 Kudos
Reply