Entra ID not evaluating Device Compliance for Macs

Jose_Amaya
New Contributor III

I've setup the "Device Compliance" in Jamf as well as the "Partners Compliance Management" in Entra ID successfully and syncs daily with Jamf. However, it appears that after a macOS device has registered in Entra ID, a day later it's no longer compliant and "MDM" is no longer reporting as "Microsoft Intune" but as "N/A". 

Screenshot 2024-04-22 at 10.01.02 PM.png

 

In Intune, all macOS devices are also not reporting any compliance status. Any suggestions?

Screenshot 2024-04-22 at 9.58.27 PM.png

 

Screenshot 2024-04-22 at 11.53.11 PM.png

 

 

16 REPLIES 16

DBrowning
Valued Contributor II

Since you can only register a device in 1 MDM, you will not see devices or get updates in Intune.  You will only see devices in Entra. It sounds like maybe you are going from Intune to Jamf for your MDM?

Jose_Amaya
New Contributor III

Thank you for your quick response, DBrowning. As you may already know, this is the Microsoft documentation I was following to setup Device Compliance in Jamf. You might be right about Macs not reporting in Intune, since can't any documentation that states of macs report to Intune. However, the leaves the question about macs not reporting as compliant a day after the device is register.

Also, one other piece of information to note is that the Company Portal app reports the mac as not managed. In the past, it use to report that it was managed.

DBrowning
Valued Contributor II

Are you going from managing them via intune to manging them via Jamf?

 

Jose_Amaya
New Contributor III

Correct, Intune is managing macs through Jamf.

DBrowning
Valued Contributor II

I don't believe you understand the question.  What MDM are you enrolling your devices into?

Jose_Amaya
New Contributor III

My apologies. All macOS devices are enrolled to Jamf and that's only MDM that's installed.

DBrowning
Valued Contributor II

Did you previous use Conditional Access and are now moving over to Device Compliance?

Jose_Amaya
New Contributor III

No, we started with Device Compliance, never used Conditional Access with Jamf.

DBrowning
Valued Contributor II

Interesting.....you should have never seen Mac devices in Intune then.  You should only see them in Entra (portal.azure.com).  I'd recommend taking a look at this: https://github.com/benwhitis/Jamf_Conditional_Access/wiki/MacOS-Conditional-Access-Best-Practices as well to make sure you are setting things up.  After that, I'd suggest opening tickets with Jamf and MS to see if there is anything else.  

Jose_Amaya
New Contributor III

Thank you, DBRowning, for your time. I'll review the documentation further, but just one follow-up question. The documentation you suggested appears to cover the topic about Conditional Access Best Practices, will this help with Device Compliance?

DBrowning
Valued Contributor II

in this sense, they are same.  

Hi Jose, have you made any progress on this, i'm also experiencing the same issue. 

merladmin
New Contributor II

Hi Rolinda,

Sorry for the late reply, We're still looking into the issue, but we hope to have an solution soon. Will get back to you, if you haven't already fixed the issue.

leoHM
New Contributor

We are experiencing the same N/A status issue, but only on iOS/iPadOS devices.
We have successfully configured "Device Compliance" in Jamf as well as "Partner Compliance Management" in Entra ID and are syncing them daily with Jamf.
Someone else ?

CodyC
New Contributor II

seeing this issue as well, N/A compliant status for our ipads.  We have not moved MacOS yet, hesitant to at this point.  Any updates or fixes?

-Cody

duff2481-1
Contributor

we're seeing this from a macOS perspective.  Some devices are okay but struggling with Entra evaluating and showing compliant for some of our devices.  We've worked through the troubleshooting steps and not seeing issues or at least the ones defined in that article.   This is going to become a large issue if we cannot solve this soon.  JAMF says we are good on this side but that doesn't help get our users access to what they should have