Extremely Slow Microsoft Endpoint Manager (Intune) Compliance for Jamf enrolled iOS Devices

HFGuru
New Contributor

According to a Microsoft tech I worked with recently, "the sync time for devices to register and achieve compliance is up to 6-8 hours." For my Jamf enrolled iOS devices (on the latest OS) this appears to be taking up to the full 6 hours for a device to show up as compliant. Conditional access policies are otherwise applying just fine thereafter, and as per design, I don't have Comp Portal installed on these devices. My experience with Intune enrolled devices is that full compliance within minutes and not hours. Microsoft's documentation indicates that a newly enrolled device should check in faster, or every 15mins for 6 hours and then every 6 hours. 

 

Is anyone else integrated with Intune and experiencing the same slowness with achieving compliance? Have you found a way around it?

Our iOS device deployments will otherwise take 6+ hours to accomplish (this is terrible for my help desk). 

 

Please see: https://docs.microsoft.com/en-us/mem/intune/configuration/device-profile-troubleshoot 

Devices enrolled in Intune evaluate compliance rules on each check in

The check-in frequency is as following

Platform Check-in frequency
iOSEvery 8 hours
Mac OS XEvery 8 hours
AndroidEvery 8 hours
Windows PhoneEvery 8 hours
Windows 8.1Every 8 hours
Windows 10 PCs enrolled as devicesEvery 8 hours

If the device recently enrolled, the check-in frequency is more frequent, as follows:

Platform Frequency
iOSEvery 15 minutes for 6 hours, and then every 6 hours
Mac OS XEvery 15 minutes for 6 hours, and then every 6 hours
AndroidEvery 3 minutes for 15 minutes, then every 15 minutes for 2 hours, and then every 8 hours
Windows PhoneEvery 5 minutes for 15 minutes, then every 15 minutes for 2 hours, and then every 8 hours
Windows PCs enrolled as devicesEvery 3 minutes for 30 minutes, and then every 8 hours

 

2 REPLIES 2

Samstar777
Contributor II

Hello HFGuru,

The document which you are referring is meant for devices managed by Microsoft Intune and not for devices which are managed by Jamf.

In our scenario, we always run Inventory Update for end device to make sure Jamf has the latest and greatest inventory and Jamf then send the same to Intune for Conditional Access.

I will recommend "Inventory Update" which should help fix your issue.

Tip: Make Inventory Update available in Jamf Self Service so that help desk can run it manually when required.

-Sam 

Thanks Sam, we do have Inventory included in most of our payloads. I know that inventory is working well, however, it's not in Self Service. That should be helpful thanks.

When you say, "then send the same to Intune for Conditional Access," what are you referring to. I may be overcomplicating it, but I'm not seeing a way to force that with Intune on a Jamf enrolled device. If there is a way to do it, then that's definitely what I'm looking for.