Help

Getting Macs registered with Entra ID Notification

Go to solution
cwhitaker007
New Contributor

3 weeks ago

So I am working on getting all of our Mac devices registered with Entra ID. I have set up the notification to let the users know that they need to register and then it directs them to self service to do so. This is great , however my issue is with the triggers, I'm looking for a way that if the Mac such as mine currently is registered with Entra ID, how can I no longer have my device receive the pop up notification. I only want the pop up to trigger if the device is not registered, so this will help with current Macs as well as new macs when they come into our environment. I've looked every where for solutions and could not find any hoping someone here has found a way to get this done. 

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
scottlep
Contributor II

3 weeks ago

Create a smart group for devices which are already registered, then use that as an exclusion in your policy which is notifying the users to do the registration. Or, conversely, only scope your notification policy to a smart group of devices which are not registered.

View solution in original post

2 REPLIES 2

Go to solution
AJPinto
Honored Contributor II

3 weeks ago - last edited 3 weeks ago

You will probably need an extension attribute and need to get a pretty deep understanding of the Microsoft Company Portal and how it functions. Generally speaking, device registration is more or less user registration and there is not really anything for Jamf to pick up on at the device level that I am aware of.

 

Using the command below will tell you who the device is "registered" to in AAD. If there is a user, you can assume registration is complete. The downside of this command is you may see a dialog box come up for a moment as it runs due to how Microsoft has the GUI elements configured for the comp portal. You could write this into an Extension Attribute to tell if a device is registered or not. Either way, I hope this is a good starting point for you.

 

/usr/local/jamf/bin/jamfaad gatherAADInfo

 

AJPinto_1-1718199254287.png

 

 

Go to solution
scottlep
Contributor II

3 weeks ago

Create a smart group for devices which are already registered, then use that as an exclusion in your policy which is notifying the users to do the registration. Or, conversely, only scope your notification policy to a smart group of devices which are not registered.