How to see InTune Enrolment in Jamf

perryd
Contributor

Hi,

Is there any way to see InTune Enrolment status in Jamf? I can see devices in intune but its a pain to keep switching applications and would be good to see it all in one place.

Does any one know if there is an extension attribute or something that can be added to see InTune enrolment?

Cheers!

9 REPLIES 9

rlowry
New Contributor III

Have you been able to find an answer to this question? I am new to the Intune/Jamf setup but familiar with them both separately.
So far I've tried using the "Computer Azure Active Directory ID" value to create a smart group, however it only looks at the first user's values. This is a problem for us because some users are 501 and others are 502.

I'm still looking for a definitive way to create a smart group to see if Intune is connected.

ThijsX
Valued Contributor

Hi,

You can check at your JSS the device and then the Local User Accounts, if you scroll the right pane to the right you will see the Computer Azure AD ID and User Azure AD ID.

The JamfAAD binary is located in /Library/Application Support/JAMF/Jamf.app/Contents/MacOS/JamfAAD.app/Contents/MacOS/JamfAAD
With this binary you can pull some information out or submit with the gatherAADInfo command data to JSS/Azure.

rlowry
New Contributor III

Thanks for the response.

The problem with your first point is that while Jamf will show the Computer Azure AD ID under Local User Accounts, when creating a Smart groups, it will only "find" the Computer Azure AD ID associated with the first registered user (id 501). On some of our machines, the current end user is not the first registered user and thus the Smart Computer groups search does not find a value. If I can find exactly where the Computer Azure AD ID is being pulled from (possibly the binary your listed?) I can script something to return the value and report correctly.

Does that make sense?

I will also look through the binary.

rlowry
New Contributor III

I'm trying this as an Extension Attribute:

 #!/bin/bash

AADUNIQUEID="$(cat ~/Library/Application Support/com.microsoft.CompanyPortal.usercontext.info | awk '/aadUniqueId/ {print $3}' | sed 's/"//g' | sed 's/;//g')"

if [[ "${AADUNIQUEID}" == "" ]] ; 
then
    /bin/echo "<result>None</result>"
else
    /bin/echo "<result>${AADUNIQUEID}</result>"
fi

exit 0

ThijsX
Valued Contributor

@rlowry Great! Thank you for sharing :)

joshk
New Contributor II

I just came across this thread and figured I should share my changes to the Extension Attribute. Thanks @rlowry

#!/bin/bash
#Script created by Robert Lowry (rlowry @ https://www.jamf.com/jamf-nation/users/69086/rlowry)
#Script modified by Josh Klosterman (joshk @ https://www.jamf.com/jamf-nation/users/35818/joshk)

#Get the currently logged in username
curUser=$(ls -l /dev/console | cut -d " " -f 4)

#Find the AzureAD UniqueID (aadUniqueId) within the currently logged in user's Library directory.
AADUNIQUEID="$(/usr/bin/awk '/aadUniqueId/ {print $3}' "/Users/$curUser/Library/Application Support/com.microsoft.CompanyPortal.usercontext.info" | sed 's/"//g' | sed 's/;//g')"

#Check to see if an AAD Unique ID was found and report it. If none was found report "None"
if [[ "${AADUNIQUEID}" == "" ]] ;
then
   /bin/echo "<result>None</result>"
else
   /bin/echo "<result>${AADUNIQUEID}</result>"
fi

#If we made it here we'll assume success
exit 0

tsuet
New Contributor

In case someone find this discussion, recent versions of CompanyPortal changed the .info file name:
~/Library/Application Support/com.microsoft.CompanyPortalMac.usercontext.info

Matt
Valued Contributor

Hey yall I am trying to run this script with the new directory listed above but I am getting an error. Does anyone have a working version of this script so I can check the Intune status as an EA?

Gonzalez
New Contributor III

Not my code, cant remember who to credit. So to the author likely on this board, thank. This works for us. Similar to above.

#!/bin/zsh

loggedInUser=$( stat -f%Su /dev/console )

## Get the file version
xmllint /Users/$loggedInUser/Library/Application\ Support/com.microsoft.CompanyPortalMac.usercontext.info

if [ "$?" -ne 0 ]; then
  AADUNIQUEID="$(grep UniqueId /Users/$loggedInUser/Library/Application\ Support/com.microsoft.CompanyPortalMac.usercontext.info \
  | awk -F"\"" '{print $2}')"

else
  AADUNIQUEID="$(grep -A1 UniqueId /Users/$loggedInUser/Library/Application\ Support/com.microsoft.CompanyPortalMac.usercontext.info \
  | grep string | awk -v FS="(<string>|</string>)" '{print $2}')"

fi

if [[ "${AADUNIQUEID}" == "" ]]; then
    /bin/echo "<result>None</result>"
else
    /bin/echo "<result>${AADUNIQUEID}</result>"
fi

exit 0