Help

How to see InTune Enrolment in Jamf

perryd
Contributor

Posted on ‎03-01-2018 01:27 AM

Hi,

Is there any way to see InTune Enrolment status in Jamf? I can see devices in intune but its a pain to keep switching applications and would be good to see it all in one place.

Does any one know if there is an extension attribute or something that can be added to see InTune enrolment?

Cheers!

Labels:
0 Kudos
Reply
9 REPLIES 9

rlowry
New Contributor III

Posted on ‎09-20-2018 07:08 AM

Have you been able to find an answer to this question? I am new to the Intune/Jamf setup but familiar with them both separately.
So far I've tried using the "Computer Azure Active Directory ID" value to create a smart group, however it only looks at the first user's values. This is a problem for us because some users are 501 and others are 502.

I'm still looking for a definitive way to create a smart group to see if Intune is connected.

0 Kudos
Reply

ThijsX
Valued Contributor
Valued Contributor

Posted on ‎09-20-2018 08:23 AM

Hi,

You can check at your JSS the device and then the Local User Accounts, if you scroll the right pane to the right you will see the Computer Azure AD ID and User Azure AD ID.

The JamfAAD binary is located in /Library/Application Support/JAMF/Jamf.app/Contents/MacOS/JamfAAD.app/Contents/MacOS/JamfAAD
With this binary you can pull some information out or submit with the gatherAADInfo command data to JSS/Azure.

0 Kudos
Reply

rlowry
New Contributor III

Posted on ‎09-20-2018 10:42 AM

Thanks for the response.

The problem with your first point is that while Jamf will show the Computer Azure AD ID under Local User Accounts, when creating a Smart groups, it will only "find" the Computer Azure AD ID associated with the first registered user (id 501). On some of our machines, the current end user is not the first registered user and thus the Smart Computer groups search does not find a value. If I can find exactly where the Computer Azure AD ID is being pulled from (possibly the binary your listed?) I can script something to return the value and report correctly.

Does that make sense?

I will also look through the binary.

0 Kudos
Reply

rlowry
New Contributor III

Posted on ‎09-26-2018 10:38 AM

I'm trying this as an Extension Attribute:

 #!/bin/bash

AADUNIQUEID="$(cat ~/Library/Application Support/com.microsoft.CompanyPortal.usercontext.info | awk '/aadUniqueId/ {print $3}' | sed 's/"//g' | sed 's/;//g')"

if [[ "${AADUNIQUEID}" == "" ]] ; 
then
    /bin/echo "<result>None</result>"
else
    /bin/echo "<result>${AADUNIQUEID}</result>"
fi

exit 0
Reply

ThijsX
Valued Contributor
Valued Contributor

Posted on ‎09-26-2018 10:43 AM

@rlowry Great! Thank you for sharing :)

Reply

joshk
Release Candidate Programs Tester

Posted on ‎07-28-2020 09:24 AM

I just came across this thread and figured I should share my changes to the Extension Attribute. Thanks @rlowry 

#!/bin/bash
#Script created by Robert Lowry (rlowry @ https://www.jamf.com/jamf-nation/users/69086/rlowry)
#Script modified by Josh Klosterman (joshk @ https://www.jamf.com/jamf-nation/users/35818/joshk)

#Get the currently logged in username
curUser=$(ls -l /dev/console | cut -d " " -f 4)

#Find the AzureAD UniqueID (aadUniqueId) within the currently logged in user's Library directory.
AADUNIQUEID="$(/usr/bin/awk '/aadUniqueId/ {print $3}' "/Users/$curUser/Library/Application Support/com.microsoft.CompanyPortal.usercontext.info" | sed 's/"//g' | sed 's/;//g')"

#Check to see if an AAD Unique ID was found and report it. If none was found report "None"
if [[ "${AADUNIQUEID}" == "" ]] ;
then
   /bin/echo "<result>None</result>"
else
   /bin/echo "<result>${AADUNIQUEID}</result>"
fi

#If we made it here we'll assume success
exit 0
Reply

tsuet
New Contributor

Posted on ‎03-25-2021 01:25 AM

In case someone find this discussion, recent versions of CompanyPortal changed the .info file name:
~/Library/Application Support/com.microsoft.CompanyPortalMac.usercontext.info

Reply

Matt
Valued Contributor

Posted on ‎03-16-2022 09:18 AM

Hey yall I am trying to run this script with the new directory listed above but I am getting an error. Does anyone have a working version of this script so I can check the Intune status as an EA?

0 Kudos
Reply

Gonzalez
New Contributor III
In response to Matt

Posted on ‎04-01-2022 05:13 PM

Not my code, cant remember who to credit. So to the author likely on this board, thank. This works for us. Similar to above.

#!/bin/zsh

loggedInUser=$( stat -f%Su /dev/console )

## Get the file version
xmllint /Users/$loggedInUser/Library/Application\ Support/com.microsoft.CompanyPortalMac.usercontext.info

if [ "$?" -ne 0 ]; then
  AADUNIQUEID="$(grep UniqueId /Users/$loggedInUser/Library/Application\ Support/com.microsoft.CompanyPortalMac.usercontext.info \
  | awk -F"\"" '{print $2}')"

else
  AADUNIQUEID="$(grep -A1 UniqueId /Users/$loggedInUser/Library/Application\ Support/com.microsoft.CompanyPortalMac.usercontext.info \
  | grep string | awk -v FS="(<string>|</string>)" '{print $2}')"

fi

if [[ "${AADUNIQUEID}" == "" ]]; then
    /bin/echo "<result>None</result>"
else
    /bin/echo "<result>${AADUNIQUEID}</result>"
fi

exit 0
0 Kudos
Reply