Intune Conditional Access Enrollment - Not consistent

ThijsX
Valued Contributor

Hi there,

We are trying to raise a good pilot for the Jamf / Intune Conditional Access intergration.
The fact is that 95% of the pilot machine's we try to enrol are enrolling as an Azure AD device and not as an Intune device.

So in this case, as they enrol as an Azure AD, they wont receive the compliance policies etc.

6d7cfc5989a6474fb4718a56f73e48df

I see many discussions about malfunctioning of the intergration, does anyone have worked a way out for this issue?

  • Pilot User have access to the Jamf Native macOS Connector enterprise application
  • Connections between JSS on-prem & Intune are fine
  • Compliance policies works fine, if an device is enrolled in Intune
  • When successful enrolled the JamfAAD gatherAADInfo seems good.
  • Tried on a fresh imaged/enrolled machine
  • Tried with multiple users
  • Successful log-ins reported by AAD for the users in the Company Portal
  • Using Company Portal v1.7

80147e9d6e3140f8ae0b4124ae0d97a9

  • When not successful enrolled the JamfAAD GatherAADInfo output is like ; No Azure AD Tentant found

Anyone?!

Cheers,

1 REPLY 1

mojo21221
Contributor II

I would agree that the experience has been very inconsistent... We have a very strict environment with a MAJOR focus on securing our devices. With that said. We are in the process of re-imaging/erasing/DEP our entire fleet due to some scripts we ran on our old config. particularly "5.1.4 from the CIS Benchmark" which modifies some Library files... We have the best results with having the user enroll into Conditional Access the moment after their machine finishes DEP. How much do you modify the out of box apple experience for your users?