We have successfully integrated Microsoft Intune with Jamf and are able to enroll devices. We set up Conditional Access test policies, which do work to restrict access. However, whenever we log in, even from users that are not scoped to a conditional access policy we are being prompted to select an authentication certificate in Chrome and Safari. This continues even if we disable the policy, unless we actually delete it.
For un-scoped users they are allowed access after either selecting a certificate or cancelling the prompt, so they are not being incorrectly restricted, but the prompt is definitely an issue. For enrolled, scoped devices we are unsure why they are being prompted instead of simply being logged in automatically.
Has anyone else seen this happen? We have a case open with Microsoft but so far they haven't been much help and can't reproduce this.