Intune device registration fails the first time, second time succeeds

LeoBoston
New Contributor III

Hi y'all,

We are facing a mayor issue when registrating our devices to Intune for compliancy.

In the Self Service portal we initate the registration process,

Company Portal show, we log in and Company Portal states: You're all set!

 

Then JamfAAD opens with the message: To Complete the registration process, do the following.

 

Safari starts up and shows the following question: "JamfAAD" want to use "microsoftonline.com" to sign in.

 

When we sign in, the screen keeps loading and after a while Safari shows a error: This connection is not private. From there on, there nothing we could do and the process seems to break.

 

When we close the browser and start the whole process again, everything works fine.

 

Why does this not work directly?

 

Please hulp us.

Leo

7 REPLIES 7

vinu_thankachan
Contributor

Hi

We are also facing the same issue after the Safari update in March.

As the authentication is not getting complete,Jamfaad is not able to access the key chain certificate for intune device registration 

As a workaround, you can run the below command manually 

/Library/Application\ Support/JAMF/Jamf.app/Contents/MacOS/JamfAAD.app/Contents/MacOS/JamfAAD gatherAADInfo -disable-cache-read

 

Also you can use  Microsoft Edge Canary from the  Insider Channels and make it the default browser before device registration and see it can complete the device registration 

We have had a case open with Apple and Apple is still investigating.

 

Adelle
New Contributor
  1. he device will send its hardware hash to the Windows Autopilot services.
  2. If the device is registered with Windows Autopilot and has an Autopilot profile assigned to it, the profile details will be provided to the device.  In the Hybrid Azure AD Join case, the profile would tell the device what Azure AD tenant the device is associated with and that the device needs to be joined to Active Directory, but it does not specify the Active Directory domain details. 
  3. The user will be prompted for their Azure Active Directory credentials (or if using white glove, the device will perform TPM attestation) to get an Azure AD token; that token will be used to enroll the device in Intune.  Intune will be notified as part of the enrollment process that it needs to get the device joined to Active Directory.

 

Adelle
New Contributor
  1. he device will send its hardware hash to the Windows Autopilot services.
  2. If the device is registered with Windows Autopilot and has an Autopilot profile assigned to it, the profile details will be provided to the device.  In the Hybrid Azure AD Join case, the profile would tell the device what Azure AD tenant the device is associated with and that the device needs to be joined to Active Directory, but it does not specify the Active Directory domain details indigocard
  3. The user will be prompted for their Azure Active Directory credentials (or if using white glove, the device will perform TPM attestation) to get an Azure AD token; that token will be used to enroll the device in Intune.  Intune will be notified as part of the enrollment process that it needs to get the device joined to Active Directory.

jearley
New Contributor III

Sorry if I am missing the solution here, but we are experiencing the same issue. After installing Company Portal and signing in, we launch Intune Device Registration. All of the prompts happen as they are supposed to except for the MS keychain access request, eventually, the registration fails and we flush Intune Device Registration in Jamf. Then when we attempt to re-register the MS keychain access will popup and we are able to register the device.

Any direction on where we should be looking to clear this issue up?

Stalemate
New Contributor

Anyone solve this problem yet?  Same story here, fail -> flush -> succeed. 

 

We are also having this same problem. Anyone have any solutions?

Stalemate
New Contributor

Our issues went away after switching to the WebView from browser for authentication.  See "JamfAAD WebView Support" from early last year.  

New Features and Enhancements - Jamf Pro Release Notes | Jamf