Intune device registration fails the first time, second time succeeds

LeoBoston
New Contributor II

Hi y'all,

We are facing a mayor issue when registrating our devices to Intune for compliancy.

In the Self Service portal we initate the registration process,

Company Portal show, we log in and Company Portal states: You're all set!

 

Then JamfAAD opens with the message: To Complete the registration process, do the following.

 

Safari starts up and shows the following question: "JamfAAD" want to use "microsoftonline.com" to sign in.

 

When we sign in, the screen keeps loading and after a while Safari shows a error: This connection is not private. From there on, there nothing we could do and the process seems to break.

 

When we close the browser and start the whole process again, everything works fine.

 

Why does this not work directly?

 

Please hulp us.

Leo

3 REPLIES 3

vinu_thankachan
New Contributor III

Hi

We are also facing the same issue after the Safari update in March.

As the authentication is not getting complete,Jamfaad is not able to access the key chain certificate for intune device registration 

As a workaround, you can run the below command manually 

/Library/Application\ Support/JAMF/Jamf.app/Contents/MacOS/JamfAAD.app/Contents/MacOS/JamfAAD gatherAADInfo -disable-cache-read

 

Also you can use  Microsoft Edge Canary from the  Insider Channels and make it the default browser before device registration and see it can complete the device registration 

We have had a case open with Apple and Apple is still investigating.

 

Adelle
New Contributor
  1. he device will send its hardware hash to the Windows Autopilot services.
  2. If the device is registered with Windows Autopilot and has an Autopilot profile assigned to it, the profile details will be provided to the device.  In the Hybrid Azure AD Join case, the profile would tell the device what Azure AD tenant the device is associated with and that the device needs to be joined to Active Directory, but it does not specify the Active Directory domain details. 
  3. The user will be prompted for their Azure Active Directory credentials (or if using white glove, the device will perform TPM attestation) to get an Azure AD token; that token will be used to enroll the device in Intune.  Intune will be notified as part of the enrollment process that it needs to get the device joined to Active Directory.

 

Adelle
New Contributor
  1. he device will send its hardware hash to the Windows Autopilot services.
  2. If the device is registered with Windows Autopilot and has an Autopilot profile assigned to it, the profile details will be provided to the device.  In the Hybrid Azure AD Join case, the profile would tell the device what Azure AD tenant the device is associated with and that the device needs to be joined to Active Directory, but it does not specify the Active Directory domain details indigocard
  3. The user will be prompted for their Azure Active Directory credentials (or if using white glove, the device will perform TPM attestation) to get an Azure AD token; that token will be used to enroll the device in Intune.  Intune will be notified as part of the enrollment process that it needs to get the device joined to Active Directory.