What version of Jamf Pro are you running? Recent versions have added a couple InTune/AAD related things that can be used to report. I haven't found a need to use an EA anymore like I used to.

I'm also looking for this. At least in 10.12, while there is an Azure AD ID you can pull as a data point for a registered Mac, you cannot use that as a criteria for group membership.

Hi,

See below my EA, it will get the Azure ID from the current logged in user and report it back to Jamf Pro.
You can set a smart group to show all none and mark that as not-registered

#!/bin/bash





loggedInUser=$(/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "

");')



AADUNIQUEID="$(grep UniqueId /Users/$loggedInUser/Library/Application Support/com.microsoft.CompanyPortal.usercontext.info | awk -F""" '{print $2}')"



if [[ "${AADUNIQUEID}" == "" ]] ; 

then

    /bin/echo "<result>None</result>"

else

    /bin/echo "<result>${AADUNIQUEID}</result>"

fi



exit 0

Thanks Thijs! Thats exactly what I needed to get this deployed.

Hi @txhaflaire , sounds like it doesn't work with recent version of Intune Client, could you assist please ? Thank you in advance,

@JamelB Please explain? it still works in our env. Jamf Pro collects this value out of the box at the moment though!

Thank you @txhaflaire
When I run the command locally, you can see the behaviour in the screenshot attached. The AADUNIQUEID is empty even if it exists in the xml file.

https://ibb.co/mDfbQtD

@JamelB does the $loggedInUser get populated correctly on the device?

@txhaflaire Yes it is

https://ibb.co/3p66pr3

@txhaflaire any chance to assist ? Thank you

This stopped working for me as well. I was able to modify the EA to use PlistBuddy instead of grep.

#!/bin/bash



loggedInUser=$( /usr/bin/who | /usr/bin/awk '/console/{ print $1 }' )



AADUNIQUEID="$(/usr/libexec/PlistBuddy -c Print /Users/$loggedInUser/Library/Application Support/com.microsoft.CompanyPortal.usercontext.info | grep aadUniqueId | cut -d '=' -f2 | xargs)"



if [[ "${AADUNIQUEID}" == "" ]] ;

then

    /bin/echo "<result>None</result>"

else

    /bin/echo "<result>${AADUNIQUEID}</result>"

fi



exit 0

Daniel's EA worked for me. The built-in Azure AD values don't seem consistent, especially between the different views inside Jamf Pro.

This is consistent enough for a Smart Group

@daniel.behan awesome, it works perfectly, thank you very much :)

If anyone's looking at this in 2021; the name of the Company Portal .info file has changed to

com.microsoft.CompanyPortalMac.usercontext.info

Note the additional "Mac" in the filename.
Modify that in Daniel's script and you are good to go !

Wondering if this is still working for everyone? I just tried in Jamf 10.29.2 with Intune Company Portal 2.14 installed and it does not appear to be working.

@matt.vin I just set this up today. This grep script worked for me when I changed the name of the file as mentioned above. The other script I found out there using awk didn't work for me today. I had never used either prior.

Hey everyone. Thank you all for keeping this thread going it's been a great help to me. I, unfortunately, didn't have much luck with the first script, and had some success with Daniel's script after updating the .plist name with the 'Mac' value. When I ran Daniel's script with the updated 'Mac' name value it would return a UUID-looking string.

I inspected the com.microsoft.CompanyPortalMac.usercontext.info file and observed the 'aadUniqueID' is a UUID value while the 'aadUserID' value is the UPN of the account signed in with Intune. I just modified Daniel's script replacing the 'aadUniqueID' entries with 'aadUserID' and it spits out the UPN just fine.

I hope this helps.

Company Portal 2.16.210501

#!/bin/sh



loggedInUser=$( /usr/bin/who | /usr/bin/awk '/console/{ print $1 }' )



AADUSERID="$(/usr/libexec/PlistBuddy -c Print /Users/$loggedInUser/Library/Application Support/com.microsoft.CompanyPortalMac.usercontext.info | grep aadUserId | cut -d '=' -f2 | xargs)"



if [[ "${AADUSERID}" == "" ]] ;

then

    /bin/echo "<result>None</result>"

else

    /bin/echo "<result>${AADUSERID}</result>"

fi



exit 0

#!/bin/sh



loggedInUser=$( /usr/bin/who | /usr/bin/awk '/console/{ print $1 }' )



AADUSERID="$(/usr/libexec/PlistBuddy -c Print /Users/$loggedInUser/Library/Application Support/com.microsoft.CompanyPortalMac.usercontext.info | grep aadUserId | cut -d '=' -f2 | xargs)"



if [[ "${AADUSERID}" == "" ]] ;

then

    /bin/echo "<result>None</result>"

else

    /bin/echo "<result>${AADUSERID}</result>"

fi



exit 0

I tried your script as well and the result is none even though I enrolled it in intune

any idea?

Can you manually check that the devices has a AAUserID exists ? Does Jamf list it in "Local Accounts" on a device inventory ?

HI 

I checked and yes it does list a AADUserID

Hey Harrie,

I apologize for replying so late. Is your script now returning the enrolled AADUSERID user? If you go to the .info file does it show a user enrolled? - 

/Users/$loggedInUser/Library/Application Support/com.microsoft.CompanyPortalMac.usercontext.info

hey, 

try this. Levi forgot to add quotes around the file path And I adjusted the way to get the current user as  the command above also showed other users logged in.

This seems to work

thnx

Thanks for the tip! The quotes did the trick!

You can also get PlistBiddy to print the value directly instead of parsing it out: