Intune integration and Device Compliance

bwoods
Valued Contributor

Hello,

Since implementing the Jamf/Intune Integration that machines will randomly fall out of compliance. Users lose access to their Office 365 suite and they are unable to log into Cisco AnyConnect. The usually get prompted to re-enroll their device in Jamf. For Office 365 apps, they get a "You can't get there from here" notification.

When I check the device status in Intune/Azure AD they are properly enrolled and compliant.

The only way that I can usually fix this is with the solution that Microsoft provided. I first need to remove the device from Intune/Azure AD. Then I completely remove every instance of the company portal with a script. The final step is re-enrolling the device into Intune/Azure AD.

You can read more about this here.

3 REPLIES 3

bwoods
Valued Contributor

More info here.

shawes
New Contributor II

We see the same thing - machines randomly losing compliance even though Azure/Intune says otherwise. Re-enrolling in Intune just creates duplicate entries in Azure and doesn't fix the problem. Like you say, the only thing that seems to fix this is to remove the device from Azure, delete company portal and start again.

I've logged tickets with both Jamf and Microsoft about this and neither have been able to explain what causes the loss of compliance.

bwoods
Valued Contributor

@shawes I have a few questions for you.

  1. Is your fleet bound to AD?
  2. Are you seeing a majority of the issue on machines running macOS 10.14.4-10.15.3?

I'm noticing that some of the issues seem to be related to password reset/keychain update problems. Apparently macOS 10.14.4-10.15.3 doesn't update keychains properly. Please see this article here. My fleet is currently transitioning to macOS 10.15.4 and Jamf Connect. I am seeing less problems with these machines. The machines that are still below 10.15.4 and bound to AD still have the problem after a password reset.

The strange thing is; that other machines just randomly loose their connection without a password reset. Working with Jamf to gather logs on these machines.