Today I struggle a bit with the intune integration. Connection between jamf Pro and Intune was quite easy to do if you follow the documentation on jamf. Also this blog helps a lot:
[https://ems.world/2018/01/17/jamf-pro-and-microsoft-ems-better-together-part-1/ ](link URL)
The issue I’m having is with enrolling the user into intune.
User hits Self Service to load the company portal, user logs in with their AD account and then the Jamf Native macOS Connector keeps asking for approval by an admin. Why?!?
Message is in dutch, sorry about that:
Hope there is somebody who can point me into the right direction. Thx.
I'm running in to the same issue in my environment. This ocmes up after the user gets through the Company Portal app. This literally showed up out of no where in Intune about 2 weeks ago and I can't find any documentation on it. I have a case open with support asking for some kind of document to reference while configuring this. We have an existing "app" configured for our Jamf Pro instance to communicate with Intune but it's the same type of thing this connector is listed in. Should we be connecting this instead of creating our own connection like the documents say?
I am in the exact same boat. I have been going the rounds with Jamf/Intune/Azure for the last few weeks, and we've got a deadline in the next two days to get all of us onto Conditional Access. At this time, we have found out that so far only GLOBAL ADMINS are able to install the portal successfully.
I am currently attempting to do this by escalating one of our service accounts to Global Admin, but now I am having issues where the bloody app will crash after authenticating, leaving me hanging.
I wish they tested this better.... So much for "it just works"
I had the same problem on my side with the client I work for.
A case has been opened at MS and after investigation, the issue with conditional access integration seems to be relate to the following Application “JAMF Native macOS Connector” this app require permissions to the users profile.
In a Azure/Office 365 tenant that use out of the box configuration this would not be an use as users are granted the ability to accept these types of permissions request. But in my customer this ability has been turned off for users and requires and Administrator to approve, this is normally done by the 3rd party supplying an admin consent URL.
We contacted Jamf and it appears the admin consent URL is the way to go to allow admins to allow the Jamf Native macOS Connector multi-tenant app when the global permission to consent is disabled for standard users.
Here is a consent URL that can be used until Jamf get this built in to Jamf Pro.
Jamf have not yet set up any good redirect for the admin to be redirected to after logging in and consenting. So clicking the "Accept" button after logging in will not actually show anything from the above URL.
After going through the Admin consent, you should be able to see the results by navigating within the Azure portal to Azure Active Directory > Enterprise Applications > Jamf Native macOS Connector > Permissions
See screenshots with what it should look like before and after doing the consent flow.
Jamf will need to build this functionality into Jamf Pro at some time in near future, including a button/link to start the consent workflow and a page with some information to be redirected to.
Ever since we did this, everything has been working.
I hope this will help you.