Intune Jamf Native macOS Connector keeps asking for admin approval.

iMathijs
New Contributor II

Hi everyone,

Today I struggle a bit with the intune integration. Connection between jamf Pro and Intune was quite easy to do if you follow the documentation on jamf. Also this blog helps a lot:
[https://ems.world/2018/01/17/jamf-pro-and-microsoft-ems-better-together-part-1/ ](link URL)

The issue I’m having is with enrolling the user into intune.
User hits Self Service to load the company portal, user logs in with their AD account and then the Jamf Native macOS Connector keeps asking for approval by an admin. Why?!?

Message is in dutch, sorry about that:
c73b3063859040b7986138b5d4e79b1e

Hope there is somebody who can point me into the right direction. Thx.

6 REPLIES 6

PhillyPhoto
Valued Contributor

I'm running in to the same issue in my environment. This ocmes up after the user gets through the Company Portal app. This literally showed up out of no where in Intune about 2 weeks ago and I can't find any documentation on it. I have a case open with support asking for some kind of document to reference while configuring this. We have an existing "app" configured for our Jamf Pro instance to communicate with Intune but it's the same type of thing this connector is listed in. Should we be connecting this instead of creating our own connection like the documents say?

rbingham917
New Contributor III

I am in the exact same boat. I have been going the rounds with Jamf/Intune/Azure for the last few weeks, and we've got a deadline in the next two days to get all of us onto Conditional Access. At this time, we have found out that so far only GLOBAL ADMINS are able to install the portal successfully.

I am currently attempting to do this by escalating one of our service accounts to Global Admin, but now I am having issues where the bloody app will crash after authenticating, leaving me hanging.

I wish they tested this better.... So much for "it just works"

Jerome_CLEMENT
New Contributor

Hi

I had the same problem on my side with the client I work for.
A case has been opened at MS and after investigation, the issue with conditional access integration seems to be relate to the following Application “JAMF Native macOS Connector” this app require permissions to the users profile.
In a Azure/Office 365 tenant that use out of the box configuration this would not be an use as users are granted the ability to accept these types of permissions request. But in my customer this ability has been turned off for users and requires and Administrator to approve, this is normally done by the 3rd party supplying an admin consent URL.
We contacted Jamf and it appears the admin consent URL is the way to go to allow admins to allow the Jamf Native macOS Connector multi-tenant app when the global permission to consent is disabled for standard users.
Here is a consent URL that can be used until Jamf get this built in to Jamf Pro.
https://login.microsoftonline.com/common/adminconsent?client_id=55d611b0-7d33-4d38-8df3-6041868930d7&state=1234567890&redirect_url=jamfaad%3A%2F%2FAADTokenRequest%2F
Jamf have not yet set up any good redirect for the admin to be redirected to after logging in and consenting. So clicking the "Accept" button after logging in will not actually show anything from the above URL.

After going through the Admin consent, you should be able to see the results by navigating within the Azure portal to Azure Active Directory > Enterprise Applications > Jamf Native macOS Connector > Permissions
See screenshots with what it should look like before and after doing the consent flow.

Jamf will need to build this functionality into Jamf Pro at some time in near future, including a button/link to start the consent workflow and a page with some information to be redirected to.

Ever since we did this, everything has been working.

I hope this will help you.

29f9ce4f992a4a95ac638445784e4133
87c17d6ff0fd4c5bb2eb4b5ccabe7a3e

iMathijs
New Contributor II

Thank you for your input Jerome_CLEMENT, very much appreciated.
Hopefully I can set this up soon cause i'm having a full schedule the next coming weeks. I will keep you updated.

fernando_sahagu
New Contributor

Hi Everyone - It seems like I am having the same issue. Does anyone know if there is an update on this issue?

husnudagidir
New Contributor III

Hi Everyone,

 

I am also facing this same problem. does anyone have a solution for this?