Help

Intune registration automatically at the time of provisioning

Asifahmed
New Contributor III

Posted on ‎12-08-2022 04:28 AM

Hello Team,

 

Our organization's mac devices are getting managed by JAMF but device has to be registered in Intune/AAD to implement conditional access policy, and this process is manual, I mean users are supposed to open Self-Service app and run the Intune registration app to follow the next steps to register their mac in Intune/AAD. My question is that, is it possible to automate this job so that all mac devices will be registered automatically in Intune/AAD at the time of enrollment in JAMF?

0 Kudos
Reply
8 REPLIES 8

AJPinto
Honored Contributor III

Posted on ‎12-08-2022 05:37 AM

No, this is not possible. The function of logging in to the Comp Portal, is to register the device in AAD and in turn Microsoft Endpoint Manager. Microsoft does not provide a workflow for any MDM to be able to facilitate registering a device automatically for a user in to AAD. 

0 Kudos
Reply

Asifahmed
New Contributor III
In response to AJPinto

Posted on ‎12-08-2022 05:45 AM

So you want to mean that it is not possible for now due to Microsoft's design not for Jamf?

 

0 Kudos
Reply

daniel_behan
Contributor III

Posted on ‎12-08-2022 08:06 AM

I have a JAMF Helper script run during enrollment scoped to Macs where the Intune Registration is pending.  When they click ok, it will launch the Self Service Policy for them.

#!/bin/bash

answer=$( "/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper" \
-windowType utility \
-title "<your company>" \
-description "Please register your Mac with Intune to enable access Office 365 by selecting Register and logging into the Company Portal Application.  When prompted for JamfAAD, enter your password and choose Always Allow." \
-icon /Applications/Company\ Portal.app/Contents/Resources/AppIcon.icns \
-button1 Register \
-defaultButton 1 )

echo $answer

if [[ $answer -eq 0 ]];then
	/usr/local/bin/jamf policy trigger -id <your intune policy>
else
	echo "Something has gone horribly wrong, definitely abort..."
fi
Reply

Asifahmed
New Contributor III
In response to daniel_behan

Posted on ‎12-08-2022 08:41 AM

I understood the logic of the script, but my question is to register the mac by running the app from Self-Service and to register the mac calling the policy by its corresponding policy ID is same logically?

0 Kudos
Reply

daniel_behan
Contributor III
In response to Asifahmed

Posted on ‎12-08-2022 08:48 AM

By design in the documentation, the end user must register by means of the Self Service policy.  This script will simply prompt them to launch it.  Otherwise, they won't until they attempt to access an Office 365 resource.

0 Kudos
Reply

daniel_behan
Contributor III
In response to daniel_behan

Posted on ‎12-08-2022 08:50 AM

Sorry.  The Jamf Helper script should be set to launch the Self Service policy that someone would use to manually register.

0 Kudos
Reply

Tonydig11
New Contributor III
In response to daniel_behan

Posted on ‎12-14-2022 09:13 AM

This worked for my needs. Thank you

0 Kudos
Reply

Stalemate
New Contributor

Posted on ‎01-30-2023 04:15 PM

Not sure if anyone has seen the following behavior before but our manual registrations almost always fail the first time requiring us to "Flush" the job in Jamf before a second attempt.  Second attempt is almost always successful, but we'd have to flush 2-3 times before.  

Does this script help with that behavior by chance?  Doesn't sound like it since it's simply evoking the Self Service registration. It's been super frustrating; Azure registration should be a simple thing.  

0 Kudos
Reply