Posted on 12-08-2022 04:28 AM
Our organization's mac devices are getting managed by JAMF but device has to be registered in Intune/AAD to implement conditional access policy, and this process is manual, I mean users are supposed to open Self-Service app and run the Intune registration app to follow the next steps to register their mac in Intune/AAD. My question is that, is it possible to automate this job so that all mac devices will be registered automatically in Intune/AAD at the time of enrollment in JAMF?
Posted on 12-08-2022 05:37 AM
No, this is not possible. The function of logging in to the Comp Portal, is to register the device in AAD and in turn Microsoft Endpoint Manager. Microsoft does not provide a workflow for any MDM to be able to facilitate registering a device automatically for a user in to AAD.
Posted on 12-08-2022 05:45 AM
So you want to mean that it is not possible for now due to Microsoft's design not for Jamf?
Posted on 12-08-2022 08:06 AM
I have a JAMF Helper script run during enrollment scoped to Macs where the Intune Registration is pending. When they click ok, it will launch the Self Service Policy for them.
#!/bin/bash answer=$( "/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper" \ -windowType utility \ -title "<your company>" \ -description "Please register your Mac with Intune to enable access Office 365 by selecting Register and logging into the Company Portal Application. When prompted for JamfAAD, enter your password and choose Always Allow." \ -icon /Applications/Company\ Portal.app/Contents/Resources/AppIcon.icns \ -button1 Register \ -defaultButton 1 ) echo $answer if [[ $answer -eq 0 ]];then /usr/local/bin/jamf policy trigger -id <your intune policy> else echo "Something has gone horribly wrong, definitely abort..." fi
Posted on 12-08-2022 08:41 AM
I understood the logic of the script, but my question is to register the mac by running the app from Self-Service and to register the mac calling the policy by its corresponding policy ID is same logically?
Posted on 12-08-2022 08:48 AM
By design in the documentation, the end user must register by means of the Self Service policy. This script will simply prompt them to launch it. Otherwise, they won't until they attempt to access an Office 365 resource.
Posted on 12-08-2022 08:50 AM
Sorry. The Jamf Helper script should be set to launch the Self Service policy that someone would use to manually register.
Posted on 12-14-2022 09:13 AM
This worked for my needs. Thank you
Posted on 01-30-2023 04:15 PM
Not sure if anyone has seen the following behavior before but our manual registrations almost always fail the first time requiring us to "Flush" the job in Jamf before a second attempt. Second attempt is almost always successful, but we'd have to flush 2-3 times before.
Does this script help with that behavior by chance? Doesn't sound like it since it's simply evoking the Self Service registration. It's been super frustrating; Azure registration should be a simple thing.