Intune setup

PhillyPhoto
Valued Contributor

I'm trying to setup Intune, but getting errors before I can even get the connection. I enter the info, but get the error "Could not retrieve the access token for Microsoft Graph API. Check the configuration for Microsoft Intune Integration."

What do use use for the Azure AD tenet name? The ".onmicrosoft.com" subdomain?

14 REPLIES 14

bjonesrbh
New Contributor

YourAzureADName.onmicrosoft.com is what I used. Make sure you didn't go beyond I think 10 minutes since creating your key else it will also fail. I pretty much followed this https://docs.microsoft.com/en-us/intune/conditional-access-integrate-jamf#configure-conditional-access-in-jamf-pro to get it done. I had to wait a bit after I entered the key and appid before the test would work. How long, I'm not sure since I came back the next day.

PhillyPhoto
Valued Contributor

@bjonesrbh do you have any Graph API settings configured? If so, what ones? I'm not getting a key error now, but I'm still getting the "Could not retrieve the access token for Microsoft Graph API. Check the configuration for Microsoft Intune Integration." error.

a0ae3741c00242bd9f95c6268604be76

bjonesrbh
New Contributor

This is the only permissions I set for the app:

f3b466f439564cd6a37dbf7ab667b423

bjonesrbh
New Contributor

Also make sure to hit the "Grant Permissions" after deleting the only permissions and adding the new one.

RC408
New Contributor II

I'm getting the same error even after redoing all the configuration on the MS side.

Munkeee
New Contributor III

I’m lucky enough to be our Intune and Jamf admin. MS’s docs are pretty bad, but I got it working. Your Azure AD tenant name can be found in Azure>Azure Active Directory>Property>Directory ID. It will be a string of numbers and letters, much like the App ID you created for Jamf Conditional Access. I don’t believe it should be any kind of URL, but rather just identifies your tenant by ID. I was also able to create a custom location to put the Company Portal app by packaging it with Composer (rather than in the Applications folder). This would prevent users from launching the app from the App folder (a no-no according to the docs, it needs to be launched through Self Service).

Bendelaat
New Contributor II

1877ba8d7c21442caab1476d660317b0
@PhillyPhoto did you get this sorted? I also have this issue.

regards Ben

PhillyPhoto
Valued Contributor

@Bendelaat It seemed to be a timing issue. Following the instructions to set everything up in Intune, it did work, but it seemed to take a little while for the account and keys to propagate. There wasn't actually a graph API to configure. So try giving it some time and trying again.

On a side note, I believe we are now running into product issue (PI-005258) where Conditional Access does not work in multi-context environments. Our JSS is setup as "https://jss.domain.com/jamf" instead of just "https://jss.domain.com".

Bendelaat
New Contributor II

thanks, I forgot to grant the permissions to the app. 28e2ea7df8f54ac0be1b9d4933b0e9bf

it's working now!

jlombardo
Contributor

Bumping this even though its been a few years.

I am getting this error, however both Intune and Graph have the proper permissions:

"Could not retrieve the access token for Microsoft Graph API. Check the configuration for Microsoft Intune Integration."

Since we are all cloud, highly doubt it's a port issue.  Anyone else experience this?

We're also running into this issue, permissions consented to per the documentation.

Blew everything in Azure away and ran the Cloud Connector setup and it worked for about 12 hours and now it's broken again.

Yea I reached out to support and they recommended Cloud Connector.. The documentation for the manual setup is definitely out dated as it asks for an API that is depreciated.

I haven't really looked at it since it was for POC, but checking now it still appears to be working. Is yours still down?

Yeah, I also reached out to support and they also recommended removing everything again and setting up Cloud Connector. 

It's now working for us, but it's a travesty that the documentation is wrong.

dvasquez
Valued Contributor

Ok, so the manual configuration will not work, bummer. And the clear choice for functionality is Cloud Connector. Thanks and good to know. I was banging my head on this as I had everything configured corrently.