iOS Device compliance Registration

mforeman1
New Contributor III

Hello, Has anyone already configured/Setup iOS device compliance integration (JAMF->Intune)? Everytime that we register the device via self service it won't ask us to enter the credentials instead we are getting "You are now Registered with Microsoft" prompt but when we checked back Intune we still don't see the device. Not sure if we missed something or doing it incorrectly. Steps taken: 

  • Device Compliance is Connected
  • iOS Device is enrolled in JAMF and supervised 
  • Self Service, Company Portal and Authenticator are installed on device (Latest Version)
  • 'Register with Microsoft' located in Self Service 
  • Configured JAMF Device Compliance in Partner compliance Management

Appreciate the help!

5 REPLIES 5

edamelio
New Contributor III

You wont see anything in Intune anymore with the Device Partner Compliance. You will, however, see the objects in Azure AD under each user. JAMF is now measuring compliance and not Intune policies which is why you do not see anything in Intune. 

mforeman1
New Contributor III

wow! thank you so much! another problem was device shows compliant already in azure ad and I have conditional access in place in Intune (To grant access to cloud apps/Require MFA and device to be compliant) but the device is still telling us to secure the device before you can access company resources even though it is already compliant in azure ad

edamelio
New Contributor III

what are you setting your compliance criteria to in JAMF? your compliance is measured by the MDM now based on the smart group you have set to measure what is "compliant."
I have my compliance measure set to a group of smart groups so that it is easier to add or subtract different criteria AND be able to vaguely more easily determine why something is or is not meeting compliance. I recommend what the JAMF article does and then just add on a smart group like "*** Compliance - Needs Installed" and "Compliance - Needs Baseline Settings" and then set them in your compliance group under a bunch of AND statements. 

mforeman1
New Contributor III

Hello, Yes we followed the instructions from jamf and we created 2 smart groups one is for the compliance group which is use to calculate device compliance and the other one is for the applicable Group. It shows compliant in azure ad but conditional access is detecting the device as not compliant

edamelio
New Contributor III

Did you happen to re-run the "Register with Microsoft" process in Self-Service on the device? If so: it could merit having to open a ticket with JAMF and/or Microsoft (I wish you luck with the later). It really just worked for us but we also didn't have many devices on the previous cloud connector. If you have a test device you don't mind removing AAD registration from, you can delete the device in AAD, wait a bit, and then re-register it.