Our users on devices configured with Jamf Pro/InTune integration get prompted with the below to sign-in/register with AzureAD about once per week.
Is this normal behaviour for you other hybrid Jamf/Intune users? Is there anyway to prevent the need for additional sign-ins?
We've dealt with this for years and were never able to get a solution from Jamf, so we moved away from Intune doing our compliance check, and we still have random users that get prompted to sign into JamfAAD so we just changed the permissions on JamfAAD so it can't launch. It was the only way we were able to get it to stop bothering users.
I haven't had a chance to test this myself but it sounds like this could help the re-auth situation: https://www.jamf.com/jamf-nation/articles/790/customizing-the-jamfaad-retry-logic-for-the-microsoft-...
To avoid issues with browser redirection during the login process, you can configure the JamfAAD app to use WebView instead.
To configure the JamfAAD to use WebView for users signing into Azure AD, deploy a policy to managed computers that runs the following script:
#!/bin/sh defaults write com.jamf.management.jamfAAD useWKWebView true
Yeah that scriptlet is incomplete, doesn't specify user, and it seems if the registration has already run before, JamfAAD _still_ won't use WebView but will try to launch your default browser instead.
So for these cases where JamfAAD devices require re-registration every 7 or 30 days (my case), the 10.38 update does nothing to improve the situation.