Help

Is it normal for AAD to prompt for sign-in every week?

petestanley
New Contributor III

Posted on ‎02-17-2021 08:36 AM

Hi,

Our users on devices configured with Jamf Pro/InTune integration get prompted with the below to sign-in/register with AzureAD about once per week.

6260d921fd394a15a75d95e3d4da09a4

Is this normal behaviour for you other hybrid Jamf/Intune users? Is there anyway to prevent the need for additional sign-ins?

  • Jamf Pro Cloud
  • Intune Integration.
  • AzureAD (no on-prem)
  • MacOS Catalina
Labels:
0 Kudos
Reply
13 REPLIES 13

mfletch
New Contributor III

Posted on ‎02-17-2021 09:24 AM

We've dealt with this for years and were never able to get a solution from Jamf, so we moved away from Intune doing our compliance check, and we still have random users that get prompted to sign into JamfAAD so we just changed the permissions on JamfAAD so it can't launch. It was the only way we were able to get it to stop bothering users.

0 Kudos
Reply

andymcp
New Contributor III

Posted on ‎02-17-2021 09:59 AM

I haven't had a chance to test this myself but it sounds like this could help the re-auth situation: https://www.jamf.com/jamf-nation/articles/790/customizing-the-jamfaad-retry-logic-for-the-microsoft-...

Reply

alexjdale
Valued Contributor III

Posted on ‎02-17-2021 10:04 AM

Yep, try those settings, we've been using them and I haven't had a prompt in ages.

0 Kudos
Reply

petestanley
New Contributor III

Posted on ‎02-17-2021 10:48 AM

Dunno how I missed this. Will test the linked CP.

Thanks for the link folks!

Reply

bwoods
Valued Contributor

Posted on ‎07-29-2021 09:40 PM

@mfletch can you show me how you changed the permissions of the jamfAAD prompt? I would like to put it out of it's misery.

0 Kudos
Reply

jaybagley
New Contributor

Posted on ‎08-03-2021 08:28 AM

The link provided doesn't work, does anyone have an updated one?

0 Kudos
Reply

bwoods
Valued Contributor

Posted on ‎08-03-2021 10:47 AM

@jaybagley is this what you're looking for? 

0 Kudos
Reply

jaybagley
New Contributor

Posted on ‎08-04-2021 06:52 AM

I don't think so, this doesn't address the weekly re-authentication that we are seeing. Unless I am missing something

0 Kudos
Reply

bwoods
Valued Contributor

Posted on ‎09-21-2021 07:57 AM

Upvote this: JamfAAD should use web view instead of | Jamf Nation Feature Requests. Complain to your customer success reps as well.

0 Kudos
Reply

jhbush
Valued Contributor II

Posted on ‎05-27-2022 02:34 PM

Configure JamfAAD to use WebView

To avoid issues with browser redirection during the login process, you can configure the JamfAAD app to use WebView instead.

To configure the JamfAAD to use WebView for users signing into Azure AD, deploy a policy to managed computers that runs the following script:

#!/bin/sh
defaults write com.jamf.management.jamfAAD useWKWebView true
0 Kudos
Reply

piotrr
Contributor III

Posted on ‎05-31-2022 05:18 AM

Yeah that scriptlet is incomplete, doesn't specify user, and it seems if the registration has already run before, JamfAAD _still_ won't use WebView but will try to launch your default browser instead. 

So for these cases where JamfAAD devices require re-registration every 7 or 30 days (my case), the 10.38 update does nothing to improve the situation. 

0 Kudos
Reply

Go_Yes
New Contributor II

Posted on ‎06-01-2022 01:17 AM

#!/usr/bin/env bash
loggedInUser=$( /usr/bin/stat -f %Su /dev/console )
sudo -u $loggedInUser /usr/bin/defaults write com.jamf.management.jamfAAD useWKWebView true
exit 0

0 Kudos
Reply

Go_Yes
New Contributor II

Posted on ‎06-01-2022 01:26 AM

As Jamf is applying its settings to the root user; the script may need to detect the loggedinuser to set the com.jamf.management.jamfAAD preferences

0 Kudos
Reply