Issues with Intune / Conditional Access / Device Compliance / Pulse Secure since mac OS 11.3

sascha_neuroth
New Contributor

Hi,

we have some problems with Conditional Access since Mac OS 11.3+ 
If i use Mac OS 11.2.3 (or earlier Versions) everything works finde.

We use intune (and Company Portal App) to check the device compliance for login into the VPN via Pulse Secure and MFA.

Normally:

  • configure the conpany portal app via self service
  • start pulse secure an login via username + password
  • MFA
  • VPN Connected

with Mac OS 11.3 and newer:

  • configure the conpany portal app via self service
  • start pulse secure an login via username + password
  • there is a Message the Device has to be managed by "your company" 
    • i can navigate from there to the Jamf Enrollment Page, but i already have the MDM certificate etc.

It appears if i update from 11.2.3 to 11.3 or newer or if i install a fresh mac OS 11.4 + Management etc.
i cant see any differences between the clients with Mac OS 10.14, 10.15, 11.2.3 and 11.3+ in intune.
we are using Jamf Pro 10.30 and the newest version of Company Portal, Pulse Secure Version 9.1.11

Anyone knows the Problem?
Ideas?
Why is the Operating System involved?

5 REPLIES 5

Dave_F
New Contributor

We've been encountering an issue with Jamf/inTune/AzureAD/Conditional Access/Compliance

In our environment, JamfADD is popping up asking for Okta auth, then inTune registration, where it then stalls.
We've been told (by Jamf support) to set the default browser to 'Safari' and reboot, then try the process again, which has worked.

Not sure what the issue is yet, but for now we're stuck w/ this work-around.

danlaw777
Contributor

seeing the same thing, tho this workaround isnt working for us

vinu_thankachan
New Contributor III

I think the conditional access policy is blocking the access. It is better to start checking the Azure sign-in logs 

vinu_thankachan
New Contributor III

JamfAAD supports chromium browsers (Edge, Google Chrome ) with version 93 

sascha_neuroth
New Contributor

we didn't switch the default Browser. So it's still Safari.