JAMF Compliance devices becoming unregistered?

Dobson
New Contributor II

We use JAMF and Microsoft to integrate device compliance for many of our devices. However, in the last two weeks, we have observed that some devices randomly lose the 'Microsoft Intune' field in Azure and become non-compliant. When we check the company portal, the compliance managed by JAMF is also missing.

Dobson_0-1698169410794.png

Due to the lack of compliance, these devices start to show conditional access errors. We can fix this quickly by running the azure registration policy again, but we don't know the root cause of this problem. For example, one device had to be re-registered three times in two weeks. Others only once, and some never.

We did find this MS known issue with Intune and macOS:
Known issues with Microsoft Intune - Intune | Microsoft Learn

Could this be the cause of our problem, or is there something else I might have overlooked?

1 ACCEPTED SOLUTION

sdagley
Esteemed Contributor II

@Dobson Odds are you're running into PI113193, and Jamf Pro 11.0.1 is supposed to be available this week with a fix for the issue.

View solution in original post

7 REPLIES 7

sdagley
Esteemed Contributor II

@Dobson Odds are you're running into PI113193, and Jamf Pro 11.0.1 is supposed to be available this week with a fix for the issue.

Dobson
New Contributor II

Ah I was previously unaware of this log!
https://account.jamf.com/products/jamf-pro/known-issues

Thanks for sharing - I reckon this is it!

gav446
New Contributor II

Did you ever find a solution to this issue? I am now on latest JAMF release (11.1.3) and still this is randomly happening to some users.

Dobson
New Contributor II

I have not seen the issue re-occur since upgrading. we are on 11.1.1

gav446
New Contributor II

Thanks. I have a troubleshoot session with JAMF support today. Will see what that discovery finds.

BCHD
New Contributor

Any joy?
We are getting this a lot - 14 devices in last two days.
Even when the device in question was off!

gav446
New Contributor II

Not totally resolved yet, but much better. 

JAMF support recommended configuring JamfAAD to use WebView as well as configuring JamfAAD to recheck for a valid Microsoft Entra ID token.

Both those options can be found in this article:  Troubleshooting Microsoft Entra ID Login Using JamfAAD - Technical Articles | Jamf

Once that policy is deployed I ask user to reregister to Intune with self service tool. Have not had a reoccurring case since then, only new ones