Help

JAMF/EntraID Device Compliance - All devices marked as Non-Compliant since Friday

Rolden
New Contributor III

‎11-01-2023 07:22 AM - edited ‎11-01-2023 07:47 AM

Hi All,

We have been working on setting up Device compliance with EntraID for a while and had everything in place to begin rolling it out this week, everything was working as expected with devices being marked with the correct compliance.  As of Friday all of our test devices were marked as non-compliant and registering devices now seems to take significantly longer than usual, almost as if it's waiting for a 24hr sync before the devices are marked as registered in Intune and marked as non-compliant.  This seems to coincide with the timing of our update to Jamf Pro 11.

Devices and users are in the correct groups and everything still appears normal from a setup perspective.

Has anyone else had similar issues?

Thanks,

Ryan

0 Kudos
10 REPLIES 10

jscherer
New Contributor II

Posted on ‎11-01-2023 11:20 AM

is this with the old compliance integration or the new integration with smart groups?

Rolden
New Contributor III

Posted on ‎11-01-2023 12:57 PM

It’s with the new smart groups.  We have allocated them all correctly and got them the right way around (won’t make that mistake again).  We are just checking against OS version at the moment.

0 Kudos

David_Jenkins
New Contributor II

Posted on ‎11-02-2023 05:43 AM

We have the same issue, but it was like this before upgrade to 11.

Devices show Intune under the MDM column in Entra - devices, but they all go non compliant.

Have tickets open with JAMF (been escalated) and MS (had a remote session but nothing else yet)

 

 

0 Kudos

David_Jenkins
New Contributor II

Posted on ‎11-02-2023 09:00 AM

Update - Jamf guys say all good their side, after doing all the dev logging / agent logs / Company portal logs.

They are doing a session with me tomorrow to look at the Azure config.

0 Kudos

Rolden
New Contributor III

Posted on ‎11-02-2023 09:06 AM

With us it was all our doing, we had used a test group in Azure and as we were heading towards deployment changed it to all users.  Turns out this was a major no no, we have now moved back to groups and it resolved the issue.

0 Kudos

David_Jenkins
New Contributor II

Posted on ‎11-02-2023 09:28 AM

Self inflicted eh? if only.
We have been using a Jamf users AD group and moving people in as their Mac was Jamf'ed.
We are migrating from Intune, but even clean / fresh Mac's suffer the same fate atm.

Rolden
New Contributor III
In response to David_Jenkins

Posted on ‎11-02-2023 02:59 PM

Indeed

The only other time I’ve seen that behaviour is when the compliance and applicable group were the wrong way around which is quite easy to do given the way the documentation presents things.

 

I hope you find out what’s wrong.

0 Kudos

David_Jenkins
New Contributor II

Posted on ‎11-03-2023 05:43 AM

This is now resolved!!
Had a live session with Jamf again - this time we re-created the device compliance connector with Intune.
Once done, kick all devices out of your compliance smart group, then put them back in (I did mine by saying they had to have a stupid serial number).
About a minute later, they all started popping up as compliant in Entra.

Hoorah!

0 Kudos

Rolden
New Contributor III
In response to David_Jenkins

Posted on ‎11-03-2023 05:47 AM

Amazing news.

We've just realised that as a result of this users cannot enroll personal devices in intune, I'm a bit at odds here as we wanted to allow users to have both corporate and personal devices.

David_Jenkins
New Contributor II
In response to Rolden

Posted on ‎11-03-2023 06:08 AM

We only have been doing Macs and havent done any by DEP, so in that regard, they are all personal?

0 Kudos