Posted on 06-17-2019 08:21 AM
Hello,
We have successfully deployed Jamf / Intune conditional access to around 110 machines but it seems a couple of machines are failing the encryption policy in Intune although it's showing correctly in Jamf.
I have updated inventory on the machines a couple of times and both times it has updated the check in within Intune.
Attached are screenshots of the issue.
Just to give context on how we achieved the deployment: We have 2 configuration profiles installed on the machines 10.13 (above and below) and a policy which launches up company portal so the machines can register into Intune.
Any help would be appreciated
Thanks
George.
Posted on 06-17-2019 12:52 PM
@George-x.chan We have currently 550 +- devices succesfully registered in Intune, and the issue you mention also occurs sometimes in our organisation.
mostly, this happens when an external disk, or Recovery / Preboot volume is mounted and listed in the disks encryption overview.
Jamf then reports as "Boot disk encrypted" and it look likes Intune not always likes this.
So till this buggy has been fixed created an Self Service item for the users they can trigger. You can place this in an category Device compliance remediation for instance.
Self Service script
#!/bin/sh
disk2s2=$(mount | grep /Volumes/Preboot | awk '{print $3}')
disk2s3=$(mount | grep /Volumes/Recovery | awk '{print $3}')
# Check if Preboot volume is mounted
if [[ $disk2s2 =~ "Preboot" ]] ; then
echo "Preboot volume is mounted, going to unmount"
diskutil unmount disk2s2
else
echo "Preboot volume is not mounted"
fi
# Check if Recovery volume is mounted #
if [[ $disk2s3 =~ "Recovery" ]] ; then
echo "Recovery volume is mounted, going to unmount"
diskutil unmount disk2s3
else
echo "Recovery volume is not mounted"
fi
# Recon to update inventory and send info to AAD.
/usr/local/bin/jamf recon
exit 0
Posted on 06-18-2019 02:44 AM
thanks @txhaflaire - i will give this a try :)
By the way, have you had many issues with the Jamf / intune intergration overall? it seems like we're encountering various issues and there isn't much help online.
Thanks
George.