This one is driving me bonkers.
My org has integrated Intune with conditional access in our environment. I have set it up with the JAMF portal without issue. That connection is happy. I am able to run the command from Self Service or the trigger command, and they can all enroll successfully. But whenever my clients leave the network they keep getting asked to to enroll within InTune, which will fail because it's not being invoked from self service.
I've been going the rounds with Microsoft, but I am wondering if any of you JAMF Jeniuses have been able to get this #&%* system to work properly. This is not a game breaker, but with it hitting our C level execs, it's a problem.
We have the same issue at our site and Microsoft support are currently looking into the issue for us. At this stage it looks like the issue is with InTune and the Company portal app (version 1.5) not triggering the sign-in process correctly after the app has enrolled. Microsoft have told me they can see the traffic to the Azure but it’s not responding.
They should be calling me next week and they wanted to remove all the settings from both the Jamf cloud and Azure services and set them back up again. I will post Microsoft findings as soon as I know.
Let MS know that "other" customers are seeing the same issue... Also can you post if the "remove all the settings" works... Our Intune guy doesn't think that will help or we would have done that already.. Also if you want to share you MS ticket number I will open a ticket in our portal and add that to our ticket when I get back from my memorial day holiday.
Thanks for the update. I am just trying an out of the box system which has no settings whatsoever and see if I can join it to our setup from my home address. I will update you later on how I get on.
Sadly removing all the setting from InTune/Jamf Server and from the client didn't make any difference. I have tested with and without Zscaler installed. I also did a packet trace and didn't see any blocked URL's on port 80/443.
The laptop which a rebuilt and manually joined to the jams server didn't work.
I deleted the following items each test
rm -Rf /Users/daviesst/Library/Application Support/com.microsoft.CompanyPortal
rm -Rf /Users/daviesst/Library/Caches/CompanyPortal
rm -Rf /Users/daviesst/Library/Caches/com.microsoft.CompanyPortal
rm -Rf /Users/daviesst/Library/Preferences/com.microsoft.CompanyPortal.plist
rm -Rf /Users/daviesst/Library/Caches/jamfAAD
I also manually deleted all of the certs from the computer.
Our Microsoft case number is REG:118030717767867. A point of interest is that between the point I click down and the JamfAAD auth box should appear the Company Portal app does show a 1 in the dock before it quits.
We just updated to 10.5, tested with a brand new machine that I have removed all entries from inTune, and AAD, and still nothing.
Is there any more granular logging that we can find? This issue is rather infuriating.
Yes, same issue here. Looks like Company Portal 1.5 is broken. I worked directly with the Microsoft product team on the older 1.4.2 Company Portal. I have created a support ticket with them.
Just got a wonderful email from my TAMs at both MS and JAMF that this issue, at least on my part, is a known product issue where you cannot get CA to work with Mobile Accounts.
They say that the Company Portal is unable to write to the keychain for Mobile users the same way that it is able to write for local accounts.
Both companies have said that they can submit feature requests for this, but it's unknown if or when they will be adopted.
@rbingham917 I have a similar set up to yours, and the Jamf policies are working fine. But, Company Portal hangs when it tries to register with Intune and never completes. If I close out of Company Portal, the registration continues and will call up the keychain access for me to enter info, but then it tells me I need to install Jamf Native macOS connector for it to work. The oddest part? It's working for some users. I have about 5 users that are marked as compliant in Intune and Intune's CA is working as expected. Do you have a case# from MS that I can reference with my MS contact to see if he has any more insight?