Hello, my company decided to use Jamf Pro as MDM solution for Macs administration. Our current setup is Jamf Pro + Jamf Connect with Azure AD as IdP, and all purchased Macs are already in Apple Business Manager with Jamf as assigned MDM server.
We're on last phase of polishing all apps deployment, policies configuration, scripts deployment, but found a bug (or misconfiguration) that is preventing usage of Jamf as company-wide solution yet.
In perfect scenario, when new employee has been hired, brand new Mac is being purchased and delivered directly to user. Mac is already enrolled to ABM, and automatically assigned Jamf as MDM server. This user also receiving AAD credentials with temporary password to change during first account use.
Please find below issue description:
1. User first time power on new Mac, and connect to the Internet.
2. Jamf pre-stage enrollment has been started and all config profiles deployment happens.
3. When above completed, Jamf Connect shows Microsoft network login.
4. User provides AAD account details (UPN and temporary password).
5. Next Microsoft prompt to configure MFA, and next to setup new password.
6. When Microsoft login completed, there is Jamf pop-up informing that Mac profile is being created.
7. Next pop-up is to enable FileVault.
8. User lands in the desktop, and in theory AAD account password should be synchronized with Mac profile, but the issue is, this password not works. User end-up in situation not knowing password to Mac profile, so in general is blocked after lock screen or restart.
Above issue is not happening when I use AAD user with already changed password (not temp password) - Jamf Connect is able to push AAD password as Mac profile password.
I'm looking for information is it known"issue" (but couldn't find such info in the Internet), or we have some misconfiguration in our Jamf Pro instance. I will be glad for any advice or information, what should I check.
Cheers!
