JAMF Pro ( on premise) and intune Integration issues

nachiket_s
New Contributor III

Hi All

I am facing challenges in setting up conditional access for JAMF Pro on premise instance with intune as we are seeing following error. 

Could not retrieve the access token for Microsoft Graph API. Check the configuration for macOS Intune Integration.
This connection was working before and it started showing terminated in intune and we couldnt figure out the root cause for the same as the terminal timelines are not matching with any other changes performed on the jamf side.
 
We have tried deleting the old connector and settings in intune as suggested by Microsoft teams and recreated another app with fresh id and secret keys

JAMF pro is hosted in windows environment and connecting to azure via proxy ( SSL inspection is bypassed and there are no blocking logs seen in proxy for the mentioned traffic)

proxy setting is configured via JVM properties and we dont see any issue with the proxy setting as jamf pro application can communicate with jamf cloud and ABM using the same channel.

Server team has verified the jamf app permissions with microsoft teams and as per them all the necessary permissions are already in place.

Any suggestions or thoughts on the same?

Also i would like to know of cloud connector is only applicable in case of jamf pro cloud instance because I couldnt see the setting manual / cloud connector in conditional access for my instance and Microsoft teams were insisting on using cloud connector to address these issues.

 

1 ACCEPTED SOLUTION

sdagley
Esteemed Contributor II

@nachiket_s I don't have any advice for your Microsoft Graph API issue, but be aware that Jamf has stated that on-prem support for Conditional Access will be removed this year. Per https://docs.jamf.com/10.43.0/jamf-pro/release-notes/Deprecations_and_Removals.html :

  • Conditional Access On-Premise SupportJamf will discontinue Conditional Access support in a future release of Jamf Pro (estimated removal date: late 2023) due to the migration away from Microsoft's Partner Device Management legacy API. Jamf will be offering an alternative solution called macOS Device Compliance using Microsoft's new Partner Compliance Management API in 2022. Customers who currently use macOS Conditional Access will need to move their workflows to macOS Device Compliance in Jamf Cloud. For more information on Jamf Cloud support, contact Customer Success.

On the Cloud Connector question, yes, that is only available when hosted in Jamf Cloud.

View solution in original post

1 REPLY 1

sdagley
Esteemed Contributor II

@nachiket_s I don't have any advice for your Microsoft Graph API issue, but be aware that Jamf has stated that on-prem support for Conditional Access will be removed this year. Per https://docs.jamf.com/10.43.0/jamf-pro/release-notes/Deprecations_and_Removals.html :

  • Conditional Access On-Premise SupportJamf will discontinue Conditional Access support in a future release of Jamf Pro (estimated removal date: late 2023) due to the migration away from Microsoft's Partner Device Management legacy API. Jamf will be offering an alternative solution called macOS Device Compliance using Microsoft's new Partner Compliance Management API in 2022. Customers who currently use macOS Conditional Access will need to move their workflows to macOS Device Compliance in Jamf Cloud. For more information on Jamf Cloud support, contact Customer Success.

On the Cloud Connector question, yes, that is only available when hosted in Jamf Cloud.