JamfAAD / Default Browser App / MacOS 12.3 / Missing Python / Mac-Set-Default-Apps

jonn1e
Contributor

Hi,

As we all know the JamfAAD Integration with Intune / Endpoint Manager isn't that great at all.
All browsers are failing to finish the registration properly except Google Chrome. 

So we used Mac-Set-Default-Apps to set Chrome as default in our DEPNotify Script and the user is able to register it's device at Intune without any issues. So far so good. 

 

Now with MacOS 12.3+ Mac-Set-Default-Apps fails due to the lack of preinstalled Python.

We're installing MacAdmins Python  for other purposes at enrolment, but MSDA still fails with this Python Version and a symlink.

So I search the web for useful alternatives but it seems like there is no proper way to set the default browser without any user interaction, pop-up's or restarts? Thought about the official way with a .plist configuration but then Chrome simply asks after the first start if it should be the default browser. So not useful for the first redirection from Self Service regarding the AAD registration.  

 

Does anybode have an idea how to set the default browser without: 

- Python legacy edition

- Restarts, Pop-Up's, User Interaction

I'm happy for any suggestions! 😕

 

If someone from Jamf is reading this, when will the feature request regarding the the messy JamfAAD registration be implemented? So many companies rely on Conditional Access and it's still so bad implemented since years...

 

Regards,

Jonny

 

2 ACCEPTED SOLUTIONS

@vcherubino 

OK, I see were the issue comes from. 

The command needs to be executed as the logged in user. With the following script it get executed in the right way.

 

#!/bin/sh
loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'`
sudo -u "$loggedInUser" defaults write com.jamf.management.jamfAAD useWKWebView true

 

View solution in original post

6 REPLIES 6

jonn1e
Contributor

@DBrowning 
Yes also saw this a few minutes ago in the release notes. Completely overlooked it ! 🙄 

Hopefully the authentication flow will run smoothly after the update. 

vcherubino
New Contributor III

I enabled the webview policy, but it doesn't seem to be working for me. It still uses Safari during Registration

@vcherubino 
I tried it manuel via Terminal and it was extrem smoothly!
No doubled authentication and of course in a webview window. 

Will try it today with DEPNotify and a full enrolment. 
You may try it via Terminal, maybe it's something with you policy ?
It have to be executed before the user runs the registration flow. 

@vcherubino 

OK, I see were the issue comes from. 

The command needs to be executed as the logged in user. With the following script it get executed in the right way.

 

#!/bin/sh
loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'`
sudo -u "$loggedInUser" defaults write com.jamf.management.jamfAAD useWKWebView true

 

vcherubino
New Contributor III

This worked. Thanks!