Skip to main content
Solved

JamfAAD / Default Browser App / MacOS 12.3 / Missing Python / Mac-Set-Default-Apps


jonn1e
Forum|alt.badge.img+7

Hi,

As we all know the JamfAAD Integration with Intune / Endpoint Manager isn't that great at all.
All browsers are failing to finish the registration properly except Google Chrome. 

So we used Mac-Set-Default-Apps to set Chrome as default in our DEPNotify Script and the user is able to register it's device at Intune without any issues. So far so good. 

 

Now with MacOS 12.3+ Mac-Set-Default-Apps fails due to the lack of preinstalled Python.

We're installing MacAdmins Python  for other purposes at enrolment, but MSDA still fails with this Python Version and a symlink.

So I search the web for useful alternatives but it seems like there is no proper way to set the default browser without any user interaction, pop-up's or restarts? Thought about the official way with a .plist configuration but then Chrome simply asks after the first start if it should be the default browser. So not useful for the first redirection from Self Service regarding the AAD registration.  

 

Does anybode have an idea how to set the default browser without: 

- Python legacy edition

- Restarts, Pop-Up's, User Interaction

I'm happy for any suggestions! ðŸ˜•😕

 

If someone from Jamf is reading this, when will the feature request regarding the the messy JamfAAD registration be implemented? So many companies rely on Conditional Access and it's still so bad implemented since years...

 

Regards,

Jonny

 

Best answer by DBrowning

https://docs.jamf.com/10.38.0/jamf-pro/release-notes/New_Features_and_Enhancements.html#:~:text=JamfAAD%20WebView%20Support,to%20Azure%20Active

View original
Did this topic help you find an answer to your question?

6 replies

DBrowning
Forum|alt.badge.img+24
  • Esteemed Contributor
  • 668 replies
  • Answer
  • May 12, 2022

jonn1e
Forum|alt.badge.img+7
  • Author
  • Contributor
  • 47 replies
  • May 12, 2022

@DBrowning 
Yes also saw this a few minutes ago in the release notes. Completely overlooked it ! ðŸ™„ 

Hopefully the authentication flow will run smoothly after the update. 


Forum|alt.badge.img+4
  • Contributor
  • 18 replies
  • May 16, 2022

I enabled the webview policy, but it doesn't seem to be working for me. It still uses Safari during Registration


jonn1e
Forum|alt.badge.img+7
  • Author
  • Contributor
  • 47 replies
  • May 17, 2022
vcherubino wrote:

I enabled the webview policy, but it doesn't seem to be working for me. It still uses Safari during Registration


@vcherubino 
I tried it manuel via Terminal and it was extrem smoothly!
No doubled authentication and of course in a webview window. 

Will try it today with DEPNotify and a full enrolment. 
You may try it via Terminal, maybe it's something with you policy ?
It have to be executed before the user runs the registration flow. 


jonn1e
Forum|alt.badge.img+7
  • Author
  • Contributor
  • 47 replies
  • May 17, 2022
jonn1e wrote:

@vcherubino 
I tried it manuel via Terminal and it was extrem smoothly!
No doubled authentication and of course in a webview window. 

Will try it today with DEPNotify and a full enrolment. 
You may try it via Terminal, maybe it's something with you policy ?
It have to be executed before the user runs the registration flow. 


@vcherubino 

OK, I see were the issue comes from. 

The command needs to be executed as the logged in user. With the following script it get executed in the right way.

 

#!/bin/sh loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'` sudo -u "$loggedInUser" defaults write com.jamf.management.jamfAAD useWKWebView true

 


Forum|alt.badge.img+4
  • Contributor
  • 18 replies
  • May 17, 2022
jonn1e wrote:

@vcherubino 

OK, I see were the issue comes from. 

The command needs to be executed as the logged in user. With the following script it get executed in the right way.

 

#!/bin/sh loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'` sudo -u "$loggedInUser" defaults write com.jamf.management.jamfAAD useWKWebView true

 


This worked. Thanks!


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings