Help

MacOS Device Compliance - Azure AD Conditional Access policies

glpi-ios
Contributor III

Posted on ‎08-11-2023 08:43 AM

Hello,


We have enabled Device Compliance in Jamf.
Everything went well.
The enrollment of the devices, the computers appear well in Azure AD as compliant based on the Jamf compliance smart group, if I change the criteria of the Compliance smart group, it goes well into non-compliant in Azure AD, etc.

But the problem I'm having now is when I create a conditional access policy in Azure AD and check "Require device to be marked as compliant", it even impacts computers marked as compliant in Azure AD.
For example, I created a policy that blocks the ability to authenticate on Adobe applications for non-compliant computers, this affects compliant devices.
As soon as I uncheck "Require device to be marked as compliant", it unlocks the situation (on non-compliant computers too...normal).

Do I need to configure anything else?

Thank you for your help

 

Screenshot 2023-08-11 at 17.35.38.jpg

0 Kudos
Reply
2 REPLIES 2

edamelio
New Contributor III

Posted on ‎10-23-2023 11:45 AM

do you have a corresponding sign-in log that the criteria for all policies can be looked at? Sounds like a conflict somewhere. 

0 Kudos
Reply

Bretterson
Contributor

Posted on ‎03-22-2024 12:57 PM

We seem to be having this issue as well, however, in our case random computers will work fine for months and then suddenly can't access content. Sign-in logs indicate issue was that a compliant computer is required, yet the device is always listed as compliant. The fix has been inconsistent as well.

0 Kudos
Reply