Jamf Nation Community

jconnor · ‎10-03-2024

We have been seeing several personal IOS devices being prompted to register or sign in with Jamf Pro registration. Our environment uses Intune for MDM, so this creates several issues, including some configuration profiles with applications and such. These are often phones that we are attempting to register in Intune, as well as the users signing in and registering their device with MS Authenticator.

AJPinto · ‎10-03-2024

What is the question?

jamf-42 · ‎10-03-2024

And this has what to do with jamf?

jconnor · ‎10-03-2024

We are not using Jamf to manage our employee personal devices. We manage with Intune MDM. When this occurs, it creates the device in our Jamf portal. It also adds the config policies install apps and such, which is unintended and causing issues in our Intune management. Both management services have been pushing profiles at the same time. Has anyone experienced this issue?

AJPinto · ‎10-03-2024

Automated Device Enrollment requires a device to be in Apple Business Manager. It is not possible for personal device to automatically enroll in to MDM.

My gut is saying there are one of three situations going on:

The instructions being provided to these users for manual Device Enrollment have your Jamf enrollment URL, and not your Intune enrollment URL.
You are releasing organizationally owned devices to end users to be personal devices, and not actually releasing them in Apple Business Manager.
Some randomness with Managed AppleID’s, and not having that enrollment method setup correctly.

jconnor · ‎10-08-2024

We are using Company Portal to initiate the device registration process through Intune. The devices being found pulled into jamf are being prompted somewhere during that process. After signing in, a popup safari window prompts the user to "register my device" without exactly stating into Jamf. We are currently not managing AppleIDs, and the devices we are using in rotation from ABM are not impacted.

jamf-42 · ‎10-03-2024

Is like Highlander.. there can only be one.

your using intune for MDM

or

JAMF..

jconnor · ‎10-03-2024

Yes, we are using Intune for personal devices and Jamf for MacOS and IpadOS Devices as our employees have a mix of operating systems.

sdagley · ‎10-03-2024

A personal device should never automatically try and enroll with any MDM unless you've somehow added them to your ABM account (or they were purchased from a vendor that added them for you). Check your ABM for those devices, and un-assign them from your Jamf Pro MDM.

Shyamsundar · ‎10-03-2024

Did you have the Device Compliance Enabled, if it's enabled from the Personal device if they try to access your organization stuff, it will say the device is not registered and ask to enroll and prompt for JAMF URL.

Check the Device Compliance Settings and Check the Landing Page for Devices Not Recognized by Microsoft Azure. it might be your JAMF URL, change it to the different one.

byrnese · ‎10-04-2024

This is the closest thing I could think of based off OPs details. It definitely sounds like it is being enrolled in Jamf, not Intune, and OP's "management from Intune" is compliance policies. As others have said, it isn't 2 MDM profiles.

jconnor · ‎10-08-2024

So we do use compliance verification checks for iOS and iPadOS devices (required for the nature of our iPad devices). I'm thinking a new group to manage only the specific devices via the Compliance status should stop cell phones from being pulled in during that process?

jconnor · ‎10-15-2024

As an update for this, i have identified we were using two Active Directory groups, and one of which was scoped so that any normal user was being pulled to jamf. we have since adjusted the scope and created a new jamf-specific secuity group for our ipad/ios users. No way around the registration page appearing, and something we have to just know to avoid when registering a phone for the individuals in the new group.

Jamf Nation Community

Unintended Jamf Pro Enrollment