Help

Updated Intune Extension Attribute/Smart Group

Go to solution
spesh
New Contributor III

Posted on ‎02-07-2023 11:13 AM

I found this thread for an Intune EA, but am getting conflicting information. I check if a user is enrolled in Jamf by navigating to their computer, clicking the History tab, then navigating to macOS Intune Integration Logs. The extension attribute will return "None" despite the user being enrolled with Intune (see screenshots attached). 

Screenshot 2023-02-07 at 1.54.53 PM.png

 

Screenshot 2023-02-07 at 1.54.39 PM.png

 

I have tried to find documentation on creating a smart group based upon the Intune Integration reporting Jamf already has, but have not been able to find any. I also quickly glanced through the Jamf Pro API reference and documentation to see if this could be accomplished via the API but was unsuccessful. 

Any help would be appreciated! Thank you for your time! 

0 Kudos
1 ACCEPTED SOLUTION
6 REPLIES 6

Go to solution
spesh
New Contributor III
In response to jhalvorson

Posted on ‎02-10-2023 06:17 AM

That so far has worked perfectly. Thank you so much! 

0 Kudos

Go to solution
verticalben
New Contributor III
In response to spesh

Posted on ‎02-13-2023 04:09 AM

Hi guys, thanks for this, I've set up the EA but it's coming up blank in the computer's inventory. Does it take a long time to sync?

0 Kudos

Go to solution
DMH2000
Contributor

Posted on ‎06-01-2023 09:12 AM

I set up the EA but do not see "aad registration state" criteria to pick from. And like @verticalben my EA is blank for all computers that recently checked in.  Is the"aad registration state" criteria something that needs to be added? How is it added?

0 Kudos

Go to solution
spesh
New Contributor III

Posted on ‎06-01-2023 10:55 AM

@verticalben @DMH2000 A few things have changed since posting this. Overall, I personally stopped trying to track Intune integration as I continued receiving conflicting information. 

I know Jamf has changed conditional access integration, and will be stopping support for it in estimated late 2023. If you go to Settings → Global → Conditional Access, you can see the warning message directly from them. Now its device compliance, and from what I gather, you select a smart group to base compliance off of which then sends a true/false to Intune. I could be wrong about that. 

Jamf also changed the binary for Azure Active Directory integration from jamfAAD to Jamf Conditional Access which can be found here: 

/Library/Application Support/JAMF/Jamf.app/Contents/MacOS/Jamf Conditional Access.app/Contents/MacOS/Jamf Conditional Access

The last thing I will say is that when I was using the EA from the GitHub repo in the solution, I did notice it took longer than expected to populate that information. Doesn't entirely surprise me because of how difficult Intune has been, but not sure if Intune is just problematic for my company or if its a disaster for everyone else. 

Go to solution
DMH2000
Contributor

Posted on ‎06-01-2023 11:03 AM

@spesh Thank you! Yeah, my manager had us looking at Intune MDM for Mac... I think I'd retire first before going there!!!  Thank you for the explanation, and yes I did see that warning message... Another bucket of worms.

0 Kudos