- Jamf Nation Community
- Products
- Jamf Pro
- device_aad_information
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-27-2023 04:30 PM
According to this article the device_aad_information is written to the Jamf database, how can I use this to create a smart group or at least show in Jamf if it is registered with Azure AD
https://learn.jamf.com/bundle/technical-paper-microsoft-intune-current/page/Computer_Regisration_for...
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-27-2023 07:47 PM
@barrycuda Here's an EA that will tell you the state of the Jamf AAD configuration:
#!/bin/sh
# Originally written by Ben Whitis - 08/11/2022
# Revised by @sdagley 2023-09-27
# EA - Intune Registration Status
# Returns one of the following:
# "Not Registered"
# No MSOrganizationAccess certificate found so user has not enrolled via Company Portal
# "Registered"
# Enrolled with Company Portal and Jamf AAD
# "MSOrganizationAccessCert present but AAD ID not acquired"
# User has enrolled with Company Portal but Jamf AAD enrollment not completed
# "MSOrganizationAccess Cert present but JamfAAD Plist missing"
# User has enrolled with Company Portal but Jamf AAD settings file not found
loggedInUser=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
# Presume not registered
result="Not Registered"
# Check if MSOrganizationAccess certificate is present
MSOrganizationAccessCert=$(security dump "/Users/$loggedInUser/Library/Keychains/login.keychain-db" | grep MS-ORGANIZATION-ACCESS)
if [ -n "$MSOrganizationAccessCert" ]; then
# MSOrganizationAccess certificate is present, check if jamfAAD plist exists
jamfAADPlist="/Users/$loggedInUser/Library/Preferences/com.jamf.management.jamfAAD.plist"
if [ -f "$jamfAADPlist" ]; then
# jamfAAD.plist exists, check if jamfAAD has acquired AAD ID
AAD_ID=$(defaults read "/Users/$loggedInUser/Library/Preferences/com.jamf.management.jamfAAD.plist" have_an_Azure_id)
if [ "$AAD_ID" -eq "1" ]; then
# jamfAAD ID exists
result="Registered"
else
# MSOrganizationAccess certificate is present but no AAD ID acquired:
result="MSOrganizationAccessCert Present but AAD ID not acquired"
fi
else
# jamfAAD.plist doesn't exist
result="MSOrganizationAccess Cert present but JamfAAD Plist missing"
fi
fi
echo "<result>$result</result>"My thanks to Jeff Anderson on MacAdmins Slack who originally let me know about Ben's original version of this EA
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-27-2023 07:47 PM
@barrycuda Here's an EA that will tell you the state of the Jamf AAD configuration:
#!/bin/sh
# Originally written by Ben Whitis - 08/11/2022
# Revised by @sdagley 2023-09-27
# EA - Intune Registration Status
# Returns one of the following:
# "Not Registered"
# No MSOrganizationAccess certificate found so user has not enrolled via Company Portal
# "Registered"
# Enrolled with Company Portal and Jamf AAD
# "MSOrganizationAccessCert present but AAD ID not acquired"
# User has enrolled with Company Portal but Jamf AAD enrollment not completed
# "MSOrganizationAccess Cert present but JamfAAD Plist missing"
# User has enrolled with Company Portal but Jamf AAD settings file not found
loggedInUser=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
# Presume not registered
result="Not Registered"
# Check if MSOrganizationAccess certificate is present
MSOrganizationAccessCert=$(security dump "/Users/$loggedInUser/Library/Keychains/login.keychain-db" | grep MS-ORGANIZATION-ACCESS)
if [ -n "$MSOrganizationAccessCert" ]; then
# MSOrganizationAccess certificate is present, check if jamfAAD plist exists
jamfAADPlist="/Users/$loggedInUser/Library/Preferences/com.jamf.management.jamfAAD.plist"
if [ -f "$jamfAADPlist" ]; then
# jamfAAD.plist exists, check if jamfAAD has acquired AAD ID
AAD_ID=$(defaults read "/Users/$loggedInUser/Library/Preferences/com.jamf.management.jamfAAD.plist" have_an_Azure_id)
if [ "$AAD_ID" -eq "1" ]; then
# jamfAAD ID exists
result="Registered"
else
# MSOrganizationAccess certificate is present but no AAD ID acquired:
result="MSOrganizationAccessCert Present but AAD ID not acquired"
fi
else
# jamfAAD.plist doesn't exist
result="MSOrganizationAccess Cert present but JamfAAD Plist missing"
fi
fi
echo "<result>$result</result>"My thanks to Jeff Anderson on MacAdmins Slack who originally let me know about Ben's original version of this EA
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-28-2023 05:59 AM
That is awesome... Works like a charm
