Help

Entra ID not evaluating Device Compliance for Macs

Jose_Amaya
New Contributor III

4 weeks ago

I've setup the "Device Compliance" in Jamf as well as the "Partners Compliance Management" in Entra ID successfully and syncs daily with Jamf. However, it appears that after a macOS device has registered in Entra ID, a day later it's no longer compliant and "MDM" is no longer reporting as "Microsoft Intune" but as "N/A". 

Screenshot 2024-04-22 at 10.01.02 PM.png

 

In Intune, all macOS devices are also not reporting any compliance status. Any suggestions?

Screenshot 2024-04-22 at 9.58.27 PM.png

 

Screenshot 2024-04-22 at 11.53.11 PM.png

 

 

0 Kudos
12 REPLIES 12

DBrowning
Valued Contributor II

4 weeks ago

Since you can only register a device in 1 MDM, you will not see devices or get updates in Intune.  You will only see devices in Entra. It sounds like maybe you are going from Intune to Jamf for your MDM?

0 Kudos

Jose_Amaya
New Contributor III
In response to DBrowning

4 weeks ago

Thank you for your quick response, DBrowning. As you may already know, this is the Microsoft documentation I was following to setup Device Compliance in Jamf. You might be right about Macs not reporting in Intune, since can't any documentation that states of macs report to Intune. However, the leaves the question about macs not reporting as compliant a day after the device is register.

Also, one other piece of information to note is that the Company Portal app reports the mac as not managed. In the past, it use to report that it was managed.

0 Kudos

DBrowning
Valued Contributor II

4 weeks ago

Are you going from managing them via intune to manging them via Jamf?

 

0 Kudos

Jose_Amaya
New Contributor III
In response to DBrowning

4 weeks ago

Correct, Intune is managing macs through Jamf.

0 Kudos

DBrowning
Valued Contributor II

4 weeks ago

I don't believe you understand the question.  What MDM are you enrolling your devices into?

0 Kudos

Jose_Amaya
New Contributor III
In response to DBrowning

4 weeks ago

My apologies. All macOS devices are enrolled to Jamf and that's only MDM that's installed.

0 Kudos

DBrowning
Valued Contributor II

4 weeks ago

Did you previous use Conditional Access and are now moving over to Device Compliance?

0 Kudos

Jose_Amaya
New Contributor III

4 weeks ago

No, we started with Device Compliance, never used Conditional Access with Jamf.

0 Kudos

DBrowning
Valued Contributor II

4 weeks ago

Interesting.....you should have never seen Mac devices in Intune then.  You should only see them in Entra (portal.azure.com).  I'd recommend taking a look at this: https://github.com/benwhitis/Jamf_Conditional_Access/wiki/MacOS-Conditional-Access-Best-Practices as well to make sure you are setting things up.  After that, I'd suggest opening tickets with Jamf and MS to see if there is anything else.  

0 Kudos

Jose_Amaya
New Contributor III

4 weeks ago

Thank you, DBRowning, for your time. I'll review the documentation further, but just one follow-up question. The documentation you suggested appears to cover the topic about Conditional Access Best Practices, will this help with Device Compliance?

0 Kudos

DBrowning
Valued Contributor II
In response to Jose_Amaya

4 weeks ago

in this sense, they are same.  

0 Kudos

RolindaS
New Contributor
In response to Jose_Amaya

a week ago

Hi Jose, have you made any progress on this, i'm also experiencing the same issue. 

0 Kudos