![]() ![]() When you create the app in Azure, you must remove all default API permissions and then assign Intune a single permission of update_device_attributes. The Jamf Pro enterprise application in Azure has the wrong permission or has more than one permission. Cause 1 - Jamf Pro doesn't have correct permissions There are several common causes for Mac devices that fail to register with Intune through Jamf Pro. Cached credentials for one app can't be used by another app. Additional apps prompt for authentication until they also are set as Always Allow. Selecting Always Allow for one app only approves that app for future sign-in. The next time the app opens, it doesn't prompt for sign-in. Always Allow - The sign-in credentials are cached for the application.The next time the app opens, it prompts for sign-in again. Deny - Do not sign in and do not use the app.To allow this, enter the "login" keychain passwordĬause: These prompts are generated by Jamf Pro for each applicable app that requires Azure AD registration.Īt the prompt, the user must provide their device password to sign in to Azure AD. Microsoft Teams wants to sign using key "Microsoft Workplace Join Key" in your keychain. Mac devices prompt for keychain sign-in when you open an appĪfter you configure Intune and Jamf Pro integration and deploy conditional access policies, users of devices managed with Jamf Pro receive password prompts when opening Microsoft 365 applications, such as Teams, Outlook, and other apps that require Azure AD authentication.įor example, a prompt with text similar to the following example appears when opening Microsoft Teams: It must be the user who has workplace-joined the account as they have the identity from Intune in their keychain. A refresh token for Azure access is generated every seven days.Īfter a device is marked as Unresponsive by Jamf Pro, the enrolled user of the device must sign in to correct the non-responsive state. If the Azure token expires, users are prompted to sign in to Azure to obtain a new token.When the token refresh fails for 24 hours or more, Jamf Pro marks the device as unresponsive.With successful registration to Azure AD, macOS devices receive an Azure token: ![]() Devices are marked as unresponsive by Jamf when they fail to check in over a 24-hour period. Jamf Pro expects devices to check in every 15 minutes. How many devices are affected (all devices or just some)ĭevices are marked as unresponsive in Jamf ProĬause: The following are common causes of devices being marked as Unresponsive by Jamf Pro:.How many users are affected (all users or just some).When the problem started, and whether your Jamf Pro integration with Intune worked previously.You must have a user account that has Global Admin permissions in Azure.Ĭollect the following information when investigating Jamf Pro integration with Intune:.You must have a user account that has Microsoft Intune Integration permissions in the Jamf Pro console.All users must have Microsoft Intune and Microsoft Azure Active Directory (Azure AD) Premium P1 licenses.Use the Jamf Cloud Connector to integrate Jamf Pro with Intune.Review the prerequisites from the following articles, depending on how you configure Jamf Pro integration with Intune:.Consider the following before you start troubleshooting: For example, when you encounter a Jamf-Intune integration-related issue, always verify that prerequisites have been met. Prerequisitesīefore you start troubleshooting, collect some basic information to clarify the problem and reduce the time to find a resolution. Each of the following sections describes a common issue, and offers a potential cause and troubleshooting steps for a resolution. The Grant admin consent for your organization button, and then click Yes.This article helps Intune administrators understand and troubleshoot problems with integration of Jamf Pro for macOS with Microsoft Intune. Click Application permissions, and then select. Search for and click Windows Azure Active Directory. Under Microsoft Graph, click Application permissions, and then select. Click Application permissions, and then select update_device_attributes. ![]() Search for and click Microsoft Intune API. Remove all permissions, including the default permissions. Microsoft Azure allows you to have both the old secret and new secret active to prevent service disruptions. If the Client Secret expires, you must add a new Client Secret in Microsoft Azure, and then update your macOS Intune Integration configuration in Jamf Pro. The value for the secret is shown only once after the secret is added. Important: The Client Secret value is required to configure the macOS Intune Integration setting in Jamf Pro. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |