Troubleshooting Intune Registration for Jamf-managed devices NOTE: AuthN primarily deals with user identity: who is this person? Is she who she says she is? All client apps using ADAL (Azure Active Directory Authentication Library) can do device AuthN, but users will see Ke圜hain access password prompts. The Intune Company Portal app is required to do device registration, which occurs during JamF .Login keychain typically has the same password as the MacOS sign-in password, however it could also have a different password.Login keychain access is needed to complete device authentication on MacOS.The WPJ state is stored in Login keychain.Notes on MacOS Authentication and Registration This device identity is needed for Intune registration. It uses the public-private key infrastructure, and on the device/client side it’s referred to as workplace joined (WPJ)/ domain-joined (DJ)/ Azure AD-joined (AADJ) whereas on the server side it is referred to as Azure Device Registration Service (ADRS or simply DRS). If the Mac device is compliant with the conditional access policies configured, it will be allowed access to the protected company resources.ĭevice registration is the process in which a device’s identity is established in AAD. This inventory data can then be analyzed by Intune’s compliance engine to generate a report, then combined with intelligence about the user’s identity, enforce conditional access via EMS. Jamf does this by allowing admins to sync their Mac inventory data with Intune and the Microsoft Cloud. If your organization uses Jamf Pro to manage macOS devices, you can use Microsoft Intune compliance policies with Azure Active Directory conditional access to ensure that devices in your organization are compliant before accessing company resources. They will advise whether a case needs to be opened with Microsoft. NOTE If you encounter issues with the integration of Jamf and Intune, please open a ticket with Jamf first. Support Engineer Lucas Lenard (Support Engineer I and Geoff Root (Test Engineer I who worked closely with Shonda to get this article created. Shonda already published detailed steps on getting Jamf integration configured here, and today she follows that up with an article on how to troubleshoot integration if you encounter any issues. Massive thanks to gabe2385 and junjishimazaki for their assistance.Hi everyone, today we have another post from Intune Support Engineer and resident Jamf expert Shonda Hodge. If your company does not use logins verify that any login keys are removed). Verify Keychain Access keys are correct (publickey, privatekey, and login if used. Verify that the jss_url is correct in /Library/Preferences/ so it gave an unable to connect to MDM server error as a result. Further attempts to open Self Service were relying on those credentials and those were being denied by the server. Removing the login password from Keychain Access resolved the issue.įrom what I can tell, it seems someone tried to log into Self Service, and saved credentials which don't actually work there. We don't use the user logins on Self Service (it has been enabled for techs, but not for standard users and isn't built out enough for regular use). It is Keychain Access, but it's not the private or public key the user had a password enrolled for automatic login to Self Service. This information allowed us to further troubleshoot and we were able to find the issue! If anyone has any idea what this could be I'm open to further troubleshooting. Self Service appears to be the only thing affected. The Mac still has access to jamf controls via terminal, still receiving profiles and policies, still reporting in all information to the server. Issue is present both on and off VPN (so that is irrelevant).Ĭurrently this is only affecting the one machine but as I don't have a fix there's trouble if it spreads. I did find the list of ports, but we aren't seeing any blocked ports (on machine, router, or via ISP). also tested:Ĭomputer restart, trying from an IT account (removes any variables from the users startup items), refreshing the MDM, clean uninstall and reinstall of the JAMF Framework. There's a similar error "connecting to jamf server" which can be resolved by simply uninstalling and allowing JAMF to reinstall Self Service. We've been using JAMF for a few years mostly without issue - this is the first time we're seeing this error. The last post I can find relating to this is from 2017 There isn't a solution there and I've tried almost everything previously listed.
0 Comments
Leave a Reply. |