![]() If you manually configured the integration, you created the app in Azure AD. If you use the Jamf Pro Cloud Connector, this app was created for you. Review and if necessary correct the permissions for the Jamf app. When you create the app in Azure, you must remove all default API permissions and then assign Intune a single permission of update_device_attributes. The Jamf Pro enterprise application in Azure has the wrong permission or has more than one permission. Cause 1 - Jamf Pro doesn't have correct permissions There are several common causes for Mac devices that fail to register with Intune through Jamf Pro. Cached credentials for one app can't be used by another app. Additional apps prompt for authentication until they also are set as Always Allow. Selecting Always Allow for one app only approves that app for future sign-in. The next time the app opens, it doesn't prompt for sign-in. Always Allow - The sign-in credentials are cached for the application.The next time the app opens, it prompts for sign-in again. Deny - Do not sign in and do not use the app.To allow this, enter the "login" keychain passwordĬause: These prompts are generated by Jamf Pro for each applicable app that requires Azure AD registration.Īt the prompt, the user must provide their device password to sign in to Azure AD. Microsoft Teams wants to sign using key "Microsoft Workplace Join Key" in your keychain. Mac devices prompt for keychain sign-in when you open an appĪfter you configure Intune and Jamf Pro integration and deploy conditional access policies, users of devices managed with Jamf Pro receive password prompts when opening Microsoft 365 applications, such as Teams, Outlook, and other apps that require Azure AD authentication.įor example, a prompt with text similar to the following example appears when opening Microsoft Teams: It must be the user who has workplace-joined the account as they have the identity from Intune in their keychain. A refresh token for Azure access is generated every seven days.Īfter a device is marked as Unresponsive by Jamf Pro, the enrolled user of the device must sign in to correct the non-responsive state. If the Azure token expires, users are prompted to sign in to Azure to obtain a new token. ![]() When the token refresh fails for 24 hours or more, Jamf Pro marks the device as unresponsive.With successful registration to Azure AD, macOS devices receive an Azure token: Devices are marked as unresponsive by Jamf when they fail to check in over a 24-hour period. Jamf Pro expects devices to check in every 15 minutes. How many devices are affected (all devices or just some)ĭevices are marked as unresponsive in Jamf ProĬause: The following are common causes of devices being marked as Unresponsive by Jamf Pro:.How many users are affected (all users or just some).When the problem started, and whether your Jamf Pro integration with Intune worked previously.You must have a user account that has Global Admin permissions in Azure.Ĭollect the following information when investigating Jamf Pro integration with Intune:.You must have a user account that has Microsoft Intune Integration permissions in the Jamf Pro console.All users must have Microsoft Intune and Microsoft Azure Active Directory (Azure AD) Premium P1 licenses.Use the Jamf Cloud Connector to integrate Jamf Pro with Intune. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |