In a number of logs I really have been trying over we can see examples of this. @hdsreid it doesn’t have something to do with iOS Device Compliance. That is a separate set of Enterprise Apps that do the server facet and consumer side call outs.
Selecting Always Allow for one app only approves that app for future sign-in. Additional apps prompt for authentication until additionally they are set as Always Allow. Cached credentials for one app cannot be utilized by one other app. After a tool is marked as Unresponsive by Jamf Pro, the enrolled user of the gadget must check in to correct the non-responsive state. It must be the consumer who has workplace-joined the account as they have the identification from Intune of their keychain.
Those settings are described within the table beneath and are beneficial. Then the CAB would be configured to require compliant gadgets for “All Cloud Apps”, excluding the “Jamf Pro” and “Intune Enrollment” apps. The “Jamf Pro” app permits for the preliminary enrollment login from an unmanaged system and then the “Intune Enrollment” app lets you register the device . Now, let’s transfer to how we will work round this and tips on how to enable finish users to access the change password URL through the Jamf Connect Menu Bar app in subsequent section of this blogpost.
That session is then used across the different supported apps, on their Apple device, without requiring users to authenticate again. Personally I choose to make use of “All Cloud Apps” because new apps are added with out you presumably realizing it and this would leave them uncovered until you manually add them. This is not optimal in case your aim is to safe all cloud companies from unmanaged units. Next, I assigned my endusers to the app created in step 2. As this would be the app for which I’ll configure the Jamf Connect plists. No must assign any users to the app created in step 1.
This week is all concerning the Microsoft Enterprise SSO plug-in for Apple units. That plug-in supplies single sign-on for Azure AD accounts throughout all apps that help the enterprise SSO feature of Apple. The plug-in is supplied on iOS/iPadOS units as an extension of the Microsoft Authenticator app and the plug-in is supplied on macOS gadgets as an extension of the Company Portal app. The extensions could be enabled by utilizing Microsoft Intune.
The Adobe re-packaging KB particularly mentions “Temporary workaround to deploy Named User or Shared Device Licensing packages to Apple desktop gadgets that use the M1 chip.” . It is not specified which versions of these functions are compatible but I’d assume it’ll be the latest version . This similar behaviour was repeated once bad trumpadjacent delights meyers I re-ran registration, wiped and re-deployed the system, and in addition after eradicating the device from Azure AD (and ready the minutes for things to settle down). We are going through a mayor concern when registrating our devices to Intune for compliancy. Could not retrieve the access token for Microsoft Graph API. Check the configuration for Microsoft Intune Integration.
The webauth ought to go through Chrome Canary but it should work fine, I’ve tried it with some VMs and bodily machines and it has been working really well. After that any jamfAAD gatherAADInfo agent/session that needs interactive mode will default to Safari for the ASWebAuth. @IamGroot and @vcherubino So far only Safari works but actually Jamf should repair such issues and it should not be something solely that may be carried out through for instance a particular browser. Thank you for confirming and sure the problem was resolved by just changing default browser to Safari with out deleting something.
JamfAAD will then run and gather the info of the WPJ key info, UPN, and AAD ID created for the new gadget record on AAD by Company Portal.app and submit that info to Jamf Pro. Log into your supply Jamf Pro server and create a model new script. I’d suggest sticking with the default name of apiMDM_remove.
That experience is proven below, in Figure three, by navigating to portal.office.com and easily picking the required account. For Jamf Connect Login, the precise fact of having an “All Cloud Apps” CAP with “Require system to be compliant” breaks jamf Connect Login. In that case you’ll need to undergo a fancy setup as per above to have the ability to exclude the Jamf Connect Login app. As you can see I also added the ‘resetpassword’ area to be hidden as the subject of this blogpost also applies to resetting the password by way of Azure. Disregard this warning if you are configuring persistent browser session coverage that works accurately provided that “All cloud apps” are chosen.