Removing a Jamf-managed device from Intune You can remove a Jamf-managed device from the Intune console by selecting Delete in the All devices view. If anyone comes up with anything better, please let us know. Select Add permission to save this configuration. This payload allows you to upload a custom. We've been seeing some failures piling up as well. Have a question or comment? There are two different ways to distribute a computer configuration profile: install it automatically requires no interaction from the user or make it available in Self Service.
Specify a distribution point for computers to download the package from. Computer-level Configuration Profile payloads include: Passcode The Passcode payload allows you to require all users on the computer to have a password that meets the restrictions you specify. Select the New client secret button. What's more, while a change made by a Policy could be undone by a user with the correct permissions, a setting enforced by a Configuration Profile is more or less set in stone while it is applied. Personally I like to have more metadata for organizational and historical purposes, so many of the pkginfo keys like category and developer in my example file below are by no means required. Thanks for the awesome guide. Set up compliance policies and register devices After you configure integration between Intune and Jamf, you need to.
While Configuration Profiles are scoped similarly to Policies, they do not offer any of the same control as to when they apply, or how often. This payload also allows you to add a X. Shonda walks through the entire process of configuring integration of Microsoft Intune and Jamf Pro, creating and deploying policies and profiles, as well as enrolling and registering your Mac computers. Hypothetically, how would you want that to work? Check out the for more info. Would you like to answer one of these instead? I'm going to add my vote to this as well. The fact that it is pulling that one is probably due to wrong file permissions on your script file. When the Azure password changes, it will inform the user to sync the local password for instance.
First and foremost…Thank you for replying and not just replying; but responding so swiftly. Download the profiles from the Jamf Pro server using the Download button. Click Close Application and Install. Now we are gonna make an application inside portal. Set the name and numbering you wish to use. With jamf Connect would there be any options to build in group memberships on Mac´s. This requires access to both the Intune and Jamf Pro consoles.
For each profile, you can view the number of computers for which the profile installation has a Completed, Remaining, or Failed status. Check the profiles you wish to install - keep Wifi checked too. If an end user launches the Company Portal manually, they will see a warning, 'AccountNotOnboarded'. One or two failed attempts can often be explained away, but after something fails 10 times, somethin' be busted. Creating a new application for Jamf Pro in Microsoft Azure 2. Click Get the app to install the Company Portal.
Can o'worms now Erin : Custom is a great idea!!!! Just to make sure everything is repackaged as it should be, as you might run against some issues when trying to sign the package or when deploying it through a prestage. Unlike Policies, Configuration Profiles have two levels at which they may apply: the Computer Level, which has payloads affecting computer-wide settings, and at the User Level, with payloads affecting per-user profile settings. We have found that, in our environment, this payload is not necessarily reliable. To answer your questions, the login that comes up on step 17 is a prompt from the Company Portal app to authenticate and begin the registration process with Azure. Hopefully some more visibility will go a long way to changing that. Only think I can think of is permissions which have not been applied correctly or not retained when you created the package or a typo in the path of the script in the plist. Quite straight forward, no rocket science at all! Devices will ignore the options that do not pertain to their device type.
I would think custom is the way to go that way you could different retries for different profiles. Restore still set to Don't Restore Backup. Click Download to begin enrollment. It sounds like everyone agrees that it shouldn't just retry indefinitely, which makes a ton of sense. So my question is this.
And before any security guys reading this jump on their high horse, a quick disclaimer :-. After some work, I figured out a minimum payload profile that would enable FileVault 2 only, and leave the other settings at default or user set. Yeah, this is definitely a bummer. So until we go all on azure I can understand that there is no need to go for Jamf connect. Not the answer you're looking for? What do you recommend for us to increase throughput there and let us test the tweaks faster? This profile tested fine when deployed locally, but failed when deployed via Jamf Pro. But as said there are actually 2 alternatives which you might consider as well. Upload the Company Portal app to Jamf Pro as a package 1.
This blog has resulted from recent questions in the and internally on how to sign a configuration profile. Downloading a Computer Configuration Profile If you want to view the contents of a computer configuration profile for troubleshooting purposes, you can download the profile. Note: Depending on your system configuration, some historical log data may not be available for profiles installed using 9. That is when the enrollment profile errors out. . Although you cannot view or edit these payloads, they are still applied to computers and users.
Note: Some payloads and settings configured with Profile Manager are not displayed in Jamf Pro. Quality of Service QoS options are also available, including the option to mark certain applications for Fast Lane service. As I did not want to touch the official installer I created my own package as follows. Enter a display name e. Click the Edit button on the Microsoft Intune Integration tab.