Troubleshooting the JamfAAD Pre-fill Authentication Issue

Symptoms

Users with pre-filled usernames are unable to authenticate to Azure on first attempt. The user must click Sign in with another account and re-enter their login credentials to successfully authenticate.

Explanation

The JamfAAD pre-fill feature introduced in Jamf Pro 10.14.0 may cause an issue (PI-007330) with the authentication experience in environments that use both the Microsoft Intune Integration and Active Directory Federation Services to authenticate to Azure.

Resolution

To resolve this issue, upgrade to Jamf Pro 10.17.0 or later and complete the procedure below.

Note:

Upgrading to Jamf Pro 10.17.0 or later does not automatically fix the issue caused by PI-007330. You must complete the procedure below to resolve the authentication issue.

Deploy the following .plist file to computers using a configuration profile with the Custom Settings payload configured:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>disableUPNLoginHint</key>
<true/>
</dict>
</plist>

When configuring the Custom Settings payload, enter the following in the Preference Domain field:

com.jamf.management.jamfAAD

For instructions on deploying configuration profiles with the Custom Settings payload configured, see the Deploying Custom Configuration Profiles Using Jamf Pro article.