After you install the Company Portal app on the computer, users must register their computers with Azure Active Directory (Azure AD). Due to Authentication Services framework limitations, the workflow can run in one of the following web browsers: Safari, Microsoft Edge 92 or later, or Google Chrome 92 or later. The following section describes the computer registration process:

1. The user runs the registration policy from Jamf Self Service for macOS. For instructions on creating this policy, see the Create a Policy Directing Users to Register Mac Computers with Azure Active Directory section of this technical paper.

   

2. After the user runs the registration policy, the Company Portal app opens.

3. The user enters their Azure AD authentication credentials in the Company Portal app. Workplace Join opens after the user successfully enters their authentication credentials. This creates the computer record in Microsoft Azure. If the computer is managed by Jamf Pro and compliant, a message displays stating that registration was successful.

   Note: Inventory information for the computer does not display in Microsoft Intune at this point.

   

4. JamfAAD opens.

   

   Depending on your environment, the user is asked to do one of the following:

   • If your environment has Azure AD federation configured, the user is prompted to enter their authentication credentials for a second time and accept a multi-factor authentication prompt if configured.

   • If your environment only uses Azure AD accounts, the user is prompted to enter their passwords again and accept a multi-factor authentication prompt if configured.

   Note: The JamfAAD pre-fill feature introduced in Jamf Pro 10.14.0 may cause an issue with the authentication experience in environments that use Active Directory Federation Services to authenticate to Azure. See the Troubleshooting the JamfAAD Pre-fill Authentication Issue article for instructions on resolving the authentication issue.

5. The user is prompted to unlock the login keychain in Keychain Access to grant permissions.
   
   JamfAAD sends the token with the Azure AD information to Jamf Pro. Jamf Pro sends computer inventory information to Microsoft Intune and the computer record is created in Intune after compliance is calculated for the first time. The Azure AD information is stored in the device_aad_information table in the Jamf Pro database.