Help

New Conditional Access Rule requires Known Device

gda
Contributor

Thursday

Hi All.

Our security team wants to implement a "Catch All"-Conditional Access Rule which requires a known device.

Jamf Connect does not send this Device ID to Entra when syncing passwords. For Entra this request would've been sent from an unknown device. See screenshot: No Device ID. :(

 

There seems to be a workaround here: https://learn.jamf.com/en-US/bundle/jamf-connect-documentation-current/page/Jamf_Connect_and_Microso...

 

But I'm curious, isn't there any other way to allow Jamf Connect to use the Device ID? I mean it's on the computer, isn't it?

 

Preview file
73 KB
0 Kudos
Reply
2 REPLIES 2

DBrowning
Valued Contributor II

Thursday

We are exploring a "block all unless compliant" policy as well.  When I look at the CA logs, I'm seeing the JC Sync app is just not having our policy applied.  I didn't do any of the steps in the "make JC work with CA"

DBrowning_0-1738851268575.png

 

0 Kudos
Reply

AJPinto
Esteemed Contributor

Thursday

Sounds like whoever is driving this inititave needs to contact microsoft and ask for best practices on how to configure a similar workflow for macOS. 

 

I would imagne Jamf Connect is not the tool to meet this need, Maybe PSSO but even that is a stretch but at least PSSO with entra would have Entra AD objects created.

Reply