Block ActiveSync for non-Jamf enrolled devices

msergi
New Contributor III

Hello wondering if anyone has dealt with this ask, or a similar situation before - we have been brainstorming but have not come up with a clean solution as of yet.

We want to only allow a device to connect to our on-prem exchange/ActiveSync if it is enrolled in Jamf. I know this is easy to do with intune --- It is my understanding that this can be done with user certs but Jamf ADCS cannot deploy user certs at this time. Has anyone else come up with a method of locking down activesync only for Jamf devices? I am more familiar with Jamf than I am with the ActiveSync side as we have the Exchange administrator managing that.

Thanks in advance

2 REPLIES 2

nateburt
New Contributor III

You may want to discuss this with your Microsoft admin. Intune integration with Jamf can allow Microsoft Conditional Access to apply to your Jamf-managed devices (as well as Windows 10 & Android). This allows you to keep using Jamf, while Intune gets a minimal sync of data for compliance-checking.

msergi
New Contributor III

Thank you for the comment/information, last I knew we did not have proper intune licensing, but I will explore this option with management as it seems like the most effective/easiest implementation