- Jamf Nation Community
- Products
- Jamf Pro
- Re: Conditional Access
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Conditional Access
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-22-2017 02:22 PM
Our organization is moving to O365 Services and wants to implement Conditional Access. Ideally any client joined to company domain will sync with Azure AD and CA policies will be applied. Is that possible via JAMF as Microsoft has clearly stated that it will be only applicable to those machine which are enrolled to Intune.
Any suggestion.
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-23-2017 11:42 AM
Thank you for the feedback!
I'd suggest that you submit a Feature Request. That will allow us to keep you and the entire Jamf Nation community updated and get additional feedback and votes for this functionality.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-25-2017 03:27 PM
We are testing the following to control which devices can access our corporate resources.
- Setup a Windows Server 2008 or 2012 CA with a Apple iOS CA Template for Device Certificate deployment using the JSS.
- Setup a Windows NDES on Windows Server 2008 or 2012 and have it use the Apple iOS / macOS Template hosted on the CA
- Create a new ActiveSync Connection on Exchange that will only allow iOS / macOS certificate authentication.
- Setup an Exchange Configuration Profile for iOS / macOs devices and include the (SCEP Profile) / macOS (AD Certificate Profile)
- You can also use the AD Certificate Profile with a Wireless Profile (802.1x) for Device Certificate Authentication for Mac laptops
We only allow devices managed by our JSS and with the Exchange / Device Certificate profile to connect to our corporate resources. Everyone else is blocked until they are managed by our JSS. You don't really need Intune MDM, but I do recommend configuring InTune MAM policies on O365 to enable DLP on the Office iOS Apps. Works great in our environment and is free if you have InTune Mobility Suite licenses.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-26-2017 10:58 AM
In addition to the above mentioned, we are using claims rules to restrict access.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-17-2017 09:05 PM
We are also facing the same issue where the Intune/Company Portal preview is not able to install an MDM profile because Casper is managing our Mac fleet already. I'm curious to understand if TreviñoL's solution works in a mixed Windows/Mac environment as well as other Office 365 apps besides Exchange Online. We are using Conditional Access to protect against single factor authentication to the entire O365 suite and not just Exchange Online.
If JAMF could work with Microsoft to support this feature that would be great!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-18-2017 11:24 AM
It's my understanding that MS Conditional Access doesn't fully support the macOS at this time.
C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-03-2017 06:53 AM
We are happy to say that we have a purpose-built solution coming. If you have not seen this thread and the Jamf announcement for Conditional Access collaboration with Microsoft EMS, please refer to the following links.
- Jamf Nation Discussion "Jamf Intune Integration"
- Jamf Announcement
Reply
