Integrating Jamf Pro with Intune
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-16-2023 06:03 AM
Hey everyone,
I'm thinking to start integrating our Jamf Pro instance with Intune just for the sake of having confidtionl access, what do you think? any issues that I will encounter? tips?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-16-2023 07:25 AM - edited 06-16-2023 07:25 AM
@MacJunior Your timing is good, the new(er) Device Compliance integration between Jamf Pro and Intune/AzureAD is much less complicated/fragile than the older Conditional Access integration. Compliance evaluation is now handled via a Jamf Pro Smart Group so you have much more flexibility in the criteria that can be used to determine compliance.
Unfortunately there isn't a large volume of information available about the new Device Compliance integration, and searching will turn up primarily material on the older Conditional Access integration. Here's a link tot he latest Jamf documentation on Device Compliance configuration: https://learn.jamf.com/bundle/jamf-pro-documentation-current/page/Device_Compliance.html There is also a JNUC22 session on the new integration: https://www.jamf.com/blog/microsoft-partner-compliance-management-api-for-macos-jnuc2022/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-19-2023 04:39 AM
@sdagley how about the personal Mac devices "BYOD" .. how can we restrict those devices from accessing our company resources if they don't match our security criteria? any thoughts?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-19-2023 07:06 PM
@MacJunior I would strongly discourage any sort of BYOD for macOS devices at this time. There is no support in macOS for a managed "partition" like is currently supported on iOS/iPadOS. Unless your users are willing to grant your company total control over their personal Mac (which I do not think that anyone should, or would want to, do) you're not going to be able to enforce your org's security criteria.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-20-2023 02:34 AM
Then how do companies figure out if an employee is using their personal Mac to access their resources!? how do they protect their data? I feel i'm missing something here.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-20-2023 12:41 PM - edited 06-20-2023 12:42 PM
@MacJunior If you're using Jamf Pro/Intune/Device Compliance you're going to be requiring a company managed device that's configured properly before it can access your M365 connected services. Another access restriction approach is that a device be connected to your corporate network before it'll have access, and that connection can depend on a VPN that does a compliance check or a system like Cisco ISE so non-corporate devices aren't allowed on the network.
