Help

Integrating Jamf Pro with Intune

MacJunior
Contributor III

Posted on ‎06-16-2023 06:03 AM

Hey everyone, 

 

I'm thinking to start integrating our Jamf Pro instance with Intune just for the sake of having confidtionl access, what do you think? any issues that I will encounter? tips?

Thanks

0 Kudos
5 REPLIES 5

sdagley
Esteemed Contributor II

‎06-16-2023 07:25 AM - edited ‎06-16-2023 07:25 AM

@MacJunior Your timing is good, the new(er) Device Compliance integration between Jamf Pro and Intune/AzureAD is much less complicated/fragile than the older Conditional Access integration. Compliance evaluation is now handled via a Jamf Pro Smart Group so you have much more flexibility in the criteria that can be used to determine compliance.

Unfortunately there isn't a large volume of information available about the new Device Compliance integration, and searching will turn up primarily material on the older Conditional Access integration. Here's a link tot he latest Jamf documentation on Device Compliance configuration: https://learn.jamf.com/bundle/jamf-pro-documentation-current/page/Device_Compliance.html There is also a JNUC22 session on the new integration: https://www.jamf.com/blog/microsoft-partner-compliance-management-api-for-macos-jnuc2022/

 

MacJunior
Contributor III

Posted on ‎06-19-2023 04:39 AM

@sdagley how about the personal Mac devices "BYOD" .. how can we restrict those devices from accessing our company resources if they don't match our security criteria? any thoughts?

0 Kudos

sdagley
Esteemed Contributor II
In response to MacJunior

Posted on ‎06-19-2023 07:06 PM

@MacJunior I would strongly discourage any sort of BYOD for macOS devices at this time. There is no support in macOS for a managed "partition" like is currently supported on iOS/iPadOS. Unless your users are willing to grant your company total control over their personal Mac (which I do not think that anyone should, or would want to, do) you're not going to be able to enforce your org's security criteria.

0 Kudos

MacJunior
Contributor III

Posted on ‎06-20-2023 02:34 AM

Then how do companies figure out if an employee is using their personal Mac to access their resources!? how do they protect their data? I feel i'm missing something here.

0 Kudos

sdagley
Esteemed Contributor II
In response to MacJunior

‎06-20-2023 12:41 PM - edited ‎06-20-2023 12:42 PM

@MacJunior If you're using Jamf Pro/Intune/Device Compliance you're going to be requiring a company managed device that's configured properly before it can access your M365 connected services. Another access restriction approach is that a device be connected to your corporate network before it'll have access, and that connection can depend on a VPN that does a compliance check or a system like Cisco ISE so non-corporate devices aren't allowed on the network.

0 Kudos