Intune integration & Compliance Benchmarks

ks25
New Contributor II

Guys,

Since Jamf introduced Compliance Benchmarks which helps admin to manage and report security compliance on macOS. If that's the case, then Intune integration is mainly for conditional access and no need to check for compliance status as Jamf itself let us know the device compliance status. Is my understanding being correct?

3 REPLIES 3

AJPinto
Honored Contributor III

Jamf retired the Compliance Reporter last month, and "replaced" it with Jamf Protect Offline Mode. Im not sure if there is a licensing cost to this Jamf Protect Offline Mode, but it can be deployed by any MDM. With how new this tool is I don't know much more about it, but I put the link to the documentation below.

https://learn.jamf.com/en-US/bundle/jamf-protect-offline-deployment/page/Protect_Offline_Mode.html

sdagley
Esteemed Contributor II

@ks25 In essence yes. The old Conditional Access integration where Jamf provided inventory data to Intune for compliance evaluation is deprecated and soon to be disabled. With the replacement Device Compliance integration Jamf Pro itself determines device compliance and simply provides two lists of devices to Intune:

  • The Compliance Group which is the Smart computer group Jamf Pro will use to calculate device compliance
  • The Applicable GroupSmart group containing all computers Jamf Pro uses to send a compliance status to Microsoft Intune

There are additional Compliance Benchmark capabilities for reporting on device compliance coming to Jamf Pro that Jamf announced recently at JNUC 2024.

Shyamsundar
New Contributor III

Yes, the primary purpose of this is for conditional access. JAMF Sends the Compliance status of the Device to Azure based on the Smart group you created. If the device is in the Smart group, its compliance status is sent to Azure.