Help

Intune: Set device compliance state from third-party MDM providers

jono
New Contributor

Posted on ‎08-20-2020 08:57 PM

Hi,

Now that Intune supports third-party MDM solutions as a source of device compliance details will we see Jamf Pro and Jamf School support this like VMWare Workspace ONE?

https://docs.microsoft.com/en-us/mem/intune/fundamentals/whats-new

Labels:
0 Kudos
Reply
7 REPLIES 7

summoner2100
Contributor

Posted on ‎08-21-2020 12:24 AM

Jamf already passes through compliance details to Intune if you have it connected in your Jamf Pro instance.

0 Kudos
Reply

jonohayes
New Contributor III

Posted on ‎08-21-2020 01:05 AM

Doesn’t the device have to enrol manually via the Intune portal app and the the compliance data is collect via that app?

0 Kudos
Reply

garybidwell
Contributor III

Posted on ‎08-21-2020 05:13 AM

Jamf Pro has had this ability for quite a while for macOS
The enrolment is automated via a Self Service policy as Company Portal cant be used standalone for co-management . But once the co-manage enrolment is setup the Jamf Pro Server takes over submitting the compliance data and the Company Portal app is not longer required (we normally remove it as its only ever needed again if Intune throws a hissy fit and the Mac need got be rejoined, but thats not very often)

It works really well, the only negative is the UX for Self Service policy requires the user to initially enter their details 3 times, twice for MS (login to Azure, then to join Intune) and finally again to add the token to the user keychain. But once its done the user shouldn't need to do it ever again.

The big change for the Intune status posted above is this now open the ability now to do the same with iOS. Now if only there was some type of Jamf conference coming up very soon to finally launch this type of ability........;oP

0 Kudos
Reply

jonohayes
New Contributor III

Posted on ‎08-21-2020 01:19 PM

The above would also mean users wouldn’t have to sign in to the Microsoft company portal app?

0 Kudos
Reply

summoner2100
Contributor

Posted on ‎08-25-2020 01:11 PM

@jonohayes Sorry, haven't logged in for a couple days. Basically you just set the Jamf Instance up in settings to connect to your Azure instance. Then go into Azure and make an App Registration for it. Azure AD>app registration. The App Registration will provide the space to put the Jamf URL for enrolment.

Once that's there, you can follow the steps in the link below. Make the Jamf policy and deploy the company portal. It has to be launched from Self Service. Launching manually won't start this. Then the user follows the sign in prompts, and it will register in Azure devices.

One gotcha we found. Before I did out upgrade to 10.23 we were on .21 and it wasn't finding the latest version portal app. So I had to revert it from 2.7 to 2.5 Company portal because Microsoft changed the app ID and Jamf couldn't find it on that version (simple issue but got us stuck for a bit lol)

https://msendpointmgr.com/2019/03/11/integrating-jamf-pro-with-intune-for-compliance-part-2/

0 Kudos
Reply

jonohayes
New Contributor III

Posted on ‎08-25-2020 01:39 PM

@summoner2100 thanks for the info, we use the current process. The question was more on now that Microsoft allows compliance details from third-party MDM (https://docs.microsoft.com/en-us/mem/intune/fundamentals/whats-new).

  1. Does anyone know if Jamf will support this.
  2. Does this mean we won't have to use the current workflow - download the Microsoft Compnay Portal, get the user to login etc.
Reply

schiffne
New Contributor

Posted on ‎01-05-2021 03:21 AM

@jonohayes did you ever received an answer on this?

0 Kudos
Reply