Intune: Set device compliance state from third-party MDM providers

jono
New Contributor

Hi,

Now that Intune supports third-party MDM solutions as a source of device compliance details will we see Jamf Pro and Jamf School support this like VMWare Workspace ONE?

https://docs.microsoft.com/en-us/mem/intune/fundamentals/whats-new

7 REPLIES 7

summoner2100
Contributor

Jamf already passes through compliance details to Intune if you have it connected in your Jamf Pro instance.

jonohayes
New Contributor III

Doesn’t the device have to enrol manually via the Intune portal app and the the compliance data is collect via that app?

garybidwell
Contributor III

Jamf Pro has had this ability for quite a while for macOS
The enrolment is automated via a Self Service policy as Company Portal cant be used standalone for co-management . But once the co-manage enrolment is setup the Jamf Pro Server takes over submitting the compliance data and the Company Portal app is not longer required (we normally remove it as its only ever needed again if Intune throws a hissy fit and the Mac need got be rejoined, but thats not very often)

It works really well, the only negative is the UX for Self Service policy requires the user to initially enter their details 3 times, twice for MS (login to Azure, then to join Intune) and finally again to add the token to the user keychain. But once its done the user shouldn't need to do it ever again.

The big change for the Intune status posted above is this now open the ability now to do the same with iOS. Now if only there was some type of Jamf conference coming up very soon to finally launch this type of ability........;oP

jonohayes
New Contributor III

The above would also mean users wouldn’t have to sign in to the Microsoft company portal app?

summoner2100
Contributor

@jonohayes Sorry, haven't logged in for a couple days. Basically you just set the Jamf Instance up in settings to connect to your Azure instance. Then go into Azure and make an App Registration for it. Azure AD>app registration. The App Registration will provide the space to put the Jamf URL for enrolment.

Once that's there, you can follow the steps in the link below. Make the Jamf policy and deploy the company portal. It has to be launched from Self Service. Launching manually won't start this. Then the user follows the sign in prompts, and it will register in Azure devices.

One gotcha we found. Before I did out upgrade to 10.23 we were on .21 and it wasn't finding the latest version portal app. So I had to revert it from 2.7 to 2.5 Company portal because Microsoft changed the app ID and Jamf couldn't find it on that version (simple issue but got us stuck for a bit lol)

https://msendpointmgr.com/2019/03/11/integrating-jamf-pro-with-intune-for-compliance-part-2/

jonohayes
New Contributor III

@summoner2100 thanks for the info, we use the current process. The question was more on now that Microsoft allows compliance details from third-party MDM (https://docs.microsoft.com/en-us/mem/intune/fundamentals/whats-new).

  1. Does anyone know if Jamf will support this.
  2. Does this mean we won't have to use the current workflow - download the Microsoft Compnay Portal, get the user to login etc.

schiffne
New Contributor

@jonohayes did you ever received an answer on this?