Jamf and Intune coexistence


Hello.  This is more of a Microsoft question, but i'm not having luck down that route yet.


We want Jamf Cloud to manage all of our institutionally owned iPads with MDM.  We want Intune to manage all user-owned Apple devices with Application Protection Policies.  The problem is, users only have 1 account.  So if they sign into a corporate iPad, they get a mix of both Jamf MDM configuration profiles and Intune application protection policies on their corporate device.  We want the Intune Application Protection Policies to ONLY apply when a user signs in on a personally owned device, and not a Jamf managed device.


I don't know if that is possible since scoping an Application Protection Policy is based on AD group.  If their ID is in that group then they get Intune App.  I don't see any other criteria to filter out a device if it is Jamf MDM managed.


Has anyone run into this or found a solution?





Try this dynamic membership query 

 (device.managementType -eq "MDM")

device.managementType equals "MDM"  only for the intune managed devices. 


Would device management type still be MDM for a personally owned device if it's not actually managed by Intune?  The personally owned devices aren't enrolled in Intune, they just use Application Protection Policies (MAM not MDM)