Posted on 01-25-2022 07:16 AM
I was wondering what people thought about the current state of Jamf - Intune Co-existence, having the device managed by Jamf but sending inventory info and compliance for CA to Intune? Our grand plan is to have the M365 suite accessible off VPN by utilizing CA and compliance with Intune, has anyone else really explored all the features of this pairing and what are your thoughts?
Solved! Go to Solution.
Posted on 01-25-2022 09:22 AM
01-25-2022 09:17 AM - edited 01-25-2022 09:19 AM
The Jamf/Intune integration is terrible. I would suggest managing device compliance with MCAS certificates. I highly recommend visiting the #jamf-intune-integration channel on Slack and you'll see the constant issues with the integration.
Posted on 01-27-2022 06:53 AM
I just want to echo this sentiment. We've given the standard approach to Intune integration a chance over the last two years or so and it has become progressively worse over time for various reasons.
A lot of effort in required to sustain the integration and working functionality, which is broken very easily with common occurences such as forgetting your password. If you have a large environment it's very difficult to have all of the support technologists properly educated on supporting this integration and you will spend a majority of your time addressing Macs with broken integration that keep people from accessing their applications and being able to deliver work.
We recently came across the MCAS option and are looking at this to see if we can make the switch.
Posted on 01-25-2022 09:19 AM
AHA I am not the only one who thinks its bad, I will need to look into this other option you suggested as our ORG is full steam ahead with Jamf/Intune. Thanks!
Posted on 01-25-2022 09:22 AM
Posted on 01-26-2022 04:00 AM
It has been a couple years since I had to deal with InTune integration, but I remember I hate hate hated it! It put too much responsibility on the user to make sure it happened. I hated that the integration was tied to the user account. I hated that it relied on the Mac Keychain - and we all know how fragile the keychain is even on a good day. I hate that the integration broke EVERY DAY and it required Herculean efforts to completely remove all traces of InTune's files and certificates only to have the user go through the process of re-registering with InTune again. I hate that the Company Portal was very confusing for the user. If their integration broke previously, they might see 3 or 4 copies of the same computer listed. I hated how if Microsoft pushed an update to the InTune system, any new features would default to ON. This meant that any new conditions they added would be required for CA to work, but if it's a condition we didn't care about or prepare for, all the Macs would be denied access and it would send everyone scrambling to determine why. All the things that we would have set in InTune to allow access can easily be locked down and controlled using Jamf, so there really is no point in having an external system doublecheck and approve what Jamf is already doing. I agree with @bwoods in using the certificate method. If Jamf says you've checked off all the boxes, then that should be the authority that lets you in the door.