- Jamf Nation Community
- Products
- Jamf Pro
- Re: JAMF / Intune SCEP Enrollment
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
JAMF / Intune SCEP Enrollment
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-06-2020 04:42 PM
Hello Everyone, first time posting. Hopefully this question hasn't been asked before. If so, my apologize.
I am trying to find out if I can use the JAMF > Intune integration to deploy SCEP certs from Intune. We have a mixed environment of both Windows and Macs. Windows is working well with our internal CA and NDES account. However, our Macs are a hassle with manual challenge phrases, etc with JAMF in the cloud. I know that Intune can deploy certs using the "Intune Connector", which allows for communication from our Intranet SCEP server to the cloud. However, JAMF does not have a tool like this that I know of. We do not want to expose our SCEP server to the internet, or use an external/JAMF CA as we already have it working on Windows so the JAMF SCEP Proxy idea is out.
Are there limitations to what the JAMF/Intune Integration can do? Can I create a SCEP policy in Intune and have it work on Macs enrolled in JAMF? From what I read, it seems like its mostly just related to compliance/conditional access. Any help is appreciated!
Thanks!
Labels:
- Labels:
-
Microsoft Intune
Reply
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-04-2020 01:18 AM
Hi Schmidt,
Did you manage to get this working? I would like to do the exact same thing in order to have intune controlled SCEP certificates pushed onto the Macs. Like you, we don't expose SCEP/NDES to the internet, and instead rely on the msappproxy secured to just intune to make it work.
Would be interested to know how you progressed - I need certs pushed for;
User - VPN and WiFi (PEAP)
Machine - VPN and WiFi (Cert auth)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-16-2021 01:47 PM
Just bumping this before I start going down the same path. Did either of you all have any luck?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-17-2021 02:04 AM
No - unfortunately best solution I could find was using the JAMF SCEP policy and proxying, via an msappproxy with restrictions for the IP address of my JAMF Pro instance (in the cloud).
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-21-2021 12:59 PM
Hey easyedc,
We are actually still looking into this (put on hold with COVID) but did find the below article that somewhat describes what JamieG mentions.
Although this is for Intune, the concept is the same for JAMF. Basically has you create an AzureADProxy App in your intranet, which installs on a server, create an externally facing website in AzureAD as the Proxy, then use JAMF to point to that website.
The website for external IP's and Ports are:
Permitting Inbound/Outbound Traffic with Jamf Cloud - Technical Articles | Jamf
