Jamf pro cloud connection to on-prem Microsoft Certificate Authority

__AMM
New Contributor II

Hi friends,

I am new at Jamf and appreciate your help.

We use Jamf Pro in the cloud and we have a local Microsoft CA server.

My goal is to install certificates from the local CA using Jamf pro cloud on the mac devices.

I understand there are two ways to do this:

1. Using Jamf ADCS Connector

2. Using Jamf SCEP with local NDES server

Am I right?

What is the right and secure way to do it?

We also have Azure and Intune if that can help. 

Thanks

 

 

5 REPLIES 5

garybidwell
Contributor II

AD-CS is the way forward, but if you have Azure we found it easier to create a Azure proxy connection to the server running the AD-CS connector and publish it out that way (that vey similar to how Intune provide its certificates from the premise CA using its own internal connector)

__AMM
New Contributor II

That way there will be no need to open ports out?

Is there a guide on how to do this?

Thanks.

garybidwell
Contributor II

There's still ports to setup for the proxy in Azure, but it meant I didn't have to deal with our network team at all and punch more holes in the firewall.
I don't have a guide for the Azure side, as my Azure SME did this part for me, but for the Jamf side I pieced information from both Travelling Tech Guy's blog
https://travellingtechguy.blog
and watching Laurent's JNUC presentation on AD-CS
https://www.youtube.com/watch?v=PbQOG5rJBcQ&t=1683s

Setup is really in two parts
1) getting the AD-CS connector installed and communicating with Jamf

2) setting ups PKI and certificate templates for the payloads to the clients

The best tip I can give for the latter what Laurent mentions in his presentation of don't use an existing certificate template being used for Windows but create a new one specifically for the Mac's
If I have listened to this first around it would of saved a whole lot of time troubleshooting

__AMM
New Contributor II

Thank you @garybidwell .

1. I installed the connector, and for -fqdn I used the full name of the server:

.\deploy.ps1 -fqdn jamfadcs.contoso.lan -jamfProDn contoso.jamfcloud.com -cleanInstall

2. I installed the Azure Proxy connector

3. I am in the process of creating the app in azure and not sure what data I should give in the internal Url (localhost or the name of the server?) and how to configure the other settings.

 

 

Screen Shot 2021-09-29 at 18.20.04.png

__AMM
New Contributor II

I have not yet been able to make it work and if anyone can help it would be greatly appreciated. Thanks