Jamf Pro MacBook and iPhones connect to Microsoft Entra

K_SB
New Contributor

Hello,

Posting to the Jamf Community for the first time so I hope I'm in the right place :) 

We use Jamf Pro to manage MacBooks and iPhones. These devices are corporate devices and registered with Apple Business Manager. 

The MacBooks and iPhones have been successfully registered and they now also appear within Microsoft Entra as 'Entra Registered'. This was achieved by getting the staff member to log into the Microsoft Entra app on their iPhone and MacBook.

Is it possible to have these iPhones and MacBooks appear within Microsoft Entra as 'Entra Joined' instead of 'Entra Registered'.

'Entra Joined' means they are corporate owned devices.

'Entra Registered' means they are personal/BYOD devices.

6 REPLIES 6

Nicholaus
Contributor

You can use Device Compliance in Jamf to setup a connection between Entra and Jamf. This sends management status and compliance data from Jamf to Intune/Entra. The device will still say registered, but you can use the newly populated information for conditional access and other features if that's what you're after.

Documentation on this feature: Device Compliance with Microsoft Entra and Jamf Pro - Technical Paper: Device Compliance with Micros...

K_SB
New Contributor

Thank you for the reply. I would like to have a Microsoft Entra Compliance Policy that blocks all personal MacBooks and iPhones from accessing corporate data such as Emails, MS Teams, Onedrive. 

 

Is there an Entra Compliance Policy that will allow the Jamf managed devices to access corporate data but block any BYOD or personal devices MacBooks and iPhones?  

Yes, using the Device Compliance workflow I mentioned before allows you to exclude corporate devices. I just recently setup what you're looking to do. When you register the corporate devices with Microsoft as part of that workflow, you can exclude them from the Conditional Access policy that blocks personal devices. Personal devices don't have compliance data in Entra, so you can exclude devices based on compliance being "true" once you have all that setup.

K_SB
New Contributor

Thank you for the quick reply. Is there any chance we could setup a quick Teams call to discuss this? 

I could pay you for a 1 hour session. I am new to Conditional Access and how it would work with Jamf.

I am on linkedin if that helps. Your guidance would be very helpful. 

Nicholaus
Contributor

Sorry for the delay in response. Between work and a baby, my schedule is very full. I'm happy to answer questions on here as time permits though!

This guide is incredibly helpful for getting the initial connection set up: Device Compliance - Jamf Pro Documentation 11.1.0 | Jamf

Once that's done, I'd be happy to go over registering a device, setting up a conditional access policy, etc...

K_SB
New Contributor

Hello,

I'll see how far I can get and will drop you a message if i get stuck. Thank you.