Posted on 04-30-2024 09:43 AM
I've started looking into the Jamf+Intune Device Compliance, but I'm having a hard time finding what all this will gain for us. My organization currently does not use Conditional Access in Jamf or Intune. We might at some point start, but that is a ways down the road at best. Other than access to those Conditional Access Policies, are there any other benefits to enabling Device Compliance?
Posted on 04-30-2024 10:15 AM
There is zero benefit if you aren't currently using Conditional Access in Azure. You would only use it so Macs can be marked as compliant if you are using compliance as criteria in Conditional Access policies.
04-30-2024 10:34 AM - edited 04-30-2024 11:12 AM
For your organization, none at all. The other benefits of the Comp Portal like PSSO, and SSOe can be performed without the Azure Registration part. Even in orgs using Conditional Access, there are likely already better alternativists like Zero Trust Network access tools and Conditional Access policies based on your IP address, which do not need the overhead of Device Compliance which is very flaky.
Posted on 04-30-2024 10:39 AM
its ticks a lot of boxes from manglement for MACS and 'The JamF'
The question is not what Intune / CA will do.. its what does the business need to achieve and is this the correct tool
😎
Posted on 04-30-2024 11:52 AM
I’m curious now. So why do organizations go through the trouble of registering their macOS and iOS Devices in addition to Jamf MDM?
There must be some benefits?
Posted on 05-01-2024 08:46 AM
As others have chimed in with, if you aren't enabling conditional access, zero touch or MFA options in your org integrated with Azure/Entra ID, then integrating them with InTune has zero benefits for you, and in fact, might end up introducing new problems. I would avoid it unless you really find you need it. We unfortunately do need it where I work, so we've had to trudge ahead with getting them integrated. Not my first choice though.
Posted on 05-02-2024 07:01 AM
In short, if organization restricts access to specific intranet tools or websites based on device compliance conditions from Intune (such as requiring full encryption, specific OS versions, or correct AV installations), and you manage Windows with Intune and Mac with Jamf, then integrating Intune Device Compliance proves beneficial.
Posted on 05-08-2024 01:24 AM
Is there any apparent disadvantage of having both inTune and Jamf Pro for Apple devices? The reason I wanted an MDM for Apple devices is the app management, and account configuration from ABM.
Additionally, just a correction, Jamf Pro does support MacOS, iOS, iPadOS, tvOS, and VisionOS.