What are the benefits of Intune Device Compliance Integration?

Valued Contributor

I've started looking into the Jamf+Intune Device Compliance, but I'm having a hard time finding what all this will gain for us.  My organization currently does not use Conditional Access in Jamf or Intune.  We might at some point start, but that is a ways down the road at best.  Other than access to those Conditional Access Policies, are there any other benefits to enabling Device Compliance?


Contributor II

There is zero benefit if you aren't currently using Conditional Access in Azure. You would only use it so Macs can be marked as compliant if you are using compliance as criteria in Conditional Access policies. 

Honored Contributor II

For your organization, none at all. The other benefits of the Comp Portal like PSSO, and SSOe can be performed without the Azure Registration part. Even in orgs using Conditional Access, there are likely already better alternativists like Zero Trust Network access tools and Conditional Access policies based on your IP address, which do not need the overhead of Device Compliance which is very flaky. 

Valued Contributor II

its ticks a lot of boxes from manglement for MACS and 'The JamF'

The question is not what Intune / CA will do.. its what does the business need to achieve and is this the correct tool


Valued Contributor II

I’m curious now. So why do organizations go through the trouble of registering their macOS and iOS Devices in addition to Jamf MDM?

There must be some benefits?

Legendary Contributor III

As others have chimed in with, if you aren't enabling conditional access, zero touch or MFA options in your org integrated with Azure/Entra ID, then integrating them with InTune has zero benefits for you, and in fact, might end up introducing new problems. I would avoid it unless you really find you need it. We unfortunately do need it where I work, so we've had to trudge ahead with getting them integrated. Not my first choice though.


In short, if organization restricts access to specific intranet tools or websites based on device compliance conditions from Intune (such as requiring full encryption, specific OS versions, or correct AV installations), and you manage Windows with Intune and Mac with Jamf, then integrating Intune Device Compliance proves beneficial. 

New Contributor

Is there any apparent disadvantage of having both inTune and Jamf Pro for Apple devices? The reason I wanted an MDM for Apple devices is the app management, and account configuration from ABM.


Additionally, just a correction, Jamf Pro does support MacOS, iOS, iPadOS, tvOS, and VisionOS.