Integrating with Microsoft Intune

By integrating Jamf Pro with Microsoft Intune, organizations can ensure that only trusted users, from compliant macOS computers, using approved applications, are accessing company resources.

Integrating with Microsoft Intune allows you to do the following:

  • Share Jamf Pro computer inventory with Microsoft Intune.

  • Enforce compliance policies defined in Microsoft Intune on computers managed by Jamf Pro.

  • Restrict access to applications set up with Azure Active Directory (Azure AD) authentication (i.e., Office 365).

  • Feature policies for users in the Device Compliance category in Jamf Self Service for macOS.

  • Create a policy registering user computers with Azure AD.

  • View Azure Active Directory ID information in Jamf Pro.

This section explains how to configure macOS Intune Integration settings in Jamf Pro. For step-by-step instructions on how to integrate with Microsoft Intune, including information on the workflows listed above, see the following technical paper:
Integrating with Microsoft Intune to Enforce Compliance on Macs Managed by Jamf Pro

Requirements

To configure macOS Intune Integration, you need:

In addition, macOS Intune Integration requires computers with macOS 10.11 or later that are using a local or mobile account. Network accounts are not supported for the macOS Intune Integration.

Configuring macOS Intune Integration

The macOS Intune Integration allows you to set up the connection to Microsoft Intune in Jamf Pro. When the connection is saved, Jamf Pro shares inventory attributes with Microsoft Intune and applies compliance policies to computers.

  1. Log in to Jamf Pro.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/21761849/Icon_Settings_Hover.png .

  3. Click Global Management.

  4. Click Conditional Access images/download/attachments/21761849/ConditionalAccess_small.png .

  5. Navigate to the macOS Intune Integration tab, and then click Edit.

  6. Select the Enable Intune Integration for macOS checkbox.
    When this setting is selected, Jamf Pro will send inventory updates to Microsoft Intune. Clear the selection if you want to disable the connection but save your configuration.

  7. Select the location of your Sovereign Cloud from Microsoft.

  8. Click Open administrator consent URL, and follow the onscreen prompts to allow the Jamf Native macOS Connector app to be added to your Azure AD tenant.

  9. Add the Azure AD Tenant Name from Microsoft Azure.

  10. Add the Application ID and Application Key for the Jamf Pro application from Microsoft Azure.

  11. Click Save. Jamf Pro will test the configuration and report the success or failure of the connection.

When the connection between Jamf Pro and Microsoft Intune is successfully established, Jamf Pro sends inventory information to Microsoft Intune for each computer that has been registered with Azure AD (registering with Azure AD is an end user workflow). You can view Azure Active Directory ID information for a user and a computer in the Local User Account category of a computer’s inventory information in Jamf Pro. For detailed information on Azure AD device registration and inventory attributes sent to Microsoft Intune, see the Integrating with Microsoft Intune to Enforce Compliance on Macs Managed by Jamf Pro technical paper.

Testing the macOS Intune Integration

If needed for troubleshooting purposes, you can test the connection to Microsoft Intune at any time.

  1. Log in to Jamf Pro.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/21761849/Icon_Settings_Hover.png .

  3. Click Global Management.

  4. Click Conditional Access images/download/attachments/21761849/ConditionalAccess_small.png .

  5. Navigate to the macOS Intune Integration tab, and then click Run Test.

A message displays, reporting the success or failure of the connection.

Sending an Update of Inventory to Intune

You can manually trigger an update of inventory to be sent to Microsoft Intune. This allows Jamf Pro to send computer inventory attributes to Microsoft Intune outside of the standard communication schedule.

  1. Log in to Jamf Pro.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/21761849/Icon_Settings_Hover.png .

  3. Click Global Management.

  4. Click Conditional Access images/download/attachments/21761849/ConditionalAccess_small.png .

  5. Navigate to the macOS Intune Integration tab, and then click Send Update.

A message displays, reporting the success or failure of the update.

Related Information

For related information, see the following sections in this guide:

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2019 Jamf. All rights reserved.