Microsoft Intune Integration

By integrating Jamf Pro with Microsoft Intune, organizations can ensure that only trusted users, from compliant macOS computers, using approved applications, are accessing company resources.

Integrating with Microsoft Intune allows you to do the following:

  • Share Jamf Pro computer inventory with Microsoft Intune.

  • Enforce compliance policies defined in Microsoft Intune on computers managed by Jamf Pro.

  • Restrict access to applications set up with Azure Active Directory (Azure AD) authentication (i.e., Office 365).

  • Feature policies for users in the Device Compliance category in Jamf Self Service for macOS.

  • Create a policy registering user computers with Azure AD.

  • View Azure Active Directory ID attributes in Jamf Pro.

This section explains how to configure macOS Intune Integration in Jamf Pro. For step-by-step instructions on how to integrate with Microsoft Intune, including information on the workflows listed above, see the following technical paper:
Integrating with Microsoft Intune to Enforce Compliance on Macs Managed by Jamf Pro

Requirements

To configure macOS Intune Integration, you need:

Note: macOS Intune Integration is only available for computers running macOS 10.11 or later.

Configuring macOS Intune Integration

The macOS Intune Integration allows you to set up the connection to Microsoft Intune in Jamf Pro. By setting up the connection, you can share inventory attributes with Microsoft Intune and apply compliance policies to computers.

  1. Log in to Jamf Pro.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/19534169/Icon_Settings_Hover.png .

  3. Click Global Management.

  4. Click Conditional Access images/download/attachments/19534169/ConditionalAccess_small.png .

  5. Navigate to the macOS Intune Integration tab, and then click Edit.

  6. Select the Enable Intune Integration for macOS checkbox.
    When this setting is selected, Jamf Pro will send inventory updates to Microsoft Intune. Clear the selection if you want to disable the connection but save your configuration.

  7. Select the location of your Sovereign Cloud from Microsoft.

  8. Click Open administrator consent URL, and follow the onscreen prompts to allow the Jamf Native macOS Connector app to be added to your Azure AD tenant.

  9. Add the Azure AD Tenant Name from Microsoft Azure.

  10. Add the Application ID and Application Key for the Jamf Pro application from Microsoft Azure.

  11. Click Save. Jamf Pro will test the configuration and report the success or failure of the connection.

When the connection between Jamf Pro and Microsoft Intune is successfully established, Jamf Pro sends inventory information to Microsoft Intune for each computer that has registered with Azure AD. Registering the computer with Azure AD is an end user workflow. You can view Azure Active Directory ID information for a user and a computer in the Local User Account category of a computer’s inventory information in Jamf Pro. For detailed information on Azure AD device registration and inventory attributes sent to Microsoft Intune, see the Integrating with Microsoft Intune to Enforce Compliance on Macs Managed by Jamf Pro technical paper.

Testing the macOS Intune Integration

Once the macOS Intune Integration settings are configured, you can test the connection to make sure it works.

  1. Log in to Jamf Pro.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/19534169/Icon_Settings_Hover.png .

  3. Click Global Management.

  4. Click Conditional Access images/download/attachments/19534169/ConditionalAccess_small.png .

  5. Navigate to the macOS Intune Integration tab, and then click Run Test.

A message displays, reporting the success or failure of the connection.

Sending an Update of Inventory to Intune

You can manually trigger an update of inventory to be sent to Microsoft Intune. This allows Jamf Pro to send inventory attributes to Microsoft Intune for computers outside of the standard communication schedule.

  1. Log in to Jamf Pro.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/19534169/Icon_Settings_Hover.png .

  3. Click Global Management.

  4. Click Conditional Access images/download/attachments/19534169/ConditionalAccess_small.png .

  5. Navigate to the macOS Intune Integration tab, and then click Send Update.

A message displays, reporting the success or failure of the update.

Related Information

The Jamf Pro iOS Azure AD Integration is an early access feature now available for testing. By integrating Jamf Pro with Azure AD, organizations can support conditional access policies configured in Azure AD for iOS devices.

Warning: The Jamf Pro iOS Azure AD Integration feature should not be used in production environments. For information about testing this feature in a non-production environment, contact your Jamf account representative.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2018 Jamf. All rights reserved.