What's New

Microsoft Intune Integration for macOS

You can now integrate with Microsoft Intune to ensure that only trusted users, from compliant computers, using approved applications, are accessing organizational resources. Jamf Pro delivers information about the management state and health of Mac computers to Microsoft Intune’s device compliance engine, which integrates with Azure Active Directory (Azure AD) Conditional Access. This allows you to identify unmanaged and non-compliant Mac devices, and remediate them.

To access the Microsoft Intune Integration settings in Jamf Pro, go to Settings > Global Management > Microsoft Intune Integration. For information on configuring the settings, see Microsoft Intune Integration in the Jamf Pro Administrator’s Guide.


Integrating with Microsoft Intune allows you to do the following:

  • Share computer inventory with Microsoft Intune
    Jamf Pro sends inventory information to Microsoft Intune for each computer that has registered with Azure AD. A centralized view of macOS computers managed by Jamf Pro is available in Microsoft Intune.

  • Restrict access to applications set up with Azure AD
    You can enforce compliance on computers managed by Jamf Pro and restrict access to applications set up with Azure AD authentication (i.e., Office 365).

  • Feature compliance policies in Jamf Self Service for macOS
    A new "Device Compliance" category has been added to Self Service. You can feature compliance policies in this category to ensure computers and applications are compliant with organizational security requirements.

  • Require users to register their devices with Azure AD via a policy payload
    You can now deploy a policy to users initiating the registration process with Azure AD. Registering the computer with Azure AD is an end user workflow. To configure this policy for managed computers, navigate to the new Microsoft Intune Integration payload when creating a policy in Jamf Pro.

  • View Azure Active Directory ID information in Jamf Pro
    When a computer is registered with Azure Active Directory, you can view Azure Active Directory information for a user and a computer in Jamf Pro. To view Azure Active Directory ID information, navigate to the General tab in inventory information of a computer.

For step-by-step instructions on how to integrate with Microsoft Intune, including information on the capabilities listed above, see the following technical paper:
Integrating with Microsoft Intune to Enforce Compliance on Macs Managed by Jamf Pro

iOS Configuration Profile Enhancement

Cisco AnyConnect is now available as a connection type in the VPN payload. The Provider Type menu has also been updated and now includes Packet-tunnel and App-proxy options.

Note: When upgrading to Jamf Pro 10.1.0, any existing iOS configuration profiles with Cisco AnyConnect selected in the Connection Type pop-up menu will be migrated to Cisco Legacy and the provider type will automatically be set to App-proxy.

VPP Accounts Enhancements

  • Jamf Pro now displays VPP service token Location details for the configured VPP accounts if your environment integrates with Apple School Manager. For detailed information on migrating to Apps and Books in Apple School Manager, see the following article from Apple's support website: https://support.apple.com/HT208257
    Note: Information is only synced from Apple School Manager to Jamf Pro, not from Jamf Pro to Apple School Manager. Location is only displayed if it is available from Apple School Manager.

  • Jamf Pro now allows a VPP Accounts email notification to be sent daily when there are no remaining licenses left for a particular VPP-managed distribution content item in a given VPP token. To enable VPP account email notifications in Jamf Pro, navigate to Settings > Global Management > VPP Accounts > Notifications.
    Note: At least one VPP account must exist in Jamf Pro and you must be logged in with a Jamf Pro user account that has full access to properly configure a notification.

Disabling Apps and eBooks

  • Mac App Store apps, mobile device apps, and eBooks can now be manually disabled. This stops the item's subsequent installations and it is not displayed in Self Service. You cannot edit the app or eBook details if it is disabled. To manually disable the item, navigate to the General tab of the app or eBook details.
    Note: Disabling the content item will not remove the app or eBook already installed on computers and mobile devices.

  • Mac App Store apps, mobile device apps, and eBooks will now be automatically disabled if they are VPP-managed distribution content items that have been removed from the App Store. You will not be able to assign licenses, and the installation commands will not be sent. The disabled items will not be displayed in Self Service. You cannot edit the automatically disabled items or enable them again. To view the item’s “Enabled” status, navigate to the General tab of the app or eBook details.
    Note : Disabling the VPP-managed distribution content item will not remove the app or eBook already installed on computers and mobile devices.

JSON Web Token (JWT) Default for In-House App Distribution

In-house apps downloaded from the Jamf Pro database will now be automatically secured with JWT.

Note: If the token expires, the next push of the app installation will retrieve a new token with a new expiration time. Default expiration time is five minutes.

Jamf Self Service for macOS Branding Settings Enhancement

You can now choose to display a semi-transparent overlay over the branding header image in the Self Service.

Copyright     Privacy     Terms of Use     Security
© copyright 2002-2017 Jamf. All rights reserved.