Disabling the Integration

If you disable the Microsoft Endpoint Manager integration in Jamf Pro, there is a short window of time where devices can still access company resources.

To prevent devices from accessing company resources during this time, create an empty smart group to calculate device compliance. To ensure a smart device group's membership remains empty, add a criteria that no device in your environment will meet. For example "iOS version is 1000".

After creating the empty smart device group, navigate to Settings > Global Management > Device Compliance and select the group from the Compliance Group pop-up menu. Devices cannot access company resources after they are no longer marked as "Compliant" in Azure AD.

In large environments, this process may take a while.

You can also block devices from accessing company resources using a Conditional Access policy. For information, see the "Block access" section on the following webpage from Microsoft: Conditional Access: Grant.