Configuring the macOS Intune Integration using the Cloud Connector
The Cloud Connector simplifies the process of connecting a cloud-hosted Jamf Pro instance with Microsoft Intune. The Cloud Connector automates many of the steps needed to configure the macOS Intune Integration, including creating the Jamf Pro application in Microsoft Intune. When the connection is saved, Jamf Pro sends computer inventory information to Microsoft Intune and applies compliance policies to computers.
Note: When configuring the connection between Jamf Pro and Microsoft Intune, you must use the Microsoft Azure website (portal.azure.com) and not the Microsoft Azure portal desktop app.
Important: Only the Cloud Connector can be used to connect multiple Jamf Pro instances to a single Azure AD tenant. Do not attempt to connect additional Jamf Pro instances using the manual connection method in conjunction with the Cloud Connector. This will prevent the Intune Integration from working correctly.
Configuring the Cloud Connector in Jamf Pro
-
Log in to Jamf Pro.
-
In the top-right corner of the page, click Settings .
-
Click Global Management.
-
Click Conditional Access .
-
Click Edit.
-
Select the Enable Intune Integration for macOS checkbox.
When this setting is selected, Jamf Pro sends inventory updates to Microsoft Intune. Deselect this setting if you want to disable the connection but save your configuration. -
Select "Cloud Connector" under Connection Type.
-
From the Sovereign Cloud pop-up menu, select the location of your Sovereign Cloud from Microsoft.
-
Select one of the following landing page options for computers that are not recognized by Microsoft Azure:
-
The Default Jamf Pro Device Registration page
Note: Depending on the state of the computer, this option redirects users to either the Jamf Pro device enrollment portal (to enroll with Jamf Pro) or the Company Portal app (to register with Azure AD).
-
The Access Denied page
-
A custom webpage
-
-
Click Connect. You are redirected to the application registration page in Microsoft.
-
Enter your Microsoft Azure credentials and follow the onscreen instructions to grant the permissions requested by Microsoft.
After permissions have been granted for the Cloud Connector and the Cloud Connecter user registration app, you are redirected to the Application ID page. -
Click Copy and open Intune. A new tab opens to the Partner device management blade in Microsoft Azure.
-
Paste the Application ID into the Specify the Azure Active Directory App ID for Jamf field.
-
Click Save.
-
Navigate back to the original tab and click Confirm. You are redirected back to Jamf Pro.
Jamf Pro completes and tests the configuration. The success or failure of the connection displays on the Conditional Access settings page. -
(Optional) Repeat this process to connect additional Jamf Pro instances to the same Azure AD tenant.
When the connection between Jamf Pro and Microsoft Intune is successfully established, Jamf Pro sends inventory information to Microsoft Intune for each computer that is registered with Azure AD (registering with Azure AD is an end user workflow). You can view the Conditional Access Inventory State for a user and a computer in the Local User Account category of a computer’s inventory information in Jamf Pro.
Note: If you connected multiple Jamf Pro instances to a single Azure AD tenant using the Cloud Connector and want to disable all connections, you must deselect the Enable Intune Integration for macOS checkbox in the Conditional Access settings for each instance.