Configuring the macOS Intune Integration using the Cloud Connector

The Cloud Connector connects a cloud-hosted Jamf Pro instance with Microsoft Intune. The Cloud Connector automates many of the steps needed to configure the macOS Intune integration, including creating the Jamf Pro application in Microsoft Intune.

When the connection is saved, Jamf Pro sends computer inventory information to Microsoft Intune and applies compliance policies to computers.

Note:

Jamf recommends configuring the macOS Intune integration using the Cloud Connector. For information on manually configuring the macOS Intune integration, see Conditional Access in the Jamf Pro Documentation.

Requirements

When configuring the connection between Jamf Pro and Microsoft Intune, you must use the Microsoft Azure website (portal.azure.com) and not the Microsoft Azure portal desktop app.

Only the Cloud Connector can be used to connect multiple Jamf Pro instances to a single Azure AD tenant. Do not attempt to connect additional Jamf Pro instances using the manual connection method in conjunction with the Cloud Connector. This will prevent the Intune Integration from working correctly.

  1. In Jamf Pro, click Settings in the top-right corner of the page.
  2. In the Global Management section, click Conditional Access .
  3. Click Edit .
  4. Select the Enable Intune Integration for macOS checkbox.

    When this setting is selected, Jamf Pro sends inventory updates to Microsoft Intune. Deselect this setting if you want to disable the connection but save your configuration.

  5. Select Cloud Connector under Connection Type.
  6. From the Sovereign Cloud pop-up menu, choose the location of your Sovereign Cloud from Microsoft.
  7. Select one of the following landing page options for computers that are not recognized by Microsoft Azure:
    • The default Jamf Pro Device Registration page

      Note:

      Depending on the state of the computer, this option redirects users to either the Jamf Pro device enrollment portal (to enroll with Jamf Pro) or the Company Portal app (to register with Azure AD).

    • The Access Denied page

    • A custom webpage

  8. Click Connect.

    You are redirected to the application registration page in Microsoft Azure.

  9. Enter your Microsoft Azure credentials and follow the onscreen instructions to grant the permissions requested by Microsoft.

    After permissions have been granted for the Cloud Connector and the Cloud Connector user registration app, you are redirected to the Application ID page.

  10. Click Copy and open Intune.

    A new tab opens to the Partner device management blade in Microsoft Azure.

  11. Paste the Application ID into the Specify the Azure Active Directory App ID for Jamf field.
  12. Click Save.
  13. Navigate back to the original tab and click Confirm.

Jamf Pro completes and tests the configuration. The success or failure of the connection displays on the Conditional Access settings page.

Repeat this process to connect additional Jamf Pro instances to the same Azure AD tenant.

When the connection between Jamf Pro and Microsoft Intune is successfully established, Jamf Pro sends inventory information to Microsoft Intune for each computer that is registered with Azure AD (registering with Azure AD is an end user workflow). You can view the Conditional Access Inventory State for a user and a computer in the Local User Account category of a computer's inventory information in Jamf Pro.

Note:

If you connected multiple Jamf Pro instances to a single Azure AD tenant using the Cloud Connector and want to disable all connections, you must deselect the Enable Intune Integration for macOS checkbox on the Conditional Access settings page for each instance.