Overview

This guide provides a complete workflow for integrating with Microsoft Intune to enforce compliance on Mac computers managed by Jamf Pro.

Important: You must exclude the User registration app for Device Compliance when creating the conditional access policy. Failing to exclude the User registration app for Device Compliance will prevent users from being able to register with Azure AD.

Integrating with Microsoft Intune to enforce compliance involves the following steps:

  1. Configure the connection between Jamf Pro and Microsoft Intune.

  2. Apply device compliance policies to Mac computers.

  3. Deploy the Company Portal app for Microsoft to end users.

  4. Create a policy directing users to register computers with Azure Active Directory.

  5. Troubleshoot integration issues.

Jamf Pro delivers information about the management state of computers to Microsoft Intune's device compliance engine, which integrates with Azure Active Directory (Azure AD). This allows you to identify unmanaged and non-compliant Mac computers, and remediate them using Self Service for macOS.

The following diagram shows a high-level flow of the integration architecture:
Diagram showing Microsoft Intune integration architecture