Configure the Connection Between Jamf Pro and Microsoft Intune
Configuring the connection between Jamf Pro and Microsoft Intune involves the following steps:
-
Create a new application for Jamf Pro in Microsoft Azure.
-
Configure Microsoft Intune to allow the Jamf Pro integration.
-
Configure the macOS Intune Integration setting in Jamf Pro.
Step 1: Create a new application for Jamf Pro in Microsoft Azure
-
Open Azure Active Directory, and navigate to App registrations.
-
Click New registration.
-
Enter a display name for the Jamf Pro application.
-
Under Supported account types, select which accounts can use the application.
-
Specify your Jamf Pro URL as the Redirect URL.
-
Click Register.
-
-
Select the newly created application, copy the value from the Application (client) ID field and paste it to another location.
Note: The Application ID is required to configure the Compliance Connector in Intune and for configuring the macOS Intune Integration setting in Jamf Pro.
-
Navigate to Certificates & secrets, and click New client secret.
-
Give the Client Secret a description and select an expiration option. Once a new secret has been added, copy the value for the secret and paste it to another location.
Important: The Client Secret value is required to configure the macOS Intune Integration setting in Jamf Pro. The value for the secret is shown only once after the secret is added. If the Client Secret expires, you must add a new Client Secret in Microsoft Azure, and then update your macOS Intune Integration configuration in Jamf Pro. Microsoft Azure allows you to have both the old secret and new secret active to prevent service disruptions.
-
Navigate to API permissions.
-
Remove all permissions, including the default permissions.
-
Click Add a permission.
-
Under the Intune API, click Application permissions, and then select update_device_attributes.
-
Click Add permissions.
-
Click Grant admin consent for Jamf, and then click Yes.
-
Step 2: Configure Microsoft Intune to allow the Jamf Pro integration
-
In the Microsoft Azure portal, navigate to Microsoft Intune > Device Compliance > Partner device management.
-
Enable the Compliance Connector for Jamf by pasting the value you copied from the Application ID field into the Jamf Azure Active Directory App ID field.
-
Click Save.
Step 3: Configure the macOS Intune Integration setting in Jamf Pro
-
In Jamf Pro, navigate to Settings > Global Management.
-
Click Conditional Access .
-
Navigate to the macOS Intune Integration tab, and then click Edit.
-
Select the Enable Intune Integration for macOS checkbox.
When this setting is enabled, Jamf Pro sends inventory updates to Microsoft Intune. Clear the selection if you want to disable the connection but save your configuration. -
Select the location of your Sovereign Cloud from Microsoft.
-
Click Open administrator consent URL, and follow the onscreen instructions to allow the Jamf Native macOS Connector app to be added to your Azure AD tenant.
-
Add the Azure AD Tenant Name from Microsoft Azure.
-
Add the Application ID and Client Secret (previously called Application Key) for the Jamf Pro application from Microsoft Azure.
-
Select one of the following landing page options for computers that are not recognized by Microsoft Azure:
-
The Default Jamf Pro Device Registration page
Note: Depending on the state of the computer, this option redirects users to either the Jamf Pro device enrollment portal (to enroll with Jamf Pro) or the Company Portal app (to register with Azure AD).
-
The Access Denied page
-
A custom webpage
-
-
Click Save.
Jamf Pro will test the configuration and report the success or failure of the connection.