I have spend some time with Jamf|Pro and Microsoft Intune, this integration will help you to allow secured and managed Jamf macOS computers to connect to your Azure and Office 365 resources, for example Exchange Online and Azure Application Proxy.
In this post we will have a look how to create configure policies in Jamf, how the basic user experience will look like and how the device view looks like in Azure Portal.
First let’s have a look how to configure the Jamf part of things. There are two things needed in Jamf
- Upload and Deploy Intune Company Portal
- Register a Self service policy to register the device into Azure AD
I would also recommend to create a smart group in Jamf where only devices with Intune Company Portal deployed is included.
Now let’s see how this will look for the end-user, since this a lab environment the experience may be tweaked in your environment. But some user input are still needed
When the device is successfully managed and registered into Azure AD and you are trying to reach a secured app, this is how the non-compliance page looks like
From the Azure Portal and the Intune blade, you can clearly see that the computer is manage by Jamf
The device attributes are synchronized from Jamf to Intune every 24 hours for active devices, and looks some about this
When configuring the Azure AD conditional access policies don’t forget to check “Require device to be marked as compliant”
I recommend you to create smart groups to deploy Intune Company Portal, to make sure this is installed.
In production I also recommend to deploy the Register to Azure AD policy to computers where the Company Portal is already installed.
Since the Company Portal requires some user input, inform the user about the change and how this looks like.
Make sure that Microsoft AutoUpdate is updated to the latest version