Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Microsoft and Jamf: Better Together

November 13, 2019

Microsoft and Jamf: Better Together


November 13, 2019


  1. © JAMF Software, LLC Arnab Biswas Program Manager Microsoft Corporation

    Neil Johnson Principal Program Manager Microsoft Corporation
  2. © JAMF Software, LLC Microsoft and Jamf: Better together Agenda:

    Why should Jamf customers be interested in Microsoft? How does Microsoft Intune and Jamf Pro integrate? Best practices for Microsoft-Jamf integration
  3. © JAMF Software, LLC Trust isn’t based on the corporate

    network Users Trusted only when Identity is securely established, and Risk is measured and deemed acceptable Endpoints Trusted only when Identity is securely established, Compliance is demonstrated, and Risk is measured and deemed acceptable Apps Access is Controlled based on User Trust, Device Trust, and App Sensitivity Data Protected by default based on Identity and Classification
  4. © JAMF Software, LLC Why use EMS with Jamf? Conditional

    Access blocks unknown and non-compliant Macs. View Jamf-managed Macs in Microsoft Endpoint Manager. Device compliance is evaluated based on: • Device health: System Integrity Protection • Device properties: min/max OS • System security: password rules, encryption, firewall and Gatekeeper
  5. © JAMF Software, LLC Jamf Managed, Intune Compliant Advanced agent-based

    MDM management with compliance enforcement. • Zero-touch deployments • Extensive inventory • Depth of security controls • Self Service app catalog & End user controls • Limiting access to compliant Macs • Scripting EMS +
  6. © JAMF Software, LLC 8. Block access from noncompliant devices

    7. Allow access from compliant devices 4. Intune evaluates compliance Microsoft EMS 9. User-friendly remediation experience provided by Intune and Jamf 2. Mac is registered with Intune 6. Azure AD enforces Conditional Access 1. Mac is managed by Jamf Pro 3. Jamf sends macOS device inventory to Intune 5. Generates compliance report Intune Azure AD EMS + Jamf
  7. © JAMF Software, LLC EMS + Jamf Requirements • Jamf

    Pro 10.9.0 or later • Microsoft Enterprise Mobility + Security (AAD Premium & Microsoft Intune) • A Jamf Pro user account with Conditional Access privileges • Microsoft Intune Company Portal app for macOS (v1.12 or later) • Computers with macOS 10.12 or later
  8. © JAMF Software, LLC Best Practices • Deploy a configuration

    profile/policy in Jamf Pro for each compliance policy created in Intune • Make sure to remove device from Jamf to remove from Intune • Delete option in Intune to remove stale test devices • Allow EM+S related URLs/Ports in firewall if needed • Check for AAD device ID in Jamf Pro if device not showing up in Intune
  9. © JAMF Software, LLC Thank you for listening! Give us

    feedback by completing the 2-question session survey in the JNUC 2019 app. UP NEXT Who’s Afraid of the Command Line? 1:30 – 2:15 PM