Microsoft and Jamf: Better Together

Transcript

1. © JAMF Software, LLC
   Microsoft and Jamf: Better together
   11:15 – 12:00
   UP NEXT
   

   View Slide

2. View Slide

3. © JAMF Software, LLC
   Arnab Biswas
   Program Manager
   Microsoft Corporation
   Neil Johnson
   Principal Program Manager
   Microsoft Corporation
   

   View Slide

4. © JAMF Software, LLC
   Microsoft and Jamf: Better together
   Agenda:
   Why should Jamf customers be interested in Microsoft?
   How does Microsoft Intune and Jamf Pro integrate?
   Best practices for Microsoft-Jamf integration
   

   View Slide

5. © JAMF Software, LLC
   Trust isn’t based on the corporate network
   Users
   Trusted only when
   Identity is securely
   established, and
   Risk is measured
   and deemed
   acceptable
   Endpoints
   Trusted only when
   Identity is securely
   established,
   Compliance is
   demonstrated, and
   Risk is measured
   and deemed
   acceptable
   Apps
   Access is
   Controlled based
   on User Trust,
   Device Trust, and
   App Sensitivity
   Data
   Protected by
   default based on
   Identity and
   Classification
   

   View Slide

6. © JAMF Software, LLC
   Why use EMS with Jamf?
   Conditional Access blocks unknown and non-compliant Macs.
   View Jamf-managed Macs in Microsoft Endpoint Manager.
   Device compliance is evaluated based on:
   • Device health: System Integrity Protection
   • Device properties: min/max OS
   • System security: password rules, encryption, firewall and Gatekeeper
   

   View Slide

7. © JAMF Software, LLC
   Jamf Managed, Intune Compliant
   Advanced agent-based MDM
   management with compliance
   enforcement.
   • Zero-touch deployments
   • Extensive inventory
   • Depth of security controls
   • Self Service app catalog & End user controls
   • Limiting access to compliant Macs
   • Scripting
   EMS
   +
   

   View Slide

8. © JAMF Software, LLC
   8. Block access from
   noncompliant devices
   7. Allow access from
   compliant devices
   4. Intune evaluates compliance
   Microsoft EMS
   9. User-friendly remediation experience
   provided by Intune and Jamf
   2. Mac is registered with Intune
   6. Azure AD enforces Conditional Access
   1. Mac is managed by Jamf Pro
   3. Jamf sends macOS device
   inventory to Intune
   5. Generates compliance report
   Intune Azure AD
   EMS + Jamf
   

   View Slide

9. © JAMF Software, LLC
   EMS + Jamf Requirements
   • Jamf Pro 10.9.0 or later
   • Microsoft Enterprise Mobility + Security (AAD Premium & Microsoft
   Intune)
   • A Jamf Pro user account with Conditional Access privileges
   • Microsoft Intune Company Portal app for macOS (v1.12 or later)
   • Computers with macOS 10.12 or later
   

   View Slide

10. © JAMF Software, LLC
    Best Practices
    • Deploy a configuration profile/policy in Jamf Pro for each
    compliance policy created in Intune
    • Make sure to remove device from Jamf to remove from Intune
    • Delete option in Intune to remove stale test devices
    • Allow EM+S related URLs/Ports in firewall if needed
    • Check for AAD device ID in Jamf Pro if device not showing up in
    Intune
    

    View Slide

11. © JAMF Software, LLC
    Thank you for listening!
    Give us feedback by
    completing the 2-question
    session survey in the JNUC
    2019 app.
    UP NEXT
    Who’s Afraid of the Command Line?
    1:30 – 2:15 PM
    

    View Slide