$30 off During Our Annual Pro Sale. View Details »

Microsoft and Jamf: Better Together

Jamf
November 13, 2019
190

Microsoft and Jamf: Better Together

Jamf

November 13, 2019
Tweet

Transcript

  1. © JAMF Software, LLC
    Microsoft and Jamf: Better together
    11:15 – 12:00
    UP NEXT

    View Slide

  2. View Slide

  3. © JAMF Software, LLC
    Arnab Biswas
    Program Manager
    Microsoft Corporation
    Neil Johnson
    Principal Program Manager
    Microsoft Corporation

    View Slide

  4. © JAMF Software, LLC
    Microsoft and Jamf: Better together
    Agenda:
    Why should Jamf customers be interested in Microsoft?
    How does Microsoft Intune and Jamf Pro integrate?
    Best practices for Microsoft-Jamf integration

    View Slide

  5. © JAMF Software, LLC
    Trust isn’t based on the corporate network
    Users
    Trusted only when
    Identity is securely
    established, and
    Risk is measured
    and deemed
    acceptable
    Endpoints
    Trusted only when
    Identity is securely
    established,
    Compliance is
    demonstrated, and
    Risk is measured
    and deemed
    acceptable
    Apps
    Access is
    Controlled based
    on User Trust,
    Device Trust, and
    App Sensitivity
    Data
    Protected by
    default based on
    Identity and
    Classification

    View Slide

  6. © JAMF Software, LLC
    Why use EMS with Jamf?
    Conditional Access blocks unknown and non-compliant Macs.
    View Jamf-managed Macs in Microsoft Endpoint Manager.
    Device compliance is evaluated based on:
    • Device health: System Integrity Protection
    • Device properties: min/max OS
    • System security: password rules, encryption, firewall and Gatekeeper

    View Slide

  7. © JAMF Software, LLC
    Jamf Managed, Intune Compliant
    Advanced agent-based MDM
    management with compliance
    enforcement.
    • Zero-touch deployments
    • Extensive inventory
    • Depth of security controls
    • Self Service app catalog & End user controls
    • Limiting access to compliant Macs
    • Scripting
    EMS
    +

    View Slide

  8. © JAMF Software, LLC
    8. Block access from
    noncompliant devices
    7. Allow access from
    compliant devices
    4. Intune evaluates compliance
    Microsoft EMS
    9. User-friendly remediation experience
    provided by Intune and Jamf
    2. Mac is registered with Intune
    6. Azure AD enforces Conditional Access
    1. Mac is managed by Jamf Pro
    3. Jamf sends macOS device
    inventory to Intune
    5. Generates compliance report
    Intune Azure AD
    EMS + Jamf

    View Slide

  9. © JAMF Software, LLC
    EMS + Jamf Requirements
    • Jamf Pro 10.9.0 or later
    • Microsoft Enterprise Mobility + Security (AAD Premium & Microsoft
    Intune)
    • A Jamf Pro user account with Conditional Access privileges
    • Microsoft Intune Company Portal app for macOS (v1.12 or later)
    • Computers with macOS 10.12 or later

    View Slide

  10. © JAMF Software, LLC
    Best Practices
    • Deploy a configuration profile/policy in Jamf Pro for each
    compliance policy created in Intune
    • Make sure to remove device from Jamf to remove from Intune
    • Delete option in Intune to remove stale test devices
    • Allow EM+S related URLs/Ports in firewall if needed
    • Check for AAD device ID in Jamf Pro if device not showing up in
    Intune

    View Slide

  11. © JAMF Software, LLC
    Thank you for listening!
    Give us feedback by
    completing the 2-question
    session survey in the JNUC
    2019 app.
    UP NEXT
    Who’s Afraid of the Command Line?
    1:30 – 2:15 PM

    View Slide