Integrate Jamf Pro with Microsoft Intune

0

If an organization uses Jamf Pro to manage Mac computers, they can use Microsoft Intune compliance policies with Azure Active Directory conditional access to ensure that devices in your organization are compliant. This blogpost will explain how to setup the basic configuration if you need to integrate Jamf Pro with Microsoft Intune.

To connect Microsoft Intune with Jamf Pro we need to complete the following 3 steps:

  1. Create a new application in Azure AD
  2. Enable Intune to integrate with Jamf Pro
  3. Configure Conditional Access in Jamf Pro

Step 1: Create an application in Azure Active Directory

In the Azure Portal, navigate to Azure Active Directory > App Registrations, and select New registration.

clip_image002

On the Register an application page, specify the following details:

  • In the Name section, enter a meaningful application name (Jamf Conditional Access).
  • For the Supported account types section, select Accounts in any organizational directory.
  • For Redirect URI, leave the default of Web, and then specify the URL for your Jamf Pro instance.

Click Register to create the application.

clip_image004

On the app Overview page, copy the Application (client) ID value and save it for later use.

clip_image006

Select Certificates & secrets under Manage.

Select the New client secret button. Enter a value in Description, select any option for Expires (I normally recommend 2 years) and click Add.

clip_image008

Important: Before you leave this page, copy the value for the client secret and record it for later use. You will need this value in later procedures. This value isn’t available again, without recreating the app registration.

clip_image010

Select API permissions under Manage. Select the existing permissions and then select Remove permission to delete those permissions.

Note: Removal of all existing permissions is necessary as you’ll add a new permission, and the application only works if it has the single required permission.

clip_image012

To assign a new permission, select Add a permission. On the Request API permissions page, select Intune.

clip_image014

Select Application permissions and select update_device_attributes.

Select Add permission to save this configuration.

clip_image016

On the API permissions page, select Grant admin consent for APENTO (Org Name) and then select Yes.

clip_image018

The app registration process in Azure AD is complete.

Step 2: Enable Intune to integrate with Jamf Pro

Sign in to Intune, and navigate to Microsoft Intune > Device Compliance > Partner device management.

Enable the Compliance Connector for Jamf by pasting the Application ID you saved during the previous procedure into the Jamf Azure Active Directory App ID field.

Select Save.

clip_image020

Step 3: Configure Microsoft Intune Integration in Jamf Pro

In Jamf Pro, navigate to Global Management > Conditional Access. Click Edit on the Microsoft Intune Integration tab.

clip_image022

Select Enable Intune Integration for macOS.

Provide the required information about your Azure AD tenant:

  • Azure AD Tenant Name
  • Application ID
  • Application Key (the value for the client secret that you saved earlier in this guide)

Select Save.

clip_image024

Click Run Test to verity your settings.

clip_image026

That’s it… This completes the first step of the Jamf Pro integration with Azure AD and Microsoft Intune.

/Enjoy

About Author

My name is Ronni Pedersen and I'm currently working as a Cloud Architect at APENTO in Denmark. My primary focus is Enterprise Client Management solutions, based on technologies like AzureAD, Intune, EMS and System Center Configuration Manager. I'm is also a Microsoft Certified Trainer and Microsoft MVP in Enterprise Mobility.

Leave A Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.