network Users Trusted only when Identity is securely established, and Risk is measured and deemed acceptable Endpoints Trusted only when Identity is securely established, Compliance is demonstrated, and Risk is measured and deemed acceptable Apps Access is Controlled based on User Trust, Device Trust, and App Sensitivity Data Protected by default based on Identity and Classification
Access blocks unknown and non-compliant Macs. View Jamf-managed Macs in Microsoft Endpoint Manager. Device compliance is evaluated based on: • Device health: System Integrity Protection • Device properties: min/max OS • System security: password rules, encryption, firewall and Gatekeeper
7. Allow access from compliant devices 4. Intune evaluates compliance Microsoft EMS 9. User-friendly remediation experience provided by Intune and Jamf 2. Mac is registered with Intune 6. Azure AD enforces Conditional Access 1. Mac is managed by Jamf Pro 3. Jamf sends macOS device inventory to Intune 5. Generates compliance report Intune Azure AD EMS + Jamf
Pro 10.9.0 or later • Microsoft Enterprise Mobility + Security (AAD Premium & Microsoft Intune) • A Jamf Pro user account with Conditional Access privileges • Microsoft Intune Company Portal app for macOS (v1.12 or later) • Computers with macOS 10.12 or later
profile/policy in Jamf Pro for each compliance policy created in Intune • Make sure to remove device from Jamf to remove from Intune • Delete option in Intune to remove stale test devices • Allow EM+S related URLs/Ports in firewall if needed • Check for AAD device ID in Jamf Pro if device not showing up in Intune
jamf
ivargrimstad
chikuwait
twada
kneath
portentint
aleyda
inesmontani
takai
bethany
nikkihalliwell
tomoyanonymous
mlcsv
