An integration that links Jamf Pro and Microsoft Intune’s conditional access could fill in Microsoft’s macOS management gaps.
This integration, which was a emphasis of Jamf Nation User Meeting 2020, enables directors to create a connection among Jamf Pro and Intune — now renamed Microsoft Endpoint Manager. This connection communicates no matter whether trusted users are working on a protected and compliant endpoint with only the approved programs and means available. Jamf directors can hyperlink Jamf Pro’s device inventory information with Microsoft Azure Active Listing (Ad) compliance procedures in Intune.
Jack Gold
The introduction of this element bolsters organizations’ potential to run a zero-believe in protection model with each macOS and Home windows endpoints as properly, explained Jack Gold, president and principal analyst at J. Gold Associates.
“Everyone’s now making an attempt to play up the zero-believe in model — that means ‘I you should not believe in nearly anything that comes into my network.’ That’s what Microsoft is concentrating on with this,” Gold explained.
What can the Jamf Pro integration with Intune provide directors?
The integration’s potential to present Intune with a top rated-down check out of macOS endpoints and their protection status, such as the OS variation that users are running, is a important enhancement for Mac endpoint management, explained Todd Ness, a senior Mac IT engineer at Veritas Technologies, in a session he hosted at the meeting.
“You [can] established a minimum amount OS degree, and if users try to log in and check out their e-mail with an outdated OS, they can’t do it,” Ness explained. “[End users] will be very determined to get their pc up to day.”
This element is particularly applicable with the uptick in BYOD Mac usage thanks to the pandemic-induced perform-from-property growth, Gold explained. Companies will have to be particularly cautious granting remote, individually-owned Mac gadgets access to the company network and means.
This integration also enables IT admins to command authentication and access permissions for the Business office 365 suite on macOS gadgets with the very same Intune procedures they use for Home windows desktops. Moreover, when a user authenticates for a single Business office 365 app, that authorization applies to the entire suite of Business office 365 programs. These connections can cut down perform for directors that tried using to manually connect macOS programs with Azure Ad.
“Just before this integration came out, I had to produce the organization programs [for the Mac gadgets] in Azure Ad manually … by matching the URLs and producing certain everything was great. Now you can just open the Jamf console, help the integration and it redirects you to Azure Ad,” explained Kyle Ericson, a units engineer at a huge manufacturing corporation.
Intune and Jamf Pro integration lacks streamlined assist, automation
Like any new engineering integration, however, directors deal with some troubles that stand in the way of a successful rollout. For illustration, retiring desktops can be an challenge.
The assist teams are carrying out their most effective, but troubleshooting this integration is like inquiring Toyota to fix 1 of their types immediately after you’ve put a Chevy engine beneath the hood. Jack GoldPresident and principal analyst, J. Gold Associates
“The Azure documents do not ever get cleaned up mechanically when you delete a pc from Jamf. When you delete a pc from Jamf it must go get the energetic record out of Intune for you, but if there are a number of entries, it will only clean up 1,” Ness explained through his digital JNUC 2020 session.
This can lead to extra steps through inventory management, adding to It really is workload. Moreover, the integration can lead to some incompliance bogus positives.
“When you run specific compliance procedures with Intune … this can lead to syncing troubles in which users get a noncompliance inside of of Intune even though the device is fully compliant. That interaction piece in some cases breaks down,” Ericson explained.
Ness struggled to find suitable assist for troubleshooting this integration, he explained in the session. He had to open a ticket with each Microsoft and Jamf, and the two sellers were not promptly or right speaking to find out the root induce of the challenge.
Andrew Hewitt
“[Relying on a number of sellers for assist] is a perennial challenge … and it is only going to improve as businesses rely extra on exterior resources for engineering services. Obtaining the root induce from a number of exterior services is acquiring harder and harder,” explained Andrew Hewitt, an analyst at Forrester Study.
This leaves shoppers in a tricky position as they try to troubleshoot troubles with two distinctive assist teams that usually are not acquainted with the other vendor’s system.
“The assist teams are carrying out their most effective, but troubleshooting this integration is like inquiring Toyota to fix 1 of their types immediately after you’ve put a Chevy engine beneath the hood,” Gold explained.
Microsoft fills in MacOS management gaps with Jamf integration
The integration enables businesses to use Microsoft and Jamf’s specific strengths — Microsoft’s breadth of organization-quality services and Jamf’s specialty in macOS management — to simplify their management processes and remove the need for tailor made scripts to connect Jamf Pro and Intune.
“Microsoft wants to be the command center for all matters organization, but they know their macOS management is just not organization-high-quality … so they explained, ‘Let’s partner with the organization that does it most effective,’ and that’s Jamf,” Gold explained.
Intune’s macOS management capabilities are restricted, Ericson agreed.
“Intune is just not the most effective system for Mac devices… it is a little powering the moments,” he explained. “But then I observed that Jamf announced the integration with Intune and thought ‘Oh, great, we can use the most effective of the most effective for Home windows and Mac.'”
This enables Microsoft to assist businesses that run Home windows and macOS endpoints — and even iOS endpoints — to manage connectivity to Azure Ad across all of their gadgets.
Companies that want a deep degree of command and perception on each macOS and Home windows desktops can maintain them inside Azure Ad to capitalize on the strengths of Jamf Pro and Intune.
“Jamf features a large degree of granularity when it comes to management that can’t be matched elsewhere, so this conditional access integration in essence enables Jamf shoppers to absolutely combine with the Microsoft ecosystem,” Hewitt explained.
Andrew Hewitt
