Jamf and Microsoft Endpoint Manager (Intune): The Good, The Bad and The Ugly

Todd Ness, Senior Mac IT Engineer, End-User Operating Environ, Veritas Technologies, and Bryce Carlson, Senior Technical Support Engineer, Jamf, shared with this session that the integration between Jamf and Intune takes time and experience to nail down. But, with the information shared in this session, the lived-experience and key takeaways can help inform your approach to mastering Jamf and Microsoft Endpoint Management. Here's the summary:

The Good

• The integration means you are more secure with fewer obstacles. Single sign-on (SSO), Multi-factor authentication (MFA) and force encryption to trusted state upon device deployment are among the many ways the integration accomplishes this while still placing the end user experience at the forefront of IT support.
• Updating and upgrading your devices are set by you with your criteria. If you want to force users to operate under the latest upgrades. Or, if you want to restrict updating, it's in your hand, not the users'.
• Resources, resources, resources! This integration has support and documentation resources to assist you:
  • Bryan Carlson's MacBuddy
  • Jamf documentation:
    • https://docs.jamf.com/10.1.0/jamf-pro/release-notes/What%27s_New.html
    • https://docs.microsoft.com/en-us/mem/intune/protect/conditional-access-integrate-jamf
  • Microsoft documentation
    • https://docs.microsoft.com/en-us/mem/intune/protect/troubleshoot-jamf#cause-6
    • https://docs.microsoft.com/en-us/mem/intune/protect/conditional-access-integrate-jamf
  • Connect with others on the Macadmin Slack channel
    • #jamf-intune-integration

The Bad

• Confusing terminology (enrollment v registration, for example)
• More to manage and keep up to date
  • Intune compliance policies need to managed and do not take effect immediately
• Decommissioning devices when retired or employee computers change are not always automatically removed, although this process is improving
• A myriad of other quirks like glitches with browsers, delays in information updating, as well as others.

The Ugly

• Troubleshooting and help can be complicated between the different providers and getting to the right place. Is it Jamf? Microsoft? Where do you start?
  • Once you get to the right place or your case is escalated, you’re on your way. But, you have to get there first.
• Filters, Do’s and Don’t’s
  • Don’t search in devices portal.azure.com devices
  • Do search the UON of users in Intune
• Intune devices’ all devices tab may not show recently enrolled devices or will continue to display deleted devices.
• There can be multiple and duplicate instances of the same device.

The Fix

• For troubleshooting and support cases, use the documentation and resources available to you, leverage the community pros and Macadmins slack channels, and get your case escalated.
• And for more technical issues that arise, learn the most common issues and take best-action steps for the most common solutions

For more tips and tricks from Todd and Bryce, as well as an in-depth discussion with real-life troubleshooting scenarios, you can now watch this session on demand.