Microsoft + Jamf: Shared Device Mode update

Microsoft and Jamf have a strong history of partnering closely to provide IT and Security teams with an efficient identity management and security experience that can be unified. Jamf commits to our many shared customers leveraging both Microsoft enterprise platforms and Jamf to continuously work on improving how we can integrate and modernize our complementing technologies. In 2024, we continue this work by providing identity and access management solutions that serve the needs of our shared customers.

Conditional Access workflows for individual users

Before we jump into what’s new, let’s quickly recap how our joint efforts have evolved over the past year. In Jamf Pro 10.43, we announced in partnership with Microsoft, that Microsoft's Partner Device Management legacy API used by Jamf Pro's Conditional Access integration was scheduled for deprecation. At the same time, Jamf released the Device Compliance integration for macOS, which uses Microsoft's Partner Compliance Management API. Jamf and Microsoft collaborated to deliver a migration path from the legacy Conditional Access integration to the new Device Compliance integration, made available in Jamf Pro 10.48.

The end-of-support date for the Conditional Access integration (Partner Device Management API) has now been scheduled for September 1st, 2024, meaning all environments using Conditional Access must migrate to Device Compliance before that date.

The following environments are not yet able to use the Device Compliance integration:

• On-premises Jamf Pro environments
• Jamf Pro environments hosted in Jamf Cloud Premium Plus
• Environments using Microsoft 365 GCC High

Jamf is committed to providing support for these three categories of environments in 2024, and customers are encouraged to reach out to their Customer Success representative for assistance in planning the migration to Device Compliance before September 1st, 2024.

Conditional Access workflows and Single Login for shared devices

Jamf has been at the forefront of supporting multi-user environments on iOS and iPadOS devices for years with the introduction of Jamf Setup and Jamf Reset. These apps, combined with unique industry-specific workflows, have allowed for distinct configurations and apps to be applied on the device based on the role selected by the employee, staff or student. One way we have journeyed into making this workflow easier for our customers is to use Apple’s new Single Sign-On extensions (SSOe) allowing for the end-users to enter credentials tied to a cloud Identity Provider (IdP) that would trigger scoping by unique department, role or individual configurations and apps. This eases the burden on Jamf Pro admins in manually aligning the scope for new workflows. Jamf is building automated workflows for this to function seamlessly with Microsoft’s recently released Shared Device Mode support for iOS-based devices.

We are partnering closely with Microsoft on this integrated solution to offer Single Login, a workflow powered by Jamf Setup and Jamf Reset, and Shared Device Mode for iOS and iPadOS. Many of our customers recognize this as a Private Preview feature currently available within Jamf Setup and Jamf Reset. In 2024, Jamf is undertaking the work to utilize Microsoft’s Partner Compliance Management API along with Jamf’s Device Compliance functionality to bring Single Login and Shared Device Mode out of Preview. For now, our experts can supply shared iPad support with Jamf Setup and Jamf Reset, allowing custom configuration profiles, apps and wallpapers to meet customers’ customization needs.