At the 2017 Jamf Nation User Conference (JNUC), Jamf and Microsoft announced a collaboration to provide an automated compliance-based solution for secure access to corporate data on macOS, using Microsoft Enterprise Mobility + Security (EMS) conditional access and Jamf Pro management capabilities. Since that announcement we have made enhancements to the partnership, including providing conditional access for iOS devices in 2020, with the same end goal – trusted users accessing trusted apps on trusted devices.
Why is conditional access critical?
Every organization wants to ensure security of their data. However, the perimeter-based security model organizations have traditionally used is no longer effective in today’s mobile work environment, with cloud services and remote employees. This is the place where zero-trust solutions like EMS deliver a unique set of security controls for the modern world. Each time access to data is requested, EMS can quickly determine if the request is coming from a trusted user, on a trusted device, using a trusted app. Access is then “conditionally” granted to company data based on the policies IT has defined – relying on the unique data and intelligence in Microsoft Cloud. This identity-driven security model is what is needed in today's world of cloud services and remote employees.
Given the increasing sophistication and speed of cyber-security attacks, organizations require solutions that put the power of intelligent clouds working 24x7 to assist in protecting their organization. With this partnership, Jamf continually feeds compliance data on macOS and iOS devices from Jamf Pro into the Microsoft Cloud – strengthening Microsoft Cloud’s ability to protect access to company data.
Intune and Jamf Pro integration
This integration meets the need of our mutual customers to enforce conditional access policies across all their user's devices – Macs, PCs, and mobile devices (iOS and others). For macOS, Jamf Pro shares device information with Microsoft Endpoint Manager, which determines a device’s compliance status. For iOS, Jamf Pro determines compliance status and sends the compliance state to Microsoft Endpoint Manager. If a device is not compliant based on an admin’s chosen criteria, access is denied and the end user is directed to Jamf Self Service to begin remediation.
We combined the power of the unified endpoint management and conditional access in EMS with Jamf’s device management capabilities to help solve the challenges customers face, focusing on three key functions:
- Jamf admins are able to sync their macOS and iOS inventory data with Intune. With critical information about the security status of managed devices, this device signal is important in determining and enforcing compliance.
- For macOS, this inventory data can then be analyzed by Intune’s compliance engine to generate a report and then, combined with intelligence about the user’s identity, allows Microsoft to enforce conditional access via EMS. If the device is compliant with the conditional access policies IT has set, it will be given access to the protected company resources.
- This integration also provides a user-friendly remediation experience for noncompliant iOS devices. Users are seamlessly directed back to Jamf Self Service to fix any security issues causing the device to be non-compliant and preventing them from accessing company data.
Because these solutions integrate, IT can enjoy the management power of each ecosystem with the simplicity of inventory reporting in a single pane of glass.
Since the announcement on this partnership in 2017 we have had the opportunity to personally talk with numerous mutual customers. We’ve gotten extensive feedback and we’ll continue to enhance this feature to support organizations investing in Microsoft and Apple – helping create a modern workplace that is loved by users and trusted by IT.
We are excited to continue developing the capabilities of this integration and to see how our customers use them.
To learn more about Intune, please visit: https://www.microsoft.com/en-us/cloud-platform/microsoft-intune
Mark your calendar to join JNUC 2022 for discussions about other enhancements to Microsoft workflows.
To learn more about Jamf’s Microsoft Intune integration, please visit: https://www.jamf.com/integrations/microsoft
Or download the Conditional Access: Going Beyond Perimeter-Based Security white paper to learn:
- Where traditional security models fall short and how to build a modern security environment
- How to ensure only trusted users on trusted devices using trusted apps access corporate data
- Ways to achieve proxy-free conditional access for Mac with Jamf and Microsoft Enterprise Mobility + Security