This post is co-authored by Brad Anderson, Corporate Vice President, Microsoft and Dean Hager, CEO, Jamf.
At the Jamf Nation User Conference (JNUC) in October, we talked about our partnership that would provide an automated compliance-based solution for secure access to corporate data from Mac devices. This solution uses Microsoft Enterprise Mobility + Security (EMS) conditional access and Jamf Pro Mac management capabilities to ensure that company data can only be accessed by trusted users, from trusted devices, using trusted apps.
Today, Microsoft and Jamf are proud to make this integration generally available to our shared customers. Jamf customers can upgrade to Jamf Pro 10.1 to get started today. The EMS cloud services have already been updated with this functionality and are available globally.
Why is conditional access critical?
Every organization wants to ensure that only trusted users, on trusted devices, using trusted apps get access to their data. However, the perimeter-based security model organizations have traditionally used are no longer effective in providing this level of security when the data is increasingly outside of the corporate firewall – in cloud services and on mobile devices. This is the place where EMS has delivered a unique set of security controls for the modern world. Each time access to data is requested, EMS is able to quickly determine if the request is in fact coming from a trusted user, on a trusted device with a trusted app. Access is then “conditionally” granted to company data based on the policies IT has defined – relying on the unique data and intelligence in Microsoft Cloud. This identity-driven security model is what is needed in the modern world of cloud services and mobile devices.
Given the increasing sophistication of the attacks and the speed at which these attacks are designed to spread, organizations require solutions that put the power of intelligent clouds working on their behalf 24x7 to assist them in protecting the organization. Conditional access provides the ability to IT to have policies enforced in real-time based upon the intelligence in the Microsoft Cloud. With this partnership, Jamf is continually feeding the rich data on Macs from Jamf Pro into the Microsoft Cloud – strengthening the ability of the Microsoft Cloud to protect access to company data from Macs.
Intune and Jamf Pro integration
The reasoning behind this partnership is simple: Our mutual customers were looking for a way to enforce EMS conditional access policies across all the devices their users chose to use – PCs, mobile devices, and Macs. We combined the power of the unified endpoint management and conditional access in EMS with Jamf’s Mac device management capabilities to meet the needs of our mutual customers, focusing on three key functions:
- Jamf admins will now be able to sync their Mac inventory data with Intune and the Microsoft Cloud. With critical information about the security status of managed Macs, this inventory opens up the ability to do single-pane-of-glass reporting within Intune.
- This inventory data can then be analyzed by Intune’s compliance engine to generate a report and then, combined with intelligence about the user’s identity, enforce conditional access via EMS. If the Mac is compliant with the conditional access policies IT has set, it will be given access to the protected company resources.
- This integration also provides a user-friendly remediation experience for noncompliant devices. Users are seamlessly directed back to Jamf Self Service to fix any security issues causing the device to be non-compliant and preventing them from accessing company data.
Here’s an overview of the integration architecture:
Both of our teams are excited to continue working together to enable this functionality for our mutual customers. Because these solutions now work together, IT can enjoy the management power of each ecosystem with the simplicity of inventory reporting in a single pane of glass. We are looking forward to hearing your feedback and continuing to add new features in the coming year.
Since the announcement on this partnership – we have had the opportunity to personally talk with more than 100 joint customers. The feedback has been universally positive with IT professionals immediately understanding how this integrated solution enables them to deliver the modern workplace that is loved by users and trusted by IT.
We are genuinely excited to make these capabilities generally available and can’t wait to see how our customers will use them.
To learn more about Intune, please visit: https://www.microsoft.com/en-us/cloud-platform/microsoft-intune
To learn more about Jamf’s Microsoft Intune integration, please visit: https://www.jamf.com/products/jamf-pro/microsoft/
Or download the Conditional Access: Going Beyond Perimeter-Based Security white paper to learn:
- Where traditional security models fall short and how to build a modern security environment
- How to ensure only trusted users on trusted devices using trusted apps access corporate data
- Ways to achieve proxy-free conditional access for Mac with Jamf and Microsoft Enterprise Mobility + Security