Microsoft Partner Compliance Management API Integration for macOS

What is the Jamf and Microsoft partner integration?

Jamf’s integration with Microsoft is one of many Jamf integrations that enhances user experience. This integration connects users with Microsoft Azure as the IdP, allowing users to extend authentication to their apps via SSO. Office 365 apps are automatically deployed, configured and kept up-to-date. And macOS and iOS devices are kept in compliance with Jamf Pro’s Device Compliance and Microsoft’s Azure Sentinel. The powerful combination of Azure conditional access and Jamf Pro’s telemetry data ensures that devices are secure.

Jamf and Microsoft integration history

2017: Jamf and Microsoft introduce macOS conditional access.

Admins needed to be able to sync and analyze their Mac inventory data with the Microsoft Endpoint Manager and provide a user-friendly remediation experience for non-compliant devices. Cynor dives into how the first of the Jamf and Microsoft integrations use the Partner Device Management (PDM) API to:

• Leverage Jamf smart groups for targeted Macs
• Register using the company portal
• Continuously calculates compliance
• Enforce access with Conditional Access policies

The Jamf Pro telemetry used for compliance is shown in the presentation.

2019: Jamf and Microsoft support iOS device compliance

With the rise of enterprise iOS devices came the need to ensure device compliance. The key difference between this integration and the 2017 integration is the compliance calculation -- it shifted from being analyzed by Microsoft Endpoint Manager to Jamf Pro. It also uses a different API, the Partner Compliance Management API. Similar to the previous integration, this integration:

• Leverages smart groups
• Registers iOS/iPadOS devices to Azure
• Sends device inventory data
• Continuously calculates compliance
• Enforces access with Conditional Access policies

2022: Jamf and Microsoft support macOS device compliance

Based on customer feedback, this integration provides a more granular compliance control. It keeps macOS in compliance using the same calculation the 2019 integration uses for iOS and iPadOS devices. This integration:

• Leverages smart groups
• Registers macOS/iOS/iPadOS devices to Azure
• Provides self-service and a company portal for device registration
• Sends device inventory data
• Continuously calculates compliance
• Enforces access with Conditional Access policies

Admin and user experience

Next, Whitis demonstrates some key differences admins and users would see in the 2019 and later integrations vs the 2017 one. He starts by showing JSON blobs that update devices to compliance, followed by the compliance status interface seen by the user. He dives into how device compliance can be checked, whether via Jamf Pro, Azure AD or the API.

The user experience during registration also received an update. The latest integration has an additional key, UseWKWebView, that allows native Apple webview in versions of Jamf Pro 10.38 and higher. The addition of the Azure AD SSO extension further simplifies the authentication process for the user. Whitis walks us through a screen recording of these enhancements from the user's perspective.