Security is something you hear about daily, and everyone seemingly has a “solution” on how to secure things. If you follow the news, it appears that hackers work around the clock and never stop trying to find a door into your organization. With breaches a constant threat, the timing couldn’t have been better for the Microsoft and Jamf partnership.
There was definitely a gap when it came to securely allowing Macs to enter the world of Microsoft software. For example, I may have all my Macs enrolled and secured with Jamf, but there was no way to talk to the Windows cloud of Azure. The Microsoft and Jamf partnership changed this.
An unlikely pairing: Microsoft and Jamf
I didn't know what type of support I would get since this integration — to me — seemed like direct competition to Microsoft. Which lead me to ask the lead Jamf technician why Microsoft allowed this integration. The answer he gave me was very insightful and made a ton of sense.
He said, “We want people to choose which product makes the most sense to them and then for Microsoft to support it.”
I really like this standpoint and is a testament to the new way of IT thinking: We don’t really care what device you want. Regardless of what you choose, we’re here to support you.
The fact that my Macs can talk directly with Azure and apply conditional access to them is awesome. Through the Jamf and Microsoft solution for automated compliance management, conditional access ensures that only trusted users, from compliant devices, using approved apps, are accessing company data.
Jamf and Microsoft wrote a nice paper on how the whole thing works. Read it here.
Using conditional access to secure devices, data and users
I went live with this feature in February 2018 and was able to go straight into production without major issues. Jamf allows me to build Azure conditional access policies for trusted Mac and iOS devices. This is huge; one place to create policies in Azure and enjoy trusted, secure devices company wide.
Since everything is done in Azure, once the policies are created and applied, it works for all devices. We no longer need to worry about compromised devices accessing company data. Since this device isn't in Azure, it’s denied access to assets stored in the cloud, such as Office 365 applications. If you want to keep devices trusted in your organization, this is a win-win integration that Microsoft and Jamf have built.
It's also nice to see two big corporations like Microsoft and Jamf work together to solve a problem in the enterprise. Let's face it, even if you are a complete Windows shop, there is always going to be users who want a Mac. With this integration, it’s incredibly easy to onboard Macs and bring the same level of security to Apple and Windows.
Jamf Connect to make this even better
The other very exciting integration to streamline the Jamf and Microsoft solution is Jamf Connect. This allows out of the box Azure Active Directory authentication and account creation. This brings in a whole new era of zero-touch deployments.
I will very soon be able to ship brand new Macs to end users without me doing a thing to them. I look forward to the future of Jamf and Microsoft's integration with Azure conditional access and Jamf Connect.
I recommend you give this functionality a try for yourself. Start with a free trial.
Kyle is a member of Jamf Heroes and systems engineer at a large manufacturing organization.