First published on CloudBlogs on Dec 14, 2017
  
  
This post is co-authored by Brad Anderson, Corporate Vice President, Microsoft and Dean Hager, CEO, Jamf. At the Jamf Nation User Conference (JNUC) in October , we talked about how our partnership would provide an automated compliance-based solution for secure access to corporate data from Mac devices. This solution uses Microsoft Enterprise Mobility + Security (EMS) conditional access and Jamf Pro Mac management capabilities to ensure that company data can only be accessed by trusted users, from trusted devices, using trusted apps. Today, Microsoft and Jamf are proud to make this integration generally available to our shared customers. Jamf customers can upgrade to Jamf Pro 10.1 to get started today . The EMS cloud services have already been updated with this functionality and are available globally. 
  
This post is co-authored by Brad Anderson, Corporate Vice President, Microsoft and Dean Hager, CEO, Jamf. At the Jamf Nation User Conference (JNUC) in October , we talked about how our partnership would provide an automated compliance-based solution for secure access to corporate data from Mac devices. This solution uses Microsoft Enterprise Mobility + Security (EMS) conditional access and Jamf Pro Mac management capabilities to ensure that company data can only be accessed by trusted users, from trusted devices, using trusted apps. Today, Microsoft and Jamf are proud to make this integration generally available to our shared customers. Jamf customers can upgrade to Jamf Pro 10.1 to get started today . The EMS cloud services have already been updated with this functionality and are available globally.
Why is conditional access critical?
Every organization wants to ensure that only trusted users, on trusted devices, using trusted apps get access to their data. However, the perimeter-based security model that organizations have traditionally used is no longer effective in providing this level of security when the data is increasingly outside of the corporate firewall – in cloud services and on mobile devices. To address this challenge, EMS has delivered a unique set of security controls for the modern world. Each time access to corporate data is requested, EMS is able to quickly determine if the request is in fact coming from a trusted user, on a trusted device, with a trusted app. Access is then “conditionally” granted to company data based on the policies IT has defined -- and this action relies on the unique data and intelligence in the Microsoft Cloud. This identity-driven security model is what is needed in the modern world of cloud services and mobile devices. Given the increasing sophistication of the attacks and the speed at which these attacks are designed to spread, organizations require solutions that put the power of intelligent clouds working on their behalf 24x7 to assist them in protecting the organization. Conditional access gives IT the power to enforce policies that work in real-time based on the intelligence in the Microsoft Cloud. With this partnership, Jamf is continually feeding the rich data on Macs from Jamf Pro into the Microsoft Cloud – further strengthening the ability of the Microsoft Cloud to protect access to company data.Intune and Jamf Pro integration
The reasoning behind this partnership is simple: Our mutual customers were looking for a way to enforce EMS conditional access policies across all the devices their users chose to use -- PCs, mobile devices, and Macs. We combined the power of the unified endpoint management and conditional access in EMS with Jamf’s Mac device management capabilities to meet the needs of our mutual customers, focusing on three key functions:- Jamf admins will now be able to sync their Mac inventory data with Intune and the Microsoft Cloud. With critical information about the security status of managed Macs, this inventory opens up the ability to do single-pane-of-glass reporting within Intune.
- This inventory data can then be analyzed by Intune’s compliance engine to generate a report and then, combined with intelligence about the user’s identity, enforce conditional access via EMS. If the Mac is compliant with the conditional access policies IT has set, it will be given access to the protected company resources.
- This integration also provides a user-friendly remediation experience for noncompliant devices. Users are seamlessly directed back to Jamf Self Service to fix any security issues causing the device to be non-compliant and preventing them from accessing company data.
Here’s an overview of the architecture for this integration:
Better together
Both of our teams are excited to continue working together to enable this functionality for our mutual customers. Because these solutions now work together, IT can enjoy the management power of each ecosystem with the simplicity of inventory reporting in a single pane of glass. We are looking forward to hearing your feedback and continuing to add new features in the coming year. Since the announcement on this partnership, we have had the opportunity to personally talk with more than 100 joint customers. The feedback has been universally positive. This is a solution that is integrated, modern, and is loved by users and trusted by IT . We are genuinely excited to make these capabilities generally available and can’t wait to see how our customers will use them.To learn more about Jamf’s Microsoft Intune integration, please visit:
To learn more about Intune, please visit:
Published Sep 08, 2018
Version 1.0Brad Anderson
Iron Contributor
Joined September 06, 2018
Microsoft Security Community Blog 
Follow this blog board to get notified when there's new activity