Home

Conditional Access with MacOS Safari

%3CLINGO-SUB%20id%3D%22lingo-sub-465029%22%20slang%3D%22en-US%22%3EConditional%20Access%20with%20MacOS%20Safari%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-465029%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20JAMF%20integration%20allows%20our%20devices%20to%20be%20marked%20as%20compliant%20in%20Azure%20AD.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%2C%20there%20is%20some%20confusion%20as%20to%20how%20this%20affects%20conditional%20access.%20For%20example%2C%20we%20use%20the%20%22require%20devices%20to%20be%20marked%20as%20compliant%22%20option%20-%20with%20Windows%2010%20we%20know%20that%20this%20can%20affect%20both%20browsers%20and%20client%20applications%20(e.g.%20OWA%20on%20Exchange%20Online%20and%20the%20Outlook%20client)%20and%20only%20a%20compliant%20device%20can%20access%20via%20either%20browser%2Fapps.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20this%20the%20same%20with%20MacOS%20or%20is%20it%20just%20client%20applications%20currently%20supported%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20example%2C%20accessing%20OWA%20with%20Safari%20on%20MacOS%2C%20with%20exchange%20online%20only%20granting%20access%20to%20compliant%20devices.%20My%20assumption%20would%20be%20that%20it%20would%20fail%20and%20I'd%20need%20to%20access%20this%20via%20the%20Outlook%20client%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETo%20sum%20up%20the%20question%2C%20if%20I%20were%20to%20grant%20access%20to%20Exchange%20Online%20only%20for%20devices%20that%20are%20marked%20as%20compliant%2C%20will%20a%20JAMF%20managed%20MacOS%20device%20be%20able%20to%20access%20via%20Safari%20(or%20any%20other%20browser%3F)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-465029%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAccess%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
thisisused21_1480
Occasional Visitor

Hi,

 

The JAMF integration allows our devices to be marked as compliant in Azure AD.

 

However, there is some confusion as to how this affects conditional access. For example, we use the "require devices to be marked as compliant" option - with Windows 10 we know that this can affect both browsers and client applications (e.g. OWA on Exchange Online and the Outlook client) and only a compliant device can access via either browser/apps. 

 

Is this the same with MacOS or is it just client applications currently supported?

 

For example, accessing OWA with Safari on MacOS, with exchange online only granting access to compliant devices. My assumption would be that it would fail and I'd need to access this via the Outlook client?

 

To sum up the question, if I were to grant access to Exchange Online only for devices that are marked as compliant, will a JAMF managed MacOS device be able to access via Safari (or any other browser?)

 

Related Conversations
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
7 Replies