First published on CloudBlogs on Dec 14, 2017
This post is co-authored by Brad Anderson, Corporate Vice President, Microsoft and Dean Hager, CEO, Jamf.
Jamf Nation User Conference (JNUC) in October
, we talked about how our partnership would provide an automated compliance-based solution for secure access to corporate data from Mac devices. This solution uses
Microsoft Enterprise Mobility + Security (EMS)
conditional access and
Jamf Pro Mac management capabilities
to ensure that company data can only be accessed by trusted users, from trusted devices, using trusted apps.
Today, Microsoft and Jamf are proud to make this integration generally available to our shared customers. Jamf customers can upgrade to Jamf Pro 10.1 to get started
. The EMS cloud services have
been updated with this functionality and are available globally.
Why is conditional access critical?
Every organization wants to ensure that only trusted users, on trusted devices, using trusted apps get access to their data. However, the perimeter-based security model that organizations have traditionally used is no longer effective in providing this level of security when the data is increasingly outside of the corporate firewall – in cloud services and on mobile devices. To address this challenge, EMS has delivered a unique set of security controls for the modern world. Each time access to corporate data is requested, EMS is able to quickly determine if the request is in fact coming from a trusted user, on a trusted device, with a trusted app. Access is then “conditionally” granted to company data based on the policies IT has defined -- and this action relies on the unique data and intelligence in the Microsoft Cloud. This identity-driven security model is what is needed in the modern world of cloud services and mobile devices.
Given the increasing sophistication of the attacks and the speed at which these attacks are designed to spread, organizations require solutions that put the power of intelligent clouds working on their behalf 24x7 to assist them in protecting the organization. Conditional access gives IT the power to enforce policies that work in real-time based on the intelligence in the Microsoft Cloud. With this partnership, Jamf is continually feeding the rich data on Macs from Jamf Pro into the Microsoft Cloud – further strengthening the ability of the Microsoft Cloud to protect access to company data.
Intune and Jamf Pro
The reasoning behind this partnership is simple: Our mutual customers were looking for a way to enforce EMS conditional access policies across all the devices their users chose to use -- PCs, mobile devices, and Macs. We combined the power of the unified endpoint management and conditional access in EMS with Jamf’s Mac device management capabilities to meet the needs of our mutual customers, focusing on three key functions:
Jamf admins will now be able to sync their Mac inventory data with Intune and the Microsoft Cloud. With critical information about the security status of managed Macs, this inventory opens up the ability to do single-pane-of-glass reporting within Intune.
This inventory data can then be analyzed by Intune’s compliance engine to generate a report and then, combined with intelligence about the user’s identity, enforce conditional access via EMS. If the Mac is compliant with the conditional access policies IT has set, it will be given access to the protected company resources.
This integration also provides a user-friendly remediation experience for noncompliant devices. Users are seamlessly directed back to
Jamf Self Service
to fix any security issues causing the device to be non-compliant and preventing them from accessing company data.
Here’s an overview of the architecture for this integration:
Both of our teams are excited to continue working together to enable this functionality for our mutual customers. Because these solutions now work together, IT can enjoy the management power of each ecosystem with the simplicity of inventory reporting in a single pane of glass. We are looking forward to hearing your feedback and continuing to add new features in the coming year.
Since the announcement on this partnership, we have had the opportunity to personally talk with more than 100 joint customers. The feedback has been universally positive. This is a solution that is integrated, modern, and is
loved by users and trusted by IT
We are genuinely excited to make these capabilities generally available and can’t wait to see how our customers will use them.
To learn more about Jamf’s Microsoft Intune integration, please visit: