cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Conditional Access for macOS devices joined by Jamf Pro

TobiasKoe
Copper Contributor

‎Jul 15 2020 05:16 AM

‎Jul 15 2020 05:16 AM

Conditional Access for macOS devices joined by Jamf Pro

Our Mac's are managed by Jamf Pro and we have registered our Mac's to Intune and set up a compliance policy.

we check if Passcode length and expiration date are the same as the passcode policy required by Jamf to that user.

Without that policy in Jamf the registered Mac device is not compliant in Password length and expiration date state. All other compliance checks like encryption are green( compliant ) for that device in Devices | All devices > MacName | Device compliance.

with the passcode policy in Jamf all compliance states are green ( compliant ) but if I look at Devices | All devices under the device record and under the compliance field it is Not Compliant ( I checked that the last checkin from Jamf matches ) 

So why is the device not compliant in that view ?!?

821 Views
0 Likes
2 Replies
Reply
2 Replies
Ben_Yim

‎Jul 15 2020 08:29 AM

‎Jul 15 2020 08:29 AM

RE: Conditional Access for macOS devices joined by Jamf Pro

We're following up here... hold tight...
0 Likes
Reply
ShondaHodge

‎Jul 15 2020 09:38 AM

‎Jul 15 2020 09:38 AM

Re: Conditional Access for macOS devices joined by Jamf Pro

@TobiasKoe 

Hi,

The compliance status in Azure under “Devices -> Azure AD Devices” is used to evaluate compliance. This is the field to check for the device’s compliant state. Typically, you will run into issues if you either do not have a configuration policy in Jamf to match Intune’s compliance policy or if you have one but the fields do not match. Jamf Pro’s Best practices documentation states to effectively evaluate compliance states that you should deploy a configuration profile (Passcode payload)  in Jamf that matches Intune’s compliance policy. You will get conflicting results because Intune uses the data from Jamf Pro: what is gets “Actual Results” versus what it expects “Expected Results” if the two conflict then the device is marked non-compliant even though the device may meet Intune’s compliance policy requirements. This has caused much confusion to customers. Bottom line is there needs to be a policy in Jamf Pro that mirrors what’s in the Intune compliance policy.

0 Likes
Reply