- #JAMF AND AZURE AD HOW TO#
- #JAMF AND AZURE AD REGISTRATION#
- #JAMF AND AZURE AD PRO#
- #JAMF AND AZURE AD PASSWORD#
#JAMF AND AZURE AD REGISTRATION#
When troubleshooting registration issues, start by gathering the following information: It’s important to note that the Intune Company Portal app must be launched from the Jamf Self Service app if not the device will not be properly registered. Troubleshooting Intune Registration for Jamf-managed devices NOTE: AuthN primarily deals with user identity: who is this person? Is she who she says she is?
#JAMF AND AZURE AD PASSWORD#
All client apps using ADAL (Azure Active Directory Authentication Library) can do device AuthN, but users will see Ke圜hain access password prompts. The Intune Company Portal app is required to do device registration, which occurs during JamF .
Login keychain typically has the same password as the MacOS sign-in password, however it could also have a different password.Login keychain access is needed to complete device authentication on MacOS.The WPJ state is stored in Login keychain.Notes on MacOS Authentication and Registration This device identity is needed for Intune registration. It uses the public-private key infrastructure, and on the device/client side it’s referred to as workplace joined (WPJ)/ domain-joined (DJ)/ Azure AD-joined (AADJ) whereas on the server side it is referred to as Azure Device Registration Service (ADRS or simply DRS). If the Mac device is compliant with the conditional access policies configured, it will be allowed access to the protected company resources.ĭevice registration is the process in which a device’s identity is established in AAD. This inventory data can then be analyzed by Intune’s compliance engine to generate a report, then combined with intelligence about the user’s identity, enforce conditional access via EMS. Jamf does this by allowing admins to sync their Mac inventory data with Intune and the Microsoft Cloud.
#JAMF AND AZURE AD PRO#
If your organization uses Jamf Pro to manage macOS devices, you can use Microsoft Intune compliance policies with Azure Active Directory conditional access to ensure that devices in your organization are compliant before accessing company resources. They will advise whether a case needs to be opened with Microsoft. NOTE If you encounter issues with the integration of Jamf and Intune, please open a ticket with Jamf first. Support Engineer Lucas Lenard (Support Engineer I and Geoff Root (Test Engineer I who worked closely with Shonda to get this article created.
#JAMF AND AZURE AD HOW TO#
Shonda already published detailed steps on getting Jamf integration configured here, and today she follows that up with an article on how to troubleshoot integration if you encounter any issues.
I only throw Azure in, because I know we can sync on Prem AD with Azure if that's the best way to then sync with Jamf Pro.Hi everyone, today we have another post from Intune Support Engineer and resident Jamf expert Shonda Hodge. Is there a reliable way to get Jamf Pro to sync users with either on Prem DC / Azure AD and work the way I described. Obviously, it would be a no brainer with Windows workstations but that's not going to happen any time soon. The issue is they want to be able to sync AD to Jamf Pro, then have Jamf create user profiles and passwords based on AD users that are kept up-to-date with the DC. We already have them enrolled and managed in Jamf Pro, and that's working out pretty well. They are insistent on using Mac's as workstations and RDP workspace for certain applications hosted on a windows RDP server. We manage a client who uses on Prem DC's for AD, as well as M365 for email. Most of my experience is in Windows environments, but I'm hoping you guys can tell me it's actually doable and reliable to deploy.
I feel crazy writimg this, as it's a pretty unusual situation for me.
0 kommentar(er)
