You can use Azure Active Directory and Microsoft Intune's conditional access policies ensure that your end users are compliant with organizational requirements. You can apply these policies to Macs that are managed with Jamf Pro. This requires access to both the Intune and Jamf Pro consoles.

Set up device compliance policies in Intune

  1. Open Microsoft Azure, then navigate to Intune > Device Compliance > Policies. You can create policies for macOS, including choosing a series of actions (e.g., sending warning emails) to noncompliant users and groups.
  2. Search for your desired groups, then apply the policies to them.

Deploy the Company Portal app for macOS in Jamf Pro

You should deploy the Company Portal app for macOS in Jamf Pro as a background installation following the procedure below:

  1. On a macOS device, download the current version of the Company Portal app for macOS. Do not install it; you need a copy of the app to upload to Jamf Pro.
  2. Open Jamf Pro, then navigate to Computer management > Packages.
  3. Create a new package with the Company Portal app for macOS, then click Save.
  4. Open Computers > Policies, then select New.
  5. Use the General payload to configure settings for the policy. These settings should be:
    • Trigger: select Enrollment Complete and Recurring Check-in
    • Execution Frequency: select Once per computer
  6. Select the Packages payload and click Configure.
  7. Click Add to select the package with the Company Portal app.
  8. Choose Install from the Action pop-up menu.
  9. Configure the settings for the package.
  10. Click the Scope tab to specify on which computers the Company Portal app should be installed. Click Save. The policy will run scoped devices the next time the selected trigger occurs on the computer and meets the criteria in the General payload.

Create a policy in Jamf Pro to have users register their devices with Azure Active Directory

End users need to launch the Company Portal app through Jamf Self Service to register the device with Azure AD as a device managed by Jamf Pro. This will require your end users to take action. We recommend that you contact your end user through email, Jamf Pro notifications, or any other methods of notifying your end users to click the button in Jamf Self Service.