Microsoft Intune

by Microsoft
Ensure Apple devices are compliant with Intune's conditional access policies.

You can use Azure Active Directory and Microsoft Intune's conditional access policies ensure that your end users are compliant with organizational requirements. You can apply these policies to Macs that are managed with Jamf Pro. This requires access to both the Intune and Jamf Pro consoles.

Set up device compliance policies in Intune

  1. Open Microsoft Azure, then navigate to Intune > Device Compliance > Policies. You can create policies for macOS, including choosing a series of actions (e.g., sending warning emails) to noncompliant users and groups.
  2. Search for your desired groups, then apply the policies to them.

Deploy the Company Portal app for macOS in Jamf Pro

You should deploy the Company Portal app for macOS in Jamf Pro as a background installation following the procedure below:

  1. On a macOS device, download the current version of the Company Portal app for macOS. Do not install it; you need a copy of the app to upload to Jamf Pro.
  2. Open Jamf Pro, then navigate to Computer management > Packages.
  3. Create a new package with the Company Portal app for macOS, then click Save.
  4. Open Computers > Policies, then select New.
  5. Use the General payload to configure settings for the policy. These settings should be:
    • Trigger: select Enrollment Complete and Recurring Check-in
    • Execution Frequency: select Once per computer
  6. Select the Packages payload and click Configure.
  7. Click Add to select the package with the Company Portal app.
  8. Choose Install from the Action pop-up menu.
  9. Configure the settings for the package.
  10. Click the Scope tab to specify on which computers the Company Portal app should be installed. Click Save. The policy will run scoped devices the next time the selected trigger occurs on the computer and meets the criteria in the General payload.

Create a policy in Jamf Pro to have users register their devices with Azure Active Directory

End users need to launch the Company Portal app through Jamf Self Service to register the device with Azure AD as a device managed by Jamf Pro. This will require your end users to take action. We recommend that you contact your end user through email, Jamf Pro notifications, or any other methods of notifying your end users to click the button in Jamf Self Service.

4.8 Out of 5 Based on 4 reviews
Overall rating
5 / 5 3/4
4 / 5 1/4
3 / 5 0/4
2 / 5 0/4
1 / 5 0/4
Secure Compliance Policies for Office apps
5 / 5
Conditional access policies wrap it nicely in such a way which prevents data leakage and provides additional security to office apps
Security Compliance
5 / 5 By Samstar777 on December 27, 2021
An Integration to make sure access of office data is provided on to the devices which are compliant. Seamless integration between Jamf and Microsoft Azure ADD helps us to achieve this security ask. A must to implement solution from an Security point of view.
Intune Conditional Access
4 / 5 By surajitbapan on March 07, 2022
The Jamf Pro and Intune integration allows to enforce the conditional access policies on Mac and iOS devices & enhances the overall security, provides more control of the corporate data. Real-time remediation workflows ensures a the device falls out of compliance and always keeps the corporate data secure.
A Good Partnership
5 / 5 By honestpuck on March 13, 2022
I was pleasantly surprised how well Intune and Jamf go together for improving the security of the Mac fleet. We don't use all the features possible but what we do use is extremely good.

Configuration Resource

Application Information

Developer Information

Publisher Website Privacy Policy