![]() But both should not change, if the device will be re-enrolled to a new server, right? So it should be possible to connect two different JSS to the same Azure tenant? Even if they have different URL.Īnd what happens to the already registered Mac devices from the old server? Does a new connector affect the state of these registrations? On the Azure AD / Intune portal device list I only see an Azure Computer device ID and an Azure User device ID. So only JSS will send the device inventory data to Intune and that's it? So, what is the technical meaning of this URL? Is it only used during the device registration (as the company portal app will be started from Self service and redirects to the Jamf pro server)? As far as I know, Intune will not directly access our JSS (it's even not possible with our current internal server). There's only one issue: the home page and reply URL, which is configured in Intune and links to our internal server at the moment. Is it possible to configure TWO Jamf pro server (at the moment with different databases) to the same Intune Application ID?Īs long as we have the valid tenant name, application id and application key, I don't see why this should not be possible. As we have no test server, we would like to run these both servers simultaneously as long as the new server is not ready for production. Our new server will now be installed and configured, so we want to do some tests (including Intune integration). So the management URL will change to a public URL. Now we want to replace this Jamf pro server with a new Jamf pro server which is accessible from the internet too. About half of these devices are already registered in Intune and conditional access is working. This Jamf pro server is our productive system and contains about 800 enrolled Mac devices. We already have a working configuration with an INTERNAL Jamf pro server and Intune Integration. I have some general questions about the Intune Integration and maybe somebody has more know-how about this. A video will be available of the demo that Dean Hager gave at the Ignite Session as well. We will have more details for you in October at our Jamf Nation User Conference. We will be providing more resources as they become available. ![]() The user is brought into Jamf Self Service to fix the compliance issue. We also provide an easy interface for remediation. Intune will evaluate the compliance and prevent the user from accessing email until the password is fixed. For example, let’s say our user is trying to access email, but the password is not strong enough. This allows you to protect your data by ensuring that 1) your user has proper authorization and authentication and 2) the device the user is on meets your compliance requirements. Second, we can now provide Conditional Access for Jamf managed Mac devices that are trying to access applications set up with Azure AD authentication. This will be great for reporting, and is similar to our existing SCCM plug-in that shares inventory with SCCM. You can drill into that macOS inventory record and see the status of that device. There are two big takeaways from this collaboration.įirst, you will now be able to share your Jamf Pro macOS inventory with Intune for a centralized view of devices. What I don't want is something to trigger an event to cut off conditional access, and it then take hours to days to sync to kick in.We're excited to announce our new collaboration with Microsoft EMS. HR software solutions can take care of the off boarding stuff and they can ship events, or at least the few I know of can. Now lets take into account all OS and third party app patching, you want to access a captive portal or some app via SAML/SSO, and you are using a known vulnerable web browser, how do we make sure we stop you from doing so? Someone's system gets compromised, and your EDR/DLP/whatever-security-tool detects it, and now you need to quarantine that system and probably that account to mitigate all risks. You don't want someone with prod access who leaves the Org to have an active account. This should be done via a triggered event, or an event based workflow so it happens as soon as it can. They day they leave, all their access should be cut to all systems. You have a senior developer leave your Org for a new job. Lets toss a real world scenario into play. My problem is I don't want to wait hours/days for data to sync from jamf to Intune to stop someone from accessing a resource.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |