Introduction
Your datajar.mobi instance can be linked to your Microsoft Entra ID (formerly Azure AD) tenant so that it can provide real-time compliance status for your managed computers and mobile devices. The compliance status can then be processed by Conditional Access policies in Entra ID to allow or deny access to resources users authenticate to.
This article outlines our requirements for carrying out this integration with you.
Note that this service was formerly called "Intune Integration".
For more information, please review https://learn.jamf.com/bundle/jamf-pro-documentation-current/page/Device_Compliance.html
Device Requirements
Hardware: Mac computers or mobile devices (iPhones/iPads)
Operating System: The current supported version of macOS/iOS or previous 2 versions
Device classification: 1:1 devices with local or Jamf Connect based accounts (Shared devices are not supported)
Software: Microsoft Authenticator (iOS) or Company Portal (macOS)
Implementation Requirements
In order to deliver your integration, the implementation engineer will require the following:
-
Your Entra ID tenant must be licensed for Microsoft Enterprise Mobility + Security (specifically Microsoft AAD Premium and Microsoft Intune)
-
A member of your team with the Global Administrator role in your Entra ID tenant
- Access to a shared remote session (TeamViewer/Zoom/Teams etc) on one of your computers with your Entra ID Global Administrator.
- As part of the integration process, the engineer will need to sign into your Managed instance and your Global Administrator will need to sign into your Entra ID portal on the same computer
- Details of your desired device compliance baseline (your engineer can discuss this with you during your implementation if you are unsure or need guidance)
- At least one customer-provided mobile device and/or computer for testing in your environment (the engineer will also have their own test device)
- Credentials for an Entra ID test user account
- Entra ID Security Groups for the following:
- Users who will be able to register their computers/devices for device compliance (users must be licensed for Intune).
- We recommend a dynamic group containing all users with an Intune license, or a group that contains all users if they have this by default
- Users who should be excluded from using this integration (e.g. if you are also using Intune as an MDM service for macOS/iOS and these users need to enrol devices into it directly)
- Users who will be able to register their computers/devices for device compliance (users must be licensed for Intune).
Need further support?
Automate. Simplify. Succeed. If you still require assistance with us or have any further questions, please raise a ticket with our support team.
Alternatively, please see our frequently updated knowledge base articles for reference.