You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: memdocs/intune/protect/conditional-access-integrate-jamf.md
+19-7Lines changed: 19 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -49,6 +49,7 @@ You need the following to configure Conditional Access with Jamf Pro:
49
49
50
50
- Jamf Pro 10.1.0 or later
51
51
- Microsoft Intune and Microsoft AAD Premium P1 licenses (recommended Microsoft Enterprise Mobility + Security license bundle)
52
+
- Global admin role in Azure Active Directory.
52
53
- A user with Microsoft Intune Integration privileges in Jamf Pro
53
54
-[Company Portal app for macOS](https://aka.ms/macoscompanyportal)
54
55
- macOS devices with OS X 10.12 Yosemite or later
@@ -107,12 +108,19 @@ To connect Intune with Jamf Pro:
107
108
8. Next, we will add permissions to update device attributes. At the top left of the **API permissions** page, select **Add a permission** to add a new permission.
108
109
109
110
9. On the **Request API permissions** page, select **Intune**, and then select **Application permissions**. Select only the check box for **update_device_attributes** and save the new permission.
111
+
10. Under **Microsoft Graph**, select **Application permissions**, then select **Application.Read.All**.
110
112
111
-
10. Next, grant admin consent for this app by selecting **Grant admin consent for _\<your tenant>_** in the top left of the **API permissions** page. You may need to re-authenticate your account in the new window and grant the application access by following the prompts.
113
+
11. Select **Add permissions**.
112
114
113
-
11. Refresh the page by click on the **Refresh** button at the top of the page. Confirm that admin consent has been granted for the **update_device_attributes** permission.
115
+
12. Navigate to **APIs my organization uses**. Search for and select **Windows Azure Active Directory**. Select **Application permissions**, and then select **Application.Read.All**.
114
116
115
-
12. After the app is registered successfully, the API permissions should only contain one permission called **update_device_attributes** and should appear as follows:
117
+
13. Select **Add permissions**.
118
+
119
+
14. Next, grant admin consent for this app by selecting **Grant admin consent for _\<your tenant>_** in the top left of the **API permissions** page. You may need to re-authenticate your account in the new window and grant the application access by following the prompts.
120
+
121
+
15. Refresh the page by selecting **Refresh** at the top of the page. Confirm that admin consent has been granted for the **update_device_attributes** permission.
122
+
123
+
16. After the app is registered successfully, the API permissions should only contain one permission called **update_device_attributes** and should appear as follows:
@@ -135,10 +143,14 @@ The app registration process in Azure AD is complete.
135
143
136
144
1. Activate the connection in the Jamf Pro console:
137
145
138
-
1. Open the Jamf Pro console and navigate to **Global Management** > **Conditional Access**. Click the **Edit** button on the **macOS Intune Integration** tab.
139
-
2. Select the check box for **Enable Intune Integration for macOS**.
140
-
3. Provide the required information about your Azure tenant, including **Location**, **Domain name**, the **Application ID**, and the value for the *client secret* that you saved when you created the app in Azure AD.
141
-
4. Select **Save**. Jamf Pro tests your settings and verifies your success.
146
+
1. Open the Jamf Pro console and navigate to **Global Management** > **Conditional Access**. Select **Edit** on the **macOS Intune Integration** tab.
147
+
2. Select the check box for **Enable Intune Integration for macOS**. When this setting is enabled, Jamf Pro sends inventory updates to Microsoft Intune. Clear the selection if you want to disable the connection but save your configuration.
148
+
3. Select **Manual** under **Connection type**.
149
+
4. From the **Sovereign Cloud** pop-up menu, select the location of your Sovereign Cloud from Microsoft.
150
+
5. Select **Open administrator consent URL** and follow the onscreen instructions to allow the Jamf Native macOS Connector app to be added to your Azure AD tenant.
151
+
6. Add the **Azure AD Tenant Name** from Microsoft Azure.
152
+
7. Add the **Application ID** and **Client Secret** (previously called Application Key) for the Jamf Pro application from Microsoft Azure.
153
+
8. Select **Save**. Jamf Pro tests your settings and verifies your success.
142
154
143
155
Return to the **Partner device management** page in Intune to complete the configuration.
0 commit comments