With Jamf and Microsoft’s new partnership, Jamf are continually feeding the rich data on Macs from Jamf Pro into the Microsoft Cloud – strengthening its ability to protect access to company data from Macs.
IT teams face the scenario of needing to trust an identity, and ensuring that the identity accessing their files is a trusted user, on a trusted device. Businesses can introduce authentication for users accessing their cloud resources, providing strong usernames and passwords, as well as two-factor authentication. They can also secure the device – it can be encrypted, be up to a certain level in terms of patching, and on the latest OS. But on its own, the device can only be secured to a point. And that's where conditional access comes in.
Conditional access
Conditional access gives IT the ability to enforce policies in realtime, based on the intelligence in the Microsoft Cloud. The partnership between Microsoft and Jamf will provide an automated compliance-based solution for secure access to corporate data from Mac devices. It will enable customers to use the compliance of Intune – which provides mobile device management, mobile application management, and PC management capabilities in the cloud – administered from a Jamf point of view. It will ensure that whatever device end users have, whether a Mac, Windows or iOS device, they can still take advantage of the conditional access driven by Microsoft.
With more and more people using notebooks over iMacs or desktop machines, within organisations that might be behind a firewall or internal network with traditional IT resources, enterprises must consider how to secure devices for remote workers. Devices need to be compliant enough that, if they’re lost, corporate data and resources aren’t available for anyone who happens to pick up the device.
While Jamf Pro manages the device from a device policy and update perspective, when it comes to accessing information in the cloud, and in this case Office 365, the compliance is still driven from within Intune. Users can enrol their device with Jamf, and then are prompted to perform an Azure Active Directory Workplace Join. The device would then be registered in Intune as well as in Jamf Pro, and would connect with Jamf for device policy, and Intune for compliance. If a user doesn’t meet the criteria for compliance, they won't be allowed access to the business’s resources.
Remediation process
If a user can’t be identified or the device can’t be secured, the user must go through a remediation process in order to gain access. If an organisation has Intune but not Jamf Pro, the remediation process on a Mac isn't a great experience – it's very much up to the end user to work out how to encrypt the drive, change a password or update the OS. With the partnership between Microsoft and Jamf, the remediation process becomes user-rich.
For example, if the user tries to access Outlook and they're not compliant, it will trigger Self Service which launches to help the user fix the issue under the device compliance category. If a password isn't compliant, it will immediately give them the option to reset the password, or if the device isn't compliant because it's not encrypted, it will give them that option and take the user through the next steps.
If the user doesn’t have Jamf Pro, they’re on their own. Looking at a modern workplace, users like to be self-sufficient – they don't like to be hindered by IT. If a business hasn’t got Jamf managing their machines, how is that user going to feel from a self-help point of view? By putting the power in their hands via Self Service, they can do a lot of the remediation for themselves without ever having to contact IT for help.
Why Jamf?
“Jamf are the only partner doing this,” explains Tariq Saied, Jigsaw24’s Enterprise Services Director. “So they’re the only partner doing it the Microsoft approved way. If you actually sign in and try and set this up in Intune, the only MDM provider you have the option to set this up with is Jamf. So from that point of view, you know if you as a customer are speaking to Microsoft, and you're speaking to Jamf, that the two are talking and it's an official, supported integration. It's not some backdoor entrance, it's all native.”
Want to see Intune and Jamf Pro in action, and discover how your business can benefit from Jamf Pro? Get in touch with the team on 03332 400 888 or email solutions@Jigsaw24.com. For all the latest news, follow @WeAreJigsaw24 on Twitter, or ‘Like’ us on Facebook.
Related Articles
The mobility and power of iPad are a great proposition for construction managers looking to improve communication...
2018 marks the fifth year the Jigsaw24 team have made the trip across the pond to attend the largest single, annual gathering of Apple admins in...
We're excited to announce that Rob Ingham, formerly of BT and Fujitsu, is joining our enterprise team as our new Enterprise Accounts Director.
No employee or manager is ever going to confess to being a fan of annual performance reviews. They take up time...