May 11, 2018 On Intune enrolled Mac’s, Skype for Business will be installed seamlessly and be ready for use. Tip: If you want to watch the progress of the install, open the Console utility on the Mac and filter for the Bundle ID. (For Skype this is com.microsoft.package.MicrosoftautoUpdate.app) Use filter for App keywords: “Skype”. Mac OS X support added to Intune – Part 1: Enabling enrollment of Mac OS X. In order to manage an iOS or a Mac OS X device into Microsoft Intune an Apple APN certificate is required. The Apple Push Notification Service (APN) is a service created by Apple. Therefore, for apps that are of non-pkg types, it requires admins to run commands on macOS either manually or as a script to create a signed app package (.intunemac file) that can be distributed using Intune.
This is a little something on the new option with Conditional Access, where you can specify restrictions for registering the end users security information used with Multi-Factor Authentication.
This is a nifty addition, enabling you to control when and where the security information can be added or changed, making sure it’s not an attacker who’s messing with the details. 2 fa app mac.
In this post i’m trying to put this into the context of enrolling a new device, in this example an iOS device, where MFA is required for enrollment.
If the enrollment is being done by a user who’s without security information (imagine a newly hired employee), the user is initially prompted to register the security information. Now also imagine this being done by an attacker instead. Not good. Therefore it’s desirable to control from where the registering of the security information can be done. Curious? Read on ?
For the completeness of this example, let’s begin with how you require MFA for enrolling devices into Intune using Conditional Access. This is quite easy:
- Log into the Microsoft 365 Device Management Portal: https://devicemanagement.microsoft.com
- Locate Conditional Access -> Policies and create a New policy:
- Give the new Conditional Access policy a suitable name and assign it to the desired users:
- Select the Microsoft Intune Enrollment app in Cloud apps or actions:
- In this example, I want to target all device platforms except Windows. Therefore I select Any device on the include tab:
- And exclude Windows on the Exclude tab:
- I don’t want MFA when enrolling Windows devices into Intune, as this is already restricted to corporate devices (enrollment restrictions).
- Select to grant access and Require multi-factor authentication and enable the policy once ready:
- Next, create another Conditional Access policy for the registering of security information:
- In the Conditions section, I limit the policy to iOS only (remember the explained scenario in the introduction?)
- This can obviously be done to suit any specific needs, but the case here is that I never want anyone to be able to register security information from iOS devices unless it’s done from corporate network.
- Also in the Conditions section, configure this to target Any location as shown below:
- And remember to exclude the trusted location(s). In this scenario, I want to be able to register and change my security information from home (this is a named location also found in Conditional Access)
- Finally, select to Block access and enable the policy once ready:
- Now, enrolling a device prompts for credentials as usual:
How To Enroll Macos Intune
- Seeing we require MFA in the process and the user currently doesn’t have any security information registered, the user is also prompted to provide additional information:
- Now, this is not allowed unless coming from my trusted location, so this is prevented as expected:
- Instead bringing the device online from my trusted location and running through the enrollment process once again, I’m now allowed to register my security information. Awesome!
ENJOY ?
The Cloud Connector simplifies the process of connecting a cloud-hosted Jamf Pro instance with Microsoft Intune. The Cloud Connector automates many of the steps needed to configure the macOS Intune Integration, including creating the Jamf Pro application in Microsoft Intune. When the connection is saved, Jamf Pro sends computer inventory information to Microsoft Intune and applies compliance policies to computers.
How To Enroll Macbook In Intune
Note: When configuring the connection between Jamf Pro and Microsoft Intune, you must use the Microsoft Azure website (portal.azure.com) and not the Microsoft Azure portal desktop app.
Important: Only the Cloud Connector can be used to connect multiple Jamf Pro instances to a single Azure AD tenant. Do not attempt to connect additional Jamf Pro instances using the manual connection method in conjunction with the Cloud Connector. This will prevent the Intune Integration from working correctly.
- Log in to Jamf Pro.
- In the top-right corner of the page, click Settings .
- Click Global Management. https://maximumbrown235.weebly.com/blog/the-best-anatomy-app-for-mac.
- Click Conditional Access.
- Click Edit.
- Select the Enable Intune Integration for macOS checkbox.
When this setting is selected, Jamf Pro sends inventory updates to Microsoft Intune. Deselect this setting if you want to disable the connection but save your configuration. - Select 'Cloud Connector' under Connection Type.
- From the Sovereign Cloud pop-up menu, select the location of your Sovereign Cloud from Microsoft.
- Select one of the following landing page options for computers that are not recognized by Microsoft Azure:
- The Default Jamf Pro Device Registration pageNote: Depending on the state of the computer, this option redirects users to either the Jamf Pro device enrollment portal (to enroll with Jamf Pro) or the Company Portal app (to register with Azure AD).
- The Access Denied page
- A custom webpage
- Click Connect. You are redirected to the application registration page in Microsoft.
- Enter your Microsoft Azure credentials and follow the onscreen instructions to grant the permissions requested by Microsoft.
After permissions have been granted for the Cloud Connector and the Cloud Connecter user registration app, you are redirected to the Application ID page. - Click Copy and open Intune. A new tab opens to the Partner device management blade in Microsoft Azure.
- Delete duplicate files mac app apple support. Paste the Application ID into the Specify the Azure Active Directory App ID for Jamf field.
- Click Save.
- Navigate back to the original tab and click Confirm. You are redirected back to Jamf Pro.
Jamf Pro completes and tests the configuration. The success or failure of the connection displays on the Conditional Access settings page. - (Optional) Repeat this process to connect additional Jamf Pro instances to the same Azure AD tenant.
When the connection between Jamf Pro and Microsoft Intune is successfully established, Jamf Pro sends inventory information to Microsoft Intune for each computer that is registered with Azure AD (registering with Azure AD is an end user workflow). You can view the Conditional Access Inventory State for a user and a computer in the Local User Account category of a computer’s inventory information in Jamf Pro.
Intune Mac Os
Note: If you connected multiple Jamf Pro instances to a single Azure AD tenant using the Cloud Connector and want to disable all connections, you must deselect the Enable Intune Integration for macOS checkbox in the Conditional Access settings for each instance.