Nov 29, 2019 Manage clients from the Devices node. Depending on the device type, some of these options might not be available. In the Configuration Manager console, go to the Assets and Compliance workspace, and select the Devices node.

When your organization uses Jamf Pro to manage macOS devices, you can use Microsoft Intune compliance policies with Azure Active Directory (Azure AD) Conditional Access to ensure devices in your organization are compliant before they can access company resources. This article will help you configure Jamf integration with Intune.

When Jamf Pro integrates with Intune, you can sync the inventory data from macOS devices with Intune, through Azure AD. Intune's compliance engine then analyzes the inventory data to generate a report. Intune's analysis is combined with intelligence about the device user’s Azure AD identity to drive enforcement through Conditional Access. Devices that are compliant with the Conditional Access policies can gain access to protected company resources.

After you configure integration, you'll then configure Jamf and Intune to enforce compliance with Conditional Access on devices managed by Jamf.

Prerequisites

Products and services

You need the following to configure Conditional Access with Jamf Pro:

• Jamf Pro 10.1.0 or later
• macOS devices with OS X 10.12 Yosemite or later

Network ports

The following ports should be accessible for Jamf and Intune to integrate correctly:

• Intune: Port 443
• Apple: Ports 2195, 2196, and 5223 (push notifications to Intune)
• Jamf: Ports 80 and 5223

To allow APNS to function correctly on the network, you must also enable outgoing connections to, and redirects from:

• the Apple 17.0.0.0/8 block over TCP ports 5223 and 443 from all client networks.
• ports 2195 and 2196 from Jamf Pro servers.

For more information about these ports, see the following articles:

• Intune network configuration requirements and bandwidth.
• Network Ports Used by Jamf Pro on jamf.com.
• TCP and UDP ports used by Apple software products on support.apple.com

Connect Intune to Jamf Pro

To connect Intune with Jamf Pro:

1. Create a new application in Azure.
2. Enable Intune to integrate with Jamf Pro.
3. Configure Conditional Access in Jamf Pro.

Create an application in Azure Active Directory

1. In the Azure portal, go to Azure Active Directory > App Registrations, and then select New registration.

2. On the Register an application page, specify the following details:

   • In the Name section, enter a meaningful application name, for example Jamf Conditional Access.
   • For the Supported account types section, select Accounts in any organizational directory.
   • For Redirect URI, leave the default of Web, and then specify the URL for your Jamf Pro instance.

3. Select Register to create the application and to open the Overview page for the new app.

4. On the app Overview page, copy the Application (client) ID value and record it for later use. You'll need this value in later procedures.

5. Select Certificates & secrets under Manage. Select the New client secret button. Enter a value in Description, select any option for Expires and choose Add.

   Important

   Before you leave this page, copy the value for the client secret and record it for later use. You will need this value in later procedures. This value isn’t available again, without recreating the app registration.

6. Select API permissions under Manage.

7. On the API permissions page, remove all permissions from this app by selecting the ... icon next to each existing permission. Note that this is required; the integration will not succeed if there are any unexpected extra permissions in this app registration.

8. Next, we will add permissions to update device attributes. At the top left of the API permissions page, select Add a permission to add a new permission.

9. On the Request API permissions page, select Intune, and then select Application permissions. Select only the check box for update_device_attributes and save the new permission.

10. Next, grant admin consent for this app by selecting Grant admin consent for <your tenant> in the top left of the API permissions page. You may need to re-authenticate your account in the new window and grant the application access by following the prompts.

11. Refresh the page by click on the Refresh button at the top of the page. Confirm that admin consent has been granted for the update_device_attributes permission.

12. After the app is registered successfully, the API permissions should only contain one permission called update_device_attributes and should appear as follows:

Combine Microsoft Docs Mac Pro

The app registration process in Azure AD is complete.

Enable Intune to integrate with Jamf Pro

1. Sign in to the Microsoft Endpoint Manager admin center.

2. Select Tenant administration > Connectors and tokens > Partner device management.

3. Enable the Compliance Connector for Jamf by pasting the Application ID you saved during the previous procedure into the Specify the Azure Active Directory App ID for Jamf field.

4. Select Save.

Configure Microsoft Intune Integration in Jamf Pro

1. Activate the connection in the Jamf Pro console:

   1. Open the Jamf Pro console and navigate to Global Management > Conditional Access. Click the Edit button on the macOS Intune Integration tab.
   2. Select the check box for Enable Intune Integration for macOS.
   3. Provide the required information about your Azure tenant, including Location, Domain name, the Application ID, and the value for the client secret that you saved when you created the app in Azure AD.
   4. Select Save. Jamf Pro tests your settings and verifies your success.

   Return to the Partner device management page in Intune to complete the configuration.

2. In Intune, go to the Partner device management page. Under Connector Settings configure groups for assignment:

   • Select Include and specify which User groups you want to target for macOS enrollment with Jamf.
   • Use Exclude to select groups of Users that won’t enroll with Jamf and instead will enroll their Macs directly with Intune.

   Exclude overrides Include, which means any device that is in both groups is excluded from Jamf and directed to enroll with Intune.

   Note

   This method of including and excluding user groups affects the enrollment experience of the user. Any user with a Mac thats already enrolled in either Jamf or Intune who is then targeted to enroll with the other MDM must unenroll their device and then re-enroll it with the new MDM before management of the device works properly.

3. Select Evaluate to determine how many devices will be enrolled with Jamf, based on your group configurations.

4. Select Save when you’re ready to apply the configuration.

5. To proceed, you will next need to use Jamf to deploy the Company Portal for Mac so that users can register their devices to Intune.

Set up compliance policies and register devices

After you configure integration between Intune and Jamf, you need to apply compliance policies to Jamf-managed devices.

Combine Microsoft Docs Mac 2017

Disconnect Jamf Pro and Intune

If you no longer use Jamf Pro to manage Macs in your organization and want users to be managed by Intune, you must remove the connection between Jamf Pro and Intune. Remove the connection by using the Jamf Pro console.

1. In Jamf Pro, go to Global Management > Conditional Access. On the macOS Intune Integration tab, select Edit.

2. Clear the Enable Intune Integration for macOS check box.

3. Select Save. Jamf Pro sends your configuration to Intune and the integration will be terminated.

4. Sign in to the Microsoft Endpoint Manager admin center.

5. Select Tenant administration > Connectors and tokens > Partner device management to verify that the status is now Terminated.

   Note

   Your organization's Mac devices will be removed at the date (3 months) shown in your console.

Next steps

Git is a distributed version control system that allows teams to work on the same documents simultaneously. This means that there is a central server that contains all the files, but when a repository is checked out from this central source, the entire repository is cloned to the local machine.

The sections below will explore how Git can be used for version control in Visual Studio for Mac.

Git version control menu

The image below illustrates the options provided by Visual Studio for Mac by the Version Control menu item:

Push and Pull

Pushing and Pulling are two of the most commonly used actions within Git. To synchronize changes that other people have made to the remote repository, you must Pull from there. This is done in Visual Studio for Mac by selecting Version Control > Update Solution.

Once you have updated your files, reviewed and committed them, you must then Push them to the remote repository to allow others to access your changes. This is done in Visual Studio for Mac by selecting Version Control > Push Changes. This will display the Push dialog, allowing you to view the committed changes, and select the branch to push to:

You can also Commit and Push your changes at the same time, via the Commit dialog:

Blame, Log, and Merge

At the bottom of the window, there are five tabs displayed, as illustrated below:

These allow the following actions:

• Source - Displays your source code file.

• Changes - Displays the change in code between your local file and the base file. You can also compare different versions of the file from different hashes:

• Blame - Displays the username of the user associated with each section of code.

• Log - Displays all the commits, times, dates, messages, and users that are responsible for the file:

• Merge - This can be used if you have a merge conflict when committing your work. It shows a visual representation of the changes made by you and the other developer, allowing you to combine both sections of code cleanly.

Switching branches

By default, the first branch created in a repository is known as the Master branch. There isn't technically anything different between the master branch and any other, but the master branch is the one that is most often thought of in development teams as the 'live' or 'production' branch.

An independent line of development can be created by branching off Master (or any other branch, for that matter). This provides a new version of the master branch at a point in time, allowing for development independently of what is 'live.' Using branches in this way is often used for features in software development

Users can create as many branches as they like for each repository, but it is recommended that once they have finished using a branch, it is deleted it to keep the repository organized.

Branches are viewed in Visual Studio for Mac by browsing to Version Control > Manage Branches and Remotes...:

Switch to another branch by selecting it in the list and pressing the Switch to Branch button.

To create a new branch select the New button in the Git repository configuration dialog. Enter the new branch name:

You can also set a remote branch to your tracking branch. Read more about tracking branches in the Git documentation.

See the current branch in the Solution Pad, next to the project name:

Combine Microsoft Docs Mac Free

Reviewing and committing

To review changes in the files, use the Changes, Blame, Log, and Merge tabs on each document, illustrated earlier in this topic.

Combine Microsoft Docs Mac 2017

Review all changes in your project by browsing to the Version Control > Review Solution and Commit menu item:

This allows viewing of all the changes in each file of a project with the option to Revert, Create a Patch, or Commit.

To commit a file to the remote repository, press Commit, enter a commit message, and confirm with the Commit Button:

Once you have committed your changes, push them to the remote repository to allow other users to see them.

Free Word Doc For Mac

Related Video

See also