This is limited to Jamf Cloud customers only (no on-premise or 3rd party hosted options at this time I’m afraid) and, amongst other things, allows you to connect multiple Jamf Pro instances to a single Azure AD tenant for the Jamf Pro / Intune* device compliance solution. This is a mixture of a few smaller things I’ve seen in testing that I’d not seen written up anywhere and thought it’d be worth sharing.First up, What is the Jamf Cloud Connector?The Jamf Cloud Connector is a new feature added to Jamf Pro a few months back. Most Mac Admins use a device management tool be it agentless (ie MDM.Migrating macOS Devi… on Migrating macOS Devices from o…Dazwallace on Moving devices from Adobe Shar…Foigus on Moving devices from Adobe Shar…Dazwallace on Uninstalling Adobe SoftwareFor this post, I thought I’d share a mixture of things in and around Jamf Pro, the Intune* integration, and the new Jamf Cloud Connector. MacAdmins at PSU 2021: Campfire Sessions – What’s new with Adobe 2021 in EducationOne of the best things you can do to boost productivity and save yourself time is. Download the installer package file to your local network, and then. There are two basic ways that you, as an admin, can deploy Office to Mac users in your organization: Provide your Mac users with the installer package file, and have them install Office for themselves.They could approve this, complete the setup their side and all worked well. It’s also worth noting at this point that the previous manual method is still an option (and the only option if you are not hosted with Jamf Cloud).With the background out the way, I’ll share some of the odd bits and pieces I’ve seen in testing so far.First thing I noticed with the Jamf Cloud Connector method, is it’s no longer possible to ‘just’ pass over the Consent URL to your Global Administrator (or equivalent) as before.What do I mean by that? Well, with the previous manual setup, you could configure the Jamf Pro side, then grab the Consent URL for your Azure Global Administrator (GA) to approve. The initial setup process (the Jamf Pro to Intune* connection) is also a little easier than the previous manual method.
Best Tools Admins Install Office ForI was using the same physical device when testing the Intune* connection on both Jamf instances. Work side by side with your Azure GA to enter their credentials at the Azure screen/s as required (not always ideal in a COVID world!)The next thing I came across was in testing enrolments between multiple instances. Apply to get (temporary) Azure GA for your Jamf administrator, and set everything up Give your Azure GA admin access to the Jamf instance/s to set everything up As a result, you’d either need to: Java jdk for macShortly after which Self Service / Jamf AAD popped up a message to say that device registration failed due to the user closing Company Portal too soon.This same behaviour was repeated when I re-ran registration, wiped and re-deployed the device, and also after removing the device from Azure AD (and waiting the 30-60 minutes for things to settle down).In the end, the resolution was to remove the old device record from the first Jamf Pro server (Jamf Pro instance “A” above). I selected the “done” button and Company Portal closed. The Company Portal launched as normal, but showed the “This device is already registered” message. All worked fine, until it came to the Intune* registration. How much to purchase microsoft office for mac home editionUsers should click “Continue” and the message will disappear and all will be happy!Something to be aware of and perhaps pre-warn your users about if you’ll be looking to migrate your setup.Something a little different from the last few posts I’ve done, but I hope there’s enough helpful information there to help someone out, and save you some faff.As always, if you have any questions, queries or comments, let me know below (or in Mac Admins Slack) and I’ll try to respond to and delve into as many as I can.* I’ve used the term Intune here as its familiar to most people who’d be working through the above. Each user with a device already registered with Intune* will see a popup along the lines of “JamfAAD.app” wants to use “microsoftonline.com” to sign in, with the options to Continue or Cancel. Once the setting is saved and the connection confirmed (should be within 5 minutes) devices should be fine and stay compliant.All of the above went off without a hitch, however one thing we did see that wasn’t mentioned is that users will see a popup from JamfAAD (the solution that handles the local aspects of the Intune* registration and data submission). This is something you’d need to do if you had a requirement to link two or more Jamf Cloud instances to the same Azure AD tenant.After some calls with Jamf Support, it’s as simple as hitting the edit option under “Settings” > “Global Management” > “Conditional Access”, selecting the “Cloud Connector” option, and following the rest of the steps to set this up (don’t forget the documentation here). Sound Mac Guy – The Adobe User Sync Tool – I’ve got that “syncing” feeling Adobe – Set up Google federation for SSO with Adobe Adobe – Authenticate your users with Microsoft Azure StandardWhat’s new with Adobe 2021 in Education.pdf Download Link DumpAs promised, heres a list of URLs from the presentation, as well as some further reading suggestions: Consult your Microsoft documentation for more details.
0 Comments
Leave a Reply. |
AuthorSteve ArchivesCategories |