Showing posts from April, 2023

Setup Device Compliance with Jamf and Intune

  Requirements: Azure user group created Jamf Pro Smartgroup created Global admin rights in Azure AD Admin account in Jamf Pro Steps to setup Device Compliance 1. Login to Jamf Pro and go to: Global-->Device Compliance-->Pick your Compliance Group (Jamf Pro Smartgroup)-->Pick your Applicable Group (Smart group containing all computers Jamf Pro uses to send a compliance status to Microsoft Intune.) 2. Enable the setting in Jamf Pro and you will be redirected to Azure permissions page. Click Accept on each one. 3. Click the Open Microsoft Endpoint Manager button 4. Click the Add compliance partner button 5. Pick Jamf Device Compliance 6. Click Add groups and add your user group you created in Azure AD. I created one called "All Users" 7. You should see a screen like this. 8. Click Confirm 9. Now wait for the activation to apply. 10. Now the connection is complete and you can start registering devices via Company Portal. 11. Important with the new workflow Macs only sho

Change Jamf Management Account

 There are times when you sometimes run across this message on a Jamf Instance. So to fix this doesn't seem to be an easy task. Thanks to Jamf API call I have a script which will do all the steps to change this over for you with the exception of one step we can easily use a policy for. This is what the script does: 1. Create a new local admin account. 2. Jamf API call to change the management account to this new local account 3. Send a Jamf recon at the end. Taking this script we can build a policy that looks like this: Scope this out to Macs and once this is done edit this setting in Jamf Pro to your local username.