How to Use This Guide
For the best learning experience, follow the topics in order using the Contents panel on the left (mobile users: tap Table of Contents). Each topic builds on the previous one to guide you through the complete workflow. You can also use the search box in the top-right corner to find specific topics quickly.
Device compliance with Microsoft Entra and Jamf Pro allows organizations to ensure that only trusted users on compliant devices can access company resources hosted by Microsoft. You can integrate with Microsoft Entra using Microsoft's Partner Compliance Management API located in Microsoft Intune to apply conditional access policies on institutionally owned computers and mobile devices managed by Jamf Pro.
Jamf Pro delivers information about the management state and compliance status of computers and mobile devices to Microsoft Intune's Partner Compliance Connector, which forwards the data to Microsoft Entra ID (formerly Azure AD) for use with Conditional Access policies. Device compliance can be enforced using Jamf Pro's management capabilities and is calculated using Jamf Pro smart groups. Computer and mobile device records are available in Entra ID and devices listed in Entra ID are labeled as managed by "Microsoft Intune".
Integrating with Microsoft Entra to enforce device compliance involves the following steps: