![]() ![]() I am assuming you already have Jamf Pro running, that is a requirement before we go any further. This again will allow you to have conditional access policies to control that only compliant Mac’s are allowed to access your corporate Office 365 environment. This post is not meant to learn you how to manage you Mac’s, but rather how you can integrate your Jamf Pro with Azure AD and Intune so that your Jamf managed Mac’s shows up as compliant devices in Azure AD. Intune standalone or Configuration Manager does not give you a way to have deep management of Mac’s today. Then you should take a look at what Jamf Pro can give you. The script can also be found on GitHub below.If you have Apple Mac’s in your environment and want to use Conditional Access to control access to your Azure AD integrated applications and data, like Office 365. ![]() Membership=$(dscl /Active\ Directory/"$domain"/All\ Domains read /Users/$assignedUser dsAttrTypeNative:memberOf | egrep 'ADGroupX|ADGroupY') This value is only used in the Azure AD UI. In the Create app role pane, do the following: Enter a role name, such as Administrator, in the Display Name field. Click App registrations, and then select your Jamf Connect app registration. Response=$(curl -v -k -u apiComputerReadUsername:apiComputerReadPassword -H "Accept: application/xml" -H "Content-Type: application/xml" assignedUser=$(echo $response | xpath '/computer/location/username/text()' 2>/dev/null)ĭomain=$(dscl /Active\ Directory/ -read. Click the Azure Active Directory in the left sidebar. SerialNumber=$(ioreg -l | awk -F'"' '/IOPlatformSerialNumber/ ') # In this example, the target groups are "ADGroupX" and "ADGroupY" # Is the user assigned to this computer a member of a given AD group or groups. This script can certainly be cleaned up a bit but does the job effectively. Jump to Azure AD Domain Services config Jump to Azure AD LDAPs config Jump to Jamf Pro Azure LDAP mappings. After this we’ll have a look at the default mapping settings in Jamf Pro. Determine if “username” is a member of “ADGroupX” or “ADGroupY” Nevertheless, let’s run through the different steps on a high level overview, and try to highlight some important notes.Get the domain via dscl (computer must be bound to AD).Harvest the contents of the “username” field Fortunately, Jamf Connect fully supports Azure AD and allows users to simply sign in to their Mac using their existing Microsoft credentials.Pull the computer record via the Jamf Pro API.In the example below, the script will return a “Yes” result if the user to which the computer is assigned in Jamf Pro is a member of the groups “ADGroupX” or “ADGroupY”. Enter Jamf Connect or something similar the Name field. Configure devices to register with Azure AD when the device user signs in to the Company Portal app they start from within the Jamf Self Service app. Enter Jamf Connect or something similar the Name field. Click App registrations, and then click new registration. Click the Azure Active Directory in the left sidebar. Click App registrations, and then click new registration. To integrate with Azure AD, you must create an app registration for Jamf Connect. When Jamf Pro is performing lookups in Azure AD, it is in a read-only state. After the application is added, the session is terminated. This means is that the application in Azure AD does not need to be manually created. Click the Azure Active Directory in the left sidebar. After successful authentication, an application for Jamf Pro is automatically added in Azure AD to use the Graph API. This is an extension attribute script to determine if the user assigned to the computer is a member of a given AD group or groups. To integrate with Azure AD, you must create an app registration for Jamf Connect.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |