How Jamf plans to let Microsoft Endpoint manage enterprise iPhones
While it's widely known that Apple is enjoying growing use across the enterprise, it's also true that employee choice means most businesses must support multiple platforms. A new solution promises to make that task a little easier.
Managing hybrid environments with Azure
Jamf is currently previewing its new iOS Device Compliance solution and expects to introduce it later this year. What does it do?
Microsoft corporate Vice President Brad Anderson explains:
That's what this solution provides. It lets IT teams "consolidate management of employee devices, while not losing the ability to provide key ecosystem-specific functionality," he said.
iOS Device Compliance relies on Microsoft Endpoint Manager, which can see things such as compliance status and device information that relates to the Apple systems.
This isn't completely new (though support for iOS is).
Jamf and Microsoft already offer Conditional Access for Macs, which they developed in 2017; it included the ability to share inventory data from Jamf Pro to Microsoft Intune.
It's important to recall Anderson's comment last year that Microsoft Office runs on millions of Macs while Office Mobile is in use on more than 90 million iOS and Android devices.
That means it's reasonable to protect those devices, and the information on them. This is even more vital when you consider how many enterprises are now working remotely as they navigate the COVID-19 pandemic.
How this works
The idea is that in order to access enterprise applications connected with Azure Active Directory, users must first register the device(s) they want to use with those apps (including Microsoft 365 apps).
When they try to register an iOS device, Jamf will gather information concerning device compliance to ascribed security policies, and will share device information with Microsoft Endpoint Manager for review.
The latter will then assess device compliance and then use Azure Active Directory to dynamically grant or deny access. Users will be told what they must do to raise compliance in the event their request is rejected.
Just as on the Mac, the Apple device is managed by Jamf, but access and compliance for that device is handled by Microsoft.
One useful selling point (at least on the Mac) is that devices are not required to pass through the proxy, which makes the protection more robust.
The advantage is that business users should find it easier to run mixed-platform networks and support employee choice programs. IT can use Jamf to manage the Apple devices, while also being able to make use of Azure Active Directory to power Conditional Access settings. That allows only trusted users on security compliant devices to access anything - and IT can even control which apps are able to access this information.
It goes beyond this - IT can also prevent authorized users from using devices that don't comply with their security policies.
What does Jamf say?
"We know IT teams want the simplicity of managing and securing all their devices within a single pane, while still providing the intended Apple experience employees demand and deserve," said Jamf CTO Jason Wudi in a statement.
"Jamf and Microsoft have a long history of collaborating to better empower the end user and IT, and today's announcement of iOS device compliance shows we are committed to continuing to innovate to make the modern management experience better for enterprises growing their Apple fleet."
Microsoft's move to support the provision of such protection is another illustration of the extent to which the enterprise IT environment has changed in recent years. It proves that even the Windows developer recognizes it must support multiple platforms, reflecting the vision of Microsoft CEO Satya Nadella.
Please follow me on Twitter, or join me in the AppleHolic's bar & grill and Apple Discussions groups on MeWe.