Posted on 07-19-2024 09:10 AM
Hello there....
We're migrating all our clients, windows and mac to microsoft defender for endpoint. For the mac clients id like to use the policies in the microsoft defender portal to keep them in the same place as the windows clients, which will hopefully make support a bit simpler.
I've followed the instructions in the link below, the mac I'm testing on shows up in the defender portal and I've created a mac endpoint security policy assigned to a group to apply. The problem is I cant add the mac to the group in intune as it doesn't exist.
I'm sure I've missed something, i can see there are ways to connect jamf and intune but I'm not sure what is the recommended way, does anyone have any info that might point me in the right direction?
Any help would be much appreciated
Posted on 07-19-2024 09:24 AM
If your Macs are in JAMF, you manage MDE via config profiles. To manage via Intune, your Macs would need to be enrolled in Intune not JAMF.
Posted on 07-22-2024 02:50 AM
Connecting Jamf Pro and Intune was called "Conditional Access", but this is deprecated and will be removed in Jamf Pro on 1st September 2024.
This process was redesigned, named "Device Complaince" in Jamf Pro now and is between Microsoft Entra ID and Jamf Pro. The documentation can be found here:
https://learn.jamf.com/en-US/bundle/technical-paper-microsoft-intune-current/page/Device_Compliance_...
Posted on 07-22-2024 07:42 AM
We use Jamf and were able to use native Defender policies by creating a dynamic device group in Azure that identified anything Mac. We then assigned the dynamic device group to the AV policy in the Defender Admin console to scope devices to the policy.
The dynamic device group was built by our Windows Endpoint Manager using Rule syntax:
(device.deviceOSType -eq "mac") and (device.deviceManagementAppId -eq "0000000a-0000-0000-c000-000000000000")
Posted on 05-12-2025 03:41 PM
Does this still work for you? I tried the same thing and it doesn't appear that any profiles are applying to Defender on the device.
Posted on 05-13-2025 07:28 AM
Yes, this is still working for us.
We first de-scoped the "MDATP MDAV configuration settings" configuration profile in Jamf that the Microsoft documentation has you create. Our Macs are automatically assigned to the dynamic device group Macs + Intune AAD-MEM-MDE-Mac using the rule syntax above, then that group is assigned to our AV-Mac-Workstation policy.