Help

microsoft defender for endpoint - jamf pro

uoc
New Contributor

Posted on ‎07-19-2024 09:10 AM

Hello there....

We're migrating all our clients, windows and mac to microsoft defender for endpoint. For the mac clients id like to use the policies in the microsoft defender portal to keep them in the same place as the windows clients, which will hopefully make support a bit simpler.

I've followed the instructions in the link below,  the mac I'm testing on shows up in the defender portal and I've created a mac endpoint security policy assigned to a group to apply. The problem is I cant add the mac to the group in intune as it doesn't exist.

I'm sure I've missed something, i can see there are ways to connect jamf and intune but I'm not sure what is the recommended way, does anyone have any info that might point me in the right direction?

Any help would be much appreciated

 

 Set up the Microsoft Defender for Endpoint on macOS policies in Jamf Pro - Microsoft Defender for En...

0 Kudos
Reply
5 REPLIES 5

jamf-42
Valued Contributor III

Posted on ‎07-19-2024 09:24 AM

If your Macs are in JAMF, you manage MDE via config profiles. To manage via Intune, your Macs would need to be enrolled in Intune not JAMF. 

0 Kudos
Reply

RaGL
Contributor

Posted on ‎07-22-2024 02:50 AM

Connecting Jamf Pro and Intune was called "Conditional Access", but this is deprecated and will be removed in Jamf Pro on 1st September 2024.

This process was redesigned, named "Device Complaince" in Jamf Pro now and is between Microsoft Entra ID and Jamf Pro. The documentation can be found here:
https://learn.jamf.com/en-US/bundle/technical-paper-microsoft-intune-current/page/Device_Compliance_...

0 Kudos
Reply

joboo72
New Contributor II

Posted on ‎07-22-2024 07:42 AM

We use Jamf and were able to use native Defender policies by creating a dynamic device group in Azure that identified anything Mac. We then assigned the dynamic device group to the AV policy in the Defender Admin console to scope devices to the policy.

The dynamic device group was built by our Windows Endpoint Manager using Rule syntax:

(device.deviceOSType -eq "mac") and (device.deviceManagementAppId -eq "0000000a-0000-0000-c000-000000000000")

0 Kudos
Reply

RDowson
New Contributor III
In response to joboo72

Posted on ‎05-12-2025 03:41 PM

Does this still work for you? I tried the same thing and it doesn't appear that any profiles are applying to Defender on the device.

0 Kudos
Reply

joboo72
New Contributor II
In response to RDowson

Posted on ‎05-13-2025 07:28 AM

Yes, this is still working for us.

We first de-scoped the "MDATP MDAV configuration settings" configuration profile in Jamf that the Microsoft documentation has you create. Our Macs are automatically assigned to the dynamic device group Macs + Intune AAD-MEM-MDE-Mac using the rule syntax above, then that group is assigned to our AV-Mac-Workstation policy. 

0 Kudos
Reply