To leverage Intune’s security and access control features without replacing your current MDM, you can use Intune as a compliance partner. This setup allows your third-party MDM to manage the device, while Intune handles Conditional Access and app-level protection. Here’s how it works:
Integration Strategy: Intune + Third-Party MDM
✅ Step 1: Use Third-Party MDM for Device Management
Your current MDM (e.g., Jamf, Workspace ONE, etc.) continues to:
- Enroll and manage iOS devices
- Push device configurations, restrictions, and apps
✅ Step 2: Connect MDM to Intune as a Compliance Partner
This enables:
- Your MDM to report device compliance status to Intune
- Intune to use that data for Conditional Access via Microsoft Entra ID
✅ Step 3: Apply Intune Conditional Access Policies
You can enforce:
- Access to Microsoft 365 apps (Outlook, Teams, OneDrive, etc.)
- Restrictions based on device compliance (e.g., block access if jailbroken or out-of-date)
- Multi-factor authentication and location-based access
✅ Step 4: Use Intune MAM (App Protection Policies)
Even if the device is managed by another MDM, you can:
- Apply app-level data protection to Microsoft apps
- Prevent data leakage (e.g., copy/paste restrictions, encryption)
- Wipe corporate data from apps without affecting personal data
5. Deploy MAM policies to unmanaged or third-party managed devices.
How to Connect MDM to Intune as a Compliance Partner
To connect a third-party MDM (like Jamf, Workspace ONE, or others) to Microsoft Intune as a compliance partner, follow these steps to enable Conditional Access and device compliance integration:
🔧 Step-by-Step: Integrate Third-Party MDM with Intune
✅ 1. Prerequisites
- Microsoft Intune subscription
- Microsoft Entra ID P1 or P2 license
- Subscription with the third-party MDM (e.g., Jamf Pro, Workspace ONE)
- Devices enrolled in the third-party MDM
- Admin access to both Intune and the third-party MDM portal
✅ 2. Configure Intune to Accept Compliance Data
- Sign in to the Intune Admin Center.
- Navigate to:
Tenant Administration > Connectors and Tokens > Partner Compliance Management - Click Add Compliance Partner.
- Select your MDM provider (e.g., Jamf Pro, Workspace ONE).
- Enter the required App ID and Client Secret from your third-party MDM’s Azure app registration .
✅ 3. Register the Third-Party App in Microsoft Entra ID
- Go to Microsoft Entra ID > App registrations.
- Click New registration:
- Name: e.g.,
Jamf Compliance Connector - Supported account types:
Accounts in any organizational directory - Redirect URI: URL of your MDM instance
- Name: e.g.,
- After registration:
- Copy the Application (Client) ID
- Create a Client Secret
- Assign API permissions:
update_device_attributes(Intune)Application.Read.All(Microsoft Graph)- Grant admin consent
✅ 4. Configure the Third-Party MDM to Send Compliance Data
In your MDM console (e.g., Jamf Pro):
- Go to Global Management > Conditional Access.
- Enable Intune Integration for macOS.
- Enter:
- Microsoft Entra tenant name
- Application ID and Client Secret
- Save and test the connection .
✅ 5. Assign User Groups in Intune
Back in Intune:
- Under Partner Device Management, configure:
- Include: User groups whose devices are managed by the third-party MDM
- Exclude: Groups that should enroll directly with Intune
- Click Evaluate to preview affected devices.
- Click Save to apply .
✅ 6. Deploy Company Portal App (Optional)
If needed, deploy the Intune Company Portal via your third-party MDM to support app-level registration and compliance reporting.
✅ Result: Conditional Access with Intune
Once integrated:
- Devices managed by your third-party MDM report compliance status to Intune.
- Intune uses this data in Microsoft Entra Conditional Access to allow or block access to resources like Microsoft 365, SharePoint, Teams, etc.
Looking for a new IT Partner?
Talk to us about your current business needs and future IT goals, so we can help choose the right technology to move your business forwards.