The first step was C-level executives demanding IMAP enabled on their Exchange servers (iPhone OS didn’t support Exchange until 2.0). I believe that this showed Apple a shift was happening in the enterprise. For the first time, users were dictating the device, and how it was interacting with the network. The iPad came along next, and we were at place where two of the three devices a user might be assigned were not bound to the all mighty AD server. This shift only took three years, and in enterprise IT terms – that seems like seconds. Because of that, management got tricky for IT departments. They ended up with the devices that were not bound to Active Directory and could use any apps (with iPhone OS 2.0). As businesses started rolling out additional cloud services that didn’t always sync with Active Directory, identity management got messy for IT departments. With solutions like Jamf Connect, we’re starting to unify services (even at the cloud level) and the local device once again.
Jamf’s integration with Microsoft Azure AD is now available to all Jamf customers. This product comes following Jamf’s acquisition of Orchard & Grove who made the popular NoMAD solution. NoMAD has been folded into a single solution known as Jamf Connect (NoMAD’s open source solutions are still available).
Enterprise IT is moving to a world where the security is at the app and identity level (vs device), and Jamf is positioning itself as a bridge between the identity provider and the device. Whether you are using Okta or Microsoft Azure AD, you can easily bridge them with your macOS devices using Jamf Connect. If organizations reconsider who they want to use as a cloud provider, they can easily swap them in Jamf Connect for no additional charge. One interesting tidbit is that you can use supported Azure Active Directory multi-factor authentication methods at the macOS login window with Jamf Connect.
In talking with the folks from Jamf about this product release, it’s clear they envision a world where the cloud identity account (any cloud identity provider) is the authority (instead of the local account). With Jamf Connect, everything is synced back and forth (timing depends on your organization’s needs). One interesting use case that was mentioned to me is that it’s now possible for a help desk person to use their own account when troubleshooting a user’s machine vs having to use a generic username/password.
We’re working backward to get our IT technology back to the days of a single unified identity solution from device to services. Thanks to solutions like Jamf Connect with Microsoft Azure Active Directory, we’re getting much closer.
Photo by Studio Republic on Unsplash