Last fall, I wrote about the announcement with Jamf and Microsoft where Microsoft Azure Active Directory would be added as an authentication plugin for macOS developments. I’ve written extensively about the problem of identity management in the enterprise here at 9to5Mac, and this announcement was a breath of fresh air. A decade ago in IT, everything was about Active Directory. It was the first thing you interacted with, and everything was tied to that system. Post iPhone, things got a lot different.
The first step was C-level executives demanding IMAP enabled on their Exchange servers (iPhone OS didn’t support Exchange until 2.0). I believe that this showed Apple a shift was happening in the enterprise. For the first time, users were dictating the device, and how it was interacting with the network. The iPad came along next, and we were at place where two of the three devices a user might be assigned were not bound to the all mighty AD server. This shift only took three years, and in enterprise IT terms – that seems like seconds. Because of that, management got tricky for IT departments. They ended up with the devices that were not bound to Active Directory and could use any apps (with iPhone OS 2.0). As businesses started rolling out additional cloud services that didn’t always sync with Active Directory, identity management got messy for IT departments. With solutions like Jamf Connect, we’re starting to unify services (even at the cloud level) and the local device once again.
Jamf’s integration with Microsoft Azure AD is now available to all Jamf customers. This product comes following Jamf’s acquisition of Orchard & Grove who made the popular NoMAD solution. NoMAD has been folded into a single solution known as Jamf Connect (NoMAD’s open source solutions are still available).
“IT admins need a way to more easily manage their devices and keep them secure, without being bound to Active Directory. Jamf Connect delivers on this critical need by giving admins the flexibility to leverage local users controlled by the same policies that admins depend on from a directory service or identity provider. Jamf will continue to invest in integrations with top cloud identity providers like Azure AD to give admins simple authentication and account management capabilities while providing the best end-user experience.” – Dean Hager, CEO, Jamf.
Enterprise IT is moving to a world where the security is at the app and identity level (vs device), and Jamf is positioning itself as a bridge between the identity provider and the device. Whether you are using Okta or Microsoft Azure AD, you can easily bridge them with your macOS devices using Jamf Connect. If organizations reconsider who they want to use as a cloud provider, they can easily swap them in Jamf Connect for no additional charge. One interesting tidbit is that you can use supported Azure Active Directory multi-factor authentication methods at the macOS login window with Jamf Connect.
In talking with the folks from Jamf about this product release, it’s clear they envision a world where the cloud identity account (any cloud identity provider) is the authority (instead of the local account). With Jamf Connect, everything is synced back and forth (timing depends on your organization’s needs). One interesting use case that was mentioned to me is that it’s now possible for a help desk person to use their own account when troubleshooting a user’s machine vs having to use a generic username/password.
We’re working backward to get our IT technology back to the days of a single unified identity solution from device to services. Thanks to solutions like Jamf Connect with Microsoft Azure Active Directory, we’re getting much closer.
FTC: We use income earning auto affiliate links. More.