Jamf and Microsoft - Which API?

Written By Bryce Carlson

Often there is confusion about the two different ways to connect Jamf and Microsoft services for macOS and iOS Device Compliance. There is the older Partner Device Management and the newer (since summer 2020) Partner Compliance Management. Here is a quick breakdown on the differences and abilities of the two as of this post.

PCM = Partner Compliance Management

  • Jamf is the MDM vendor the macOS or iOS/iPadOS device is enrolled with

  • Device record shows in AAD ONLY

  • Microsoft Authenticator is used for registration (iOS) to create a WPJ and AAD ID that lives in the Authenticator app, no public macOS GUI client exists at this time for WPJ

  • iOS only at this time for Jamf MDM devices

  • Started in Sept./Oct 2020

  • Compliance is calculated based off of a JSON file that is sent to MEM from Jamf Pro per device record based off smart group membership (so for lack of a better word Jamf decides compliance)

PDM = Partner Device Management

  • Jamf is the MDM vendor the macOS device is enrolled with

  • Device record shows in AAD and MEM/Intune

  • Company Portal is used for registration to create WPJ and stores a certificate used for authentication in the login.keychain

  • macOS only, and Jamf is the only vendor with access to it

  • Started in 2017

  • Compliance is calculated based off of a JSON file that is sent to MEM from Jamf Pro per device record that contains values MEM calculates from (EX: FileVault 2 status, Passcode status, etc)

Bryce Carlson
Next

Let’s Get Conditional - Jamf Pro Extension Attribute for AAD ID