8/11/2023 0 Comments Jamf pro portsYou might even be wondering if you couldn’t just use the same Azure app you just set up for Intune. You probably already did the same basic setup as what we’re about to describe here. ![]() If you’re already using Microsoft Intune/Endpoint Manager to deploy AD CS-sourced certs to your Windows clients, this will sound really familiar to you. In the case we’re talking about here, Jamf Pro is the client (the little blue person above) and NDES is the “Application”. This Microsoft diagram shows the basic traffic flow… Clients like Jamf Pro will connect to the cloud URL provided by the Azure Application Proxy Service and the internal Microsoft Application Proxy Connector will reach outbound to the Azure proxy to retrieve HTTP connections. Microsoft Azure AD Application Proxy can be used to solve this problem.Īzure AD App Proxy includes two components, a cloud-based Proxy to which clients will connect instead of your internal resource’s URL, and an “Application Proxy Connector” that you’ll install on an internal Windows server. This is a common issue for every app that an organization is moving to the cloud or implementing as SaaS but which requires connection to internal IT resources. ![]() But connections from the DMZ to internal networks should be avoided where possible, so it would be even better if the network connections were initiated outbound from the internal network. Since these servers typically run on internal networks, the network admin would need to create a route where they pass internet traffic through a reverse proxy or load balancer in their DMZ network zone. This can get more complicated when hosting Jamf Pro on Jamf Cloud because many will be reluctant to set up an internet-facing CA or SCEP server. Jamf Pro can deliver certificates to managed devices if you integrate it with a certificate authority. Read this Microsoft document that deals with this issue: Integrate with Azure AD Application Proxy on a Network Device Enrollment Service (NDES) server You may have SaaS or remote clients that need access to SCEP cert provisioning but your security team may not allow inbound connections from the DMZ to the internal network where your NDES Server is located.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |