Apple Device Endpoint Management with Jamf Pro
Trinity has begun using Jamf Pro to provide a comprehensive management solution for Apple macOS and tvOS systems.
Jamf allows us to secure Trinity-owned Apple devices proactively by maintaining systems and software, limiting exposure and responding to security threats, distributing settings, identifying hardware problems, and analyzing inventory data. It enables us to deploy new operating system builds, applications, and the latest updates to Apple devices quickly and cost-effectively. Jamf assures that every college-owned Apple device managed on our network can remain current and be protected from exploitation of software vulnerabilities. Additionally, it improves overall network security for the campus. We are securing hundreds of devices already, but we are still in the early stages of this rollout. If you would like to learn more about Jamf Pro, please read below, contact the Help Desk, or visit the Jamf website.
What benefits do we receive from Jamf Pro?
- Reliability: Devices quickly receive patches and updates with minimal user interaction or disruption.
- Security: IT can ensure that critical patches get installed on your device.
- No Apple ID Required: Users can now get apps without an Apple ID. Apple ID is still available for use if required, or departments can even request that the App Store be disabled.
- Apps Provided: there is a second “App Store” called Self Service that contains many of the most commonly requested apps, including all the leading Microsoft, Google, and Apple productivity apps. Users can still order additional apps from Information Technology Services, placed in the Trinity company portal.
- Privacy & Confidentiality: User data and files remain confidential. Also, a remote wipe of a device can be requested and completed if a device is lost or stolen.
- Consistency: Devices can all have standard settings, certificates, and other required Trinity settings automatically handled.
- Recover Stolen Devices: Jamf can remotely lock a device and retrieve its location if reported to be lost or stolen.
How do updates work?
Jamf’s software updates and patching will usually be invisible to you. Software updates are downloaded to your computer in the background at a speed that allows your computer tasks to proceed without interruption or delay. App Store updates are installed daily around midnight, where 3rd party apps might have their schedule. Microsoft apps are updated monthly and installed automatically if the programs are closed. When programs are open, the alerts look like this:
How is new software installed?
Most new software installations can be initiated by users just as they always have done. Applications provided by the college will be provided through Jamf’s Self Service app, located in Applications (see below), while some software will be deployed as needed or requested.
What is Self Service?
Self Service is similar to Apple’s App Store, but it provides college-approved software for college-owned Apple systems. Software purchased through Trinity’s Information Technology Services will also be available for download through Self Service. Self Service gives you the flexibility of choosing what to install and when to install it. To access Self Service, open your Applications folder and double click Self Service, and it will open in a new window. Double-click any application to install it.
Can I connect to Self Service when I am off-campus?
What changes does the installation of Jamf make to a Mac?
Jamf installs the agent to your computer. The agent runs in the background and will not interfere with the operation of your computer. Additionally, Jamf installs the Self Service application and Profiles in System Preferences.
Who supports Jamf?
The Library and Information Technology Division administers the system, but the configuration is coordinated closely with the Distributed Computing Specialists Team.
How does Jamf work?
A Jamf infrastructure is a cloud-based group of servers that communicate with Trinity Colleges’ infrastructure to provide a database of device and user information and data storage for programs, applications, and updates. Jamf also utilizes Apple’s Mobile Device Management framework and Device Enrollment Program to remotely provision and secure all types of institutionally owned Apple devices. As a part of this process, Apple installs a small software utility known as an “agent” to communicate with the servers. This agent inventories hardware specifications and software installation information and provides the automated installation of software updates and security patches. Included with the agent is another application called Self Service, which is described elsewhere on this page.
Additionally, all client/server communication was encrypted by a certificate when the agent was installed.
What information does Jamf collect?
Trinity‘s implementation of Jamf collects only the data needed to support devices running macOS or tvOS operating systems. This information includes:
- Hardware Specifications
- Installed Applications & Usage
- Services Running
- Available Software Updates
- Local User Accounts and Login/Logout Timestamps
- Security Status (Firewall, SSH, etc.)
- Connected Peripheral Devices
What if I have other questions?
Don’t hesitate to get in touch with the Library & Information Technology Services Division for more information.