Apple Device Managment with Jamf Pro
Trinity has begun using Jamf Pro enterprise mobility management to provide a comprehensive management solution for Apple macOS, iOS, and tvOS systems.
Jamf allows us to manage Trinity-owned Apple devices proactively by maintaining systems and software, limiting exposure and responding to security threats, distributing settings, identifying potential and actual hardware problems, and analyzing inventory data. It enables us to deploy new operating system builds, applications, and the latest updates to Apple devices quickly and cost-effectively. This assures that every college-owned Apple device managed on our network can remain current and be protected from exploitation of software vulnerabilities. Additionally, it improves overall network security for the campus. We are managing hundreds of devices already, but we are still in the early stages of this rollout. If you would like to learn more about Jamf Pro, please read below, contact the Help Desk, or visit the Jamf website.
What benefits do we receive from Jamf Pro?
- Reliability: Devices quickly receive patches and updates with minimal user interaction or disruption.
- Security: IT can ensure that critical patches are installed on your device.
- No Apple ID Required: Users can now get apps without needing an Apple ID. Apple ID is still available for use if required, or departments can even request that the App Store be disabled.
- Apps Provided: there is a second “App Store” called Self Service that contains many of the most commonly requested apps, including all the leading Microsoft, Google, and Apple productivity apps. Additional apps can still be ordered from Information Technology Services, which can be assigned to specific users, specific computers, a whole department, or even campus-wide. Again, no Apple ID is required to install these.
- Privacy & Confidentiality: User data and files remain confidential. No personal information is collected, such as the contents or names of individual files (documents, email, etc.) or any browsing history. Also, a remote wipe of a device can be requested and completed if a device is lost or stolen.
- Consistency: Devices can all have standard settings, certificates, and other required Trinity settings automatically taken care of.
- Recover Stolen Devices: Jamf can remotely lock a device and retrieve its location if reported to be lost or stolen
How do updates work?
Jamf’s software updates and patching will usually be invisible to you. Software updates are downloaded to your computer in the background at a speed that allows your computer tasks to proceed without interruption or delay. App Store updates are installed daily around midnight, where 3rd party apps might have their schedule. Microsoft apps are updated monthly and install automatically if the programs are closed. When programs are open, the alerts look like this:
How is new software installed?
Most new software installations can be initiated by users just as they always have done. Applications provided by the college will be provided through Jamf’s Self Service app, located in Applications (see below), while some software will be deployed as needed or requested.
What is Self Service?
Self Service is similar to Apple’s App Store, but it provides college-approved software for college-owned Apple systems. Software purchased through Trinity’s Information Technology Services will also be available for download through Self Service. Self Service gives you the flexibility of choosing what to install and when to install it. To access Self Service, open your Applications folder and double click Self Service, and it will open in a new window. Double-click any application to install it.
Can I connect to Self Service when I am off-campus?
What changes does the installation of Jamf make to a Mac?
Jamf installs the agent to your computer. The agent runs in the background and will not interfere with the operation of your computer. Additionally, Jamf installs the Self Service application and Profiles in System Preferences.
Who supports Jamf?
The system is administered by the Library and Information Technology Division, but the configuration is coordinated closely with the Distributed Computing Specialists Team.
How does Jamf work?
A Jamf infrastructure is a cloud-based group of servers that communicate with Trinity Colleges infrastructure to provide a database of device and user information and data storage for programs, applications, and updates. Jamf also utilizes Apple’s Mobile Device Management framework and Device Enrollment Program to remotely provision and manage all types of institutionally owned Apple devices. As a part of this process, Apple installs a small software utility known as an “agent” to communicate with the servers. This agent inventories hardware specifications, software installation information and provides for the automated installation of software updates and security patches. Included with the agent is another application called Self Service, which is described elsewhere on this page.
Additionally, all client/server communication is encrypted by a certificate pair configured when the agent is installed.
What information does Jamf collect?
Trinity‘s implementation of Jamf collects only the data needed to support devices running macOS, iOS, or tvOS operating systems. This information includes:
- Hardware Specifications
- Installed Applications & Usage
- Services Running
- Available Software Updates
- Local User Accounts and Login/Logout Timestamps
- Security Status (Firewall, SSH, etc.)
- Connected Peripheral Devices
What if I have other questions?
For more information, don’t hesitate to get in touch with the Library & Information Technology Services Division.