How Can Apple and JAMF Improve your IT Infrastructure?
Apple has a Growing presence in business and by Integrating JAMF you can easily manage and deploy your Apple Fleet.
Deploying Apple devices couldn't be easier with JAMF. Many people think that implementing Apple devices into their IT Environments will cause lots of compatibility issues, but this doesn't have to be the case.
JAMF offers a variety of different products designed to help companies and organisations succeed with Apple. From JAMF Pro - to manage devices, deployments, and applications, JAMF Connect - for Mac authentication and identity management and JAMF Protect - End Point protection for Mac's.
Organisations through the use of JAMF have the ability to use Self Service, their own Internal App store and resource centre. Add Apps and Configurations in here for users to download or add bookmarks for important websites that employees will refer to regularly.
JAMF Pro offers organisations the ability to effectively manage their Apple fleet. Whether that be existing devices or new ones. Every part of the end user experience can be managed using JAMF Pro to ensure that the user has everything that they need from the moment they get their Apple Device. JAMF is even more powerful when using Apple Device Enrollment Programme. You can automate your device management which will drive the increase in end-user productivity.
Apple Device Enrollment Programme:
By using DEP (Device Enrollment Programme) you can simplify the setup process for end users. Devices added to DEP can be automatically added to your MDM (Mobile Device Manager) Solution and will ensure that any devices that are enrolled meet the requirements of your organisation. By using DEP and an MDM Solution such as JAMF you can guide users through the setup assistant and say which screens they see and which ones they don't
Zero Touch Deployment
By using JAMF Pro to deploy devices you are simplifying the setup process for end users. Configure a Prestage in JAMF Pro, then ship devices directly to end users. This allows them to unbox the device, turn it on, sign in and away they go. They get everything straight out of the box. No configuration or setup from IT which means that you can onboard users from anywhere in a lot less time than setting up each device manually.
By integrating JAMF Connect into this workflow can not only simplify this process further but also increase Security. JAMF Connect is configured to use a Cloud Identity Provider such as Azure or Okta. IT Admins can create individual user accounts in your Microsoft365/Azure or Okta Tenant and the end user can use these credentials to sign into their new Mac. This means that you know who is signing into devices and by configuring Multi-factor Authentication each login has an extra layer of security.
Integrating JAMF Connect and your Cloud Identity Provider can have other benefits. If a user changes their cloud password, JAMF Connect will detect the change and prompt the user to update their local Mac password, ensuring that the passwords always remain in sync. Plus by integrating your Cloud Identity Provider with other tools you can make use of SSO (Single Sign on) so that your users only have one set of credentials to sign into their other SSO enabled systems, therefore reducing the number of IT Tickets and providing a seamless end-user experience.
App Store Apps
Through the use of JAMF and Apple Business Manager you can deploy apps from the App Store and have them install Automatically or be available to be installed by the end user via Self Service. These can either be paid or Free Apps and allow you to control which apps get installed on your devices. Simply purchase the App from Apple Business Manager and assign them to your MDM (JAMF) and then add an App Store app for either Computers (Macs) or Devices (iPhone, iPad and Apple TV) and choose to either deploy automatically or via Self service to the devices in Scope.
Non App Store Apps
Not Every Application that your organisation needs to use on Macs is available to be downloaded from the Apple App Store. Applications such as Web Browsers (Chrome and Firefox), Adobe Creative Cloud, Zoom, and many others are not listed on the App store, but by using JAMF, can be easily deployed by IT, so that end users have access to what they need. Create a package either containing a script to download the latest version or the Application itself using JAMF's Composer Application and upload to your JAMF Pro Instance. You can then create a Policy in JAMF Pro to deploy packages to either all or specific devices. Choose whether to install when the device next checks in with JAMF or via Self Service and select the scope of all devices, specific Devices or Department. If deploying via Self Service configure the listing on JAMF by adding a description and the application logo so that is can be easily identified by users and press save.
Each organisations Device Configurations will depend on how they want their devices to be setup and their IT Security Policies. But JAMF makes it easy to ensure that each device is deployed the same and that it meets your requirements. You can deploy Printers, Wifi and VPN Connections again either Automatically or via Self Service as well as ensure that devices are encrypted and then store the recovery key in JAMF.
By utilising the functionality in JAMF Pro you can ensure that your devices are kept up to date as well as secure. JAMF Pro features powerful Patch Management Functionality so that you can easily deploy updates and ensure that they are installed.
IT Admins can add Patch Titles for a whole range of Applications either from a list JAMF has defined or from 3rd Party Sources. This allows you to see the status of your device Fleet. Each Patch Title will tell you how many and which devices are on the latest version and then list all of the other versions of that application so you can identify which device has which version installed and which ones need the update. These patch titles can also be added to your JAMF Pro Dashboard so you can get a quick glance when you login, of your estate.
There are a variety of different ways to deploy application patches, but Coded Point has outlined one approach below to help you get up and running quickly. Much like deploying your Applications in the first instance you will need a package containing either a script or the version of the application you wish to deploy. You can create this using the JAMF Composer Application. For packages you create that contain the specific version, we find it best to add the version number to the end of the package name so that it can be easily found. Once the package has been created you can upload this to JAMF Pro ready for deployment.
You can then create a Smart group in one of two ways. You could create an automatic process to determine the devices that need the latest version which will require 2 smart groups or a manual approach.
Choosing the Automatic Approach you will need to create a Smart group that uses the criteria that looks to a Patch Title and is set to list those devices not on the latest version. But as JAMF doesn't allow you to scope a policy to a Smart Group looking at a Patch title, create a second smart group that is scoped to the 1st Smart Group. You can then scope each new Patch Policy to the 2nd Smart Group and ensure that it automatically updates, without the need to update the smart groups criteria each time an update is released.
The other option is the manual approach and only requires one smart group. Scope your Smart group to look for the Application name for example Google Chrome and look for the Application Version that "is not" the value to define. You can then enter the latest version number in the value box and it will find all devices that are running Google Chrome and not the latest version.
Then once you create your patch policy you can scope it to your chosen Smart Group. This ensures that any devices running the latest version are not notified and any that aren't are notified of the update. You can choose whether to deploy Automatically or via Self Service for the user to install when works best for them. Ultimately it is down to you to decide which deployment method works best, but we split applications into 2 groups: 1) Applications that run in the background and the user doesn't interact with, such as JAMF Connect, Protect and AntiVirus Software and 2) applications the user will interact with such as Chrome, Firefox or Zoom. If deploying with Self Service you can add a description and the notification settings and then set an update deadline. This gives users the ability to update the app in their own time, but it allows you to ensure that the application is updated within a time frame to comply with your Organisations Security Policies. By Ensuring that your Applications are updated as new versions become available not only provide new functionality to users but it can help to reduce the number of support tickets raised and increases the security of your IT Infrastructure.
Apple release macOS updates between their major releases occasionally with new functionality, but mostly implementing bug and security updates. These Security updates are critical to ensuring that you meet standards such as Cyber Essentials and ISO27001 but even if you are not working towards these standards applying macOS security updates as they are released increases security and is generally considered best practice.
With Apple releasing updates regularly, this can cause problems for IT teams and Management on how best to deploy these updates and can be even harder if your team is working across multiple locations or has adopted a remote and Hybrid Working Policy. Use Policies within JAMF Pro and Smart groups as described above to automatically release the update either by adding the macOS update option to Self Service or by deploying automatically, for devices not running the latest version.
macOS Upgrades tend to be released annually, with additional functionality and security improvements. However deploying these upgrades can require a large amount of time to test and plan the upgrade schedule. Use JAMF Pro to test your upgrade process and then role out to your users either automatically or by allowing the users to download and install at a time that suits them. JAMF offers a 0-day support on macOS releases so that organisations and users can take full advantage of new releases. There are a variety of ways to release the update either by deploying the new macOS installer from the App Store using Apple business Manager, or package the new installer to deploy via a policy and then use a script to install the upgrade. Alternatively you can use a script to download and install the upgrade in one go. As we approach upgrade season with the pending release of macOS Monterey having this functionality is crucial for IT teams.
Lock and Erase of Devices
It is vital that IT and Security teams have the ability to lock or erase devices especially for organisations offering Remote and Hybrid working. If a computer is lost or stolen IT and Security teams can either lock the device requiring a user to enter a code to access the machine again ensuring data stored on the device is protected or erase it so that any data stored on the device is removed. This can be done, either by sending a remote command to a single or multiple devices.
Use JAMF Pro to ensure that your devices are encrypted, for example ensuring device encryption is applied as soon as the device is enrolled, this secures all the information and data stored on that device and that only authorised users have access.
If you are looking to improve your IT setup by improving either the end user experience, IT Security, Reducing time spent deploying machines for both IT and End users, allowing your team to work remotely, reducing IT Support requests and time reductions in the management of your fleet of Devices, implementing Apple Devices and JAMF can help you achieve all of these things.
At Coded Point we don't believe that IT should be a hurdle for your end users. With every member of your team busy the last thing you need is to be held up by IT Issues or users not having the tools they need to complete the job at hand. By using Apple Devices and integrating JAMF you set your team up for success, reducing IT Support requests, allow your team to download applications or resources as they need them and configure devices to be the same so that standard applications are installed from the outset.
If you would like to know more about how implementing Apple and JAMF can improve your IT and help you team then contact Coded Point today.