Automated Apple Management with Jamf Pro
Apple enterprise mobility management
Western has begun using Jamf Pro enterprise mobility management to provide a comprehensive management solution for Apple macOS, iOS, and tvOS systems.
Jamf allows us to manage WWU-owned Apple devices proactively by maintaining systems and software, limiting exposure and responding to security threats, distributing settings, identifying potential and actual hardware problems, and analyzing inventory data. It enables us to deploy new operating system builds, applications, and the latest updates to Apple devices quickly and cost-effectively. This assures that every university-owned Apple device managed on our network can remain current and be protected from exploitation of software vulnerabilities. Additionally, it improves overall network security for campus. We are managing hundreds of devices already but we are in still in the early stages of this rollout If you would like to learn more about Jamf Pro, please read below, contact the Help Desk, and/or visit the Jamf website.
What benefits do we receive from Jamf Pro?
- Reliability: Devices quickly receive patches and updates with minimal user interaction or disruption.
- Security: IT can ensure that critical patches are installed on your device.
- No Apple ID Required: Users can now get apps without needing an Apple ID. Apple ID is still available for use if needed or departments can even request that the App Store be disabled.
- Apps Provided: there is a second “App Store” called Self Service that contains many of the most commonly requested apps including all the main Microsoft, Google, and Apple productivity apps. Additional apps can still be requested from Software Services which can then be assigned to specific users, specific computers, a whole department, or even campus-wide. Again, no Apple ID is required to install these.
- Managed Apple ID: ATUS can generate an Apple ID for a user. If we make it, we can help with forgotten passwords and, unlike with a standard Apple ID, no credit card is required.
- Privacy & Confidentiality: User data and files remain confidential. No personal information is collected, such as the contents or names of personal files (documents, email, etc.) or any browsing history. Also, a remote wipe of a device can be requested and completed in the event a device is lost or stolen.
- Consistency: Devices can all have common settings, certificates, and other required WWU settings automatically taken care of.
- Recover Stolen Devices: Jamf can remotely lock a device and retrieve its location if reported to be lost or stolen
How do updates work?
Jamf’s software updates and patching will usually be invisible to you. Software updates are downloaded to your computer in the background at a speed that allows your computer tasks to proceed without interruption or delay. App Store updates are installed daily around midnight, where 3rd party apps might have their own schedule. Microsoft apps are updated monthly and install automatically if the programs are closed. When programs are open, the alerts look like this:
In rare cases - usually when the Mac is very old or has a hardware failure - an update may cause a system crash. If that happens, you will see a "kernel panic" or other indication of abnormal functioning like the computer failing to start up. Contact the Help Desk or your departmental IT staff so a technician can promptly respond and repair your system.
How is new software installed?
Most new software installations can be initiated by users through Jamf’s Self Service app, located in Applications (see below), while some software will be deployed as needed and/or requested.
What is Self Service?
Self Service is similar to Apple’s App Store but it provides university-approved software for university-owned Apple systems. Software purchased through ATUS Software Services will also be available for download through Self Service. Self Service gives you the flexibility of choosing what to install and when to install it. To access Self Service, just open your Applications folder and double click Self Service and it will open in a new window. Double-click any application to install it.
Can I connect to Self Service when I am off-campus?
Yes, for most apps. For some apps Self Service to function, the device must be on Western Washington University’s network by being physically located on campus or connected via our Virtual Private Network (VPN).
What changes does the installation of Jamf make to a Mac?
Jamf installs the agent to your computer. The agent runs in the background and will not interfere with the operation of your computer. Additionally, Jamf installs the Self Service application and Profiles in System Preferences.
Who supports Jamf?
The system is administered by ATUS but configuration is coordinated closely with college and departmental IT support professionals.
How does Jamf work?
The Jamf infrastructure is a cloud-based group of servers that communicate with Western Washington University’s infrastructure to provide a database of device and user information along with data storage for programs, applications, and updates. Jamf also utilizes Apple’s Mobile Device Management framework and Device Enrollment Program to remotely provision and manage all types of institutionally owned Apple devices. As a part of this process, Apple installs a small software utility known as an "agent" to communicate with the servers. This agent inventories hardware specifications, software installation information, and provides for the automated installation of software updates and security patches. Included with the agent is another application called Self Service, which is described elsewhere on this page.
Additionally, all client/server communication is encrypted by a certificate pair configured when the agent is installed.
What information does Jamf collect?
Western’s implementation of Jamf collects only the data needed to support devices running macOS, iOS or tvOS operating systems. This information includes:
- Hardware Specifications
- Installed Applications & Usage
- Services Running
- Available Software Updates
- Local User Accounts and Login/Logout Timestamps
- Security Status (Firewall, SSH, etc.)
- Connected Peripheral Devices
What if I have other questions?
For more information, please contact the Help Desk or your departmental IT staff.