Enterprise organizations must manage a growing variety of endpoint devices for both local and remote users, making the challenge of endpoint management more critical than ever.
As the rise of remote work has created endpoint security concerns and caused more businesses to consider a BYOD mobile policy, the endpoint landscape is changing rapidly. Traditional Windows-based x86 endpoint architectures are quickly giving ground to Apple hardware and macOS operating systems. According to IDC, macOS devices now comprise about 23% of enterprise endpoints -- up from 17% in 2019. This is in addition to other Apple devices such as iPhones and tablets.
Although long overlooked as niche deployments, Apple endpoints have become a significant factor in enterprise computing. Organizations must now consider provisioning, securing and managing Apple devices. While useful, Apple Business Manager has limited functionality on its own, making the use of additional mobile device management (MDM) tools worthwhile for enterprises. The Jamf software suite is one notable offering, with a range of tools to support Apple endpoints across their entire lifecycle. Let's take a closer look at Jamf and review popular enterprise components of the Jamf suite.
History of Jamf
Aiming to address and support the growth of Apple devices in corporate environments, Zach Halmstad, Christopher Thon and Chip Pearson founded Jamf in 2002. The company then released the Casper Suite -- rebranded as Jamf Pro in 2017. In 2015, IBM chose Jamf Pro to manage Macs, and had over 275,000 devices under management by 2017.
But Jamf Pro was just the beginning. The company expanded its product portfolio with acquisitions in 2018 and 2019. The Orchard and Grove acquisition brought identity and authentication management, ZuluDesk added education-specific MDM and Digita Security added behavior-based Mac endpoint security. Jamf also completed its acquisition of zero-trust software vendor Wandera in July 2021. These acquisitions provided much of the underlying technologies found in other Jamf products.
After years of private investment, Jamf emerged as a Nasdaq publicly traded company in July 2020. Today, Jamf has about 1,000 full-time employees in 10 global locations.
The Jamf software suite
Despite Jamf's long history, the company and its products are sometimes overlooked by IT professionals. Organizations seeking to add Mac support to enterprise management should recognize a variety of Jamf offerings.
Jamf Connect is an identity and access platform for enterprise organizations that supports mobile and remote Apple devices. Rather than traditional Active Directory authentication, Jamf Connect uses single sign-on (SSO) cloud identity credentials to access the device, applications and data. Jamf Connect integrates with major cloud and security environments such as Microsoft Azure, Google Cloud, IBM Cloud, Okta, OneLogin and PingFederate to identify users.
Jamf Connect allows IT administrators to create and manage accounts and perform zero-touch deployment, which leads to a faster and more convenient login experience for users. Jamf Connect also supports biometrics and multifactor authentication to enhance security and ensure that only real users and IT administrators can access devices.
Using detailed monitoring, Jamf Connect tracks access of devices and data and generates detailed access reports. It also enforces established password policies to maintain a consistent security posture across the business.
Jamf Connect is available as a standalone offering but may also be used with other Jamf security or device management tools.
Jamf Private Access
Jamf Private Access builds on Jamf Connect by providing a lightweight zero-trust network access platform. This makes it a more modern and versatile alternative to network security technologies such as VPNs. Once an Apple device is authenticated using Jamf's cloud-based SSO approach, Jamf Private Access keeps business connections secured while also allowing non-business applications to access the internet directly.
The focus of this security is the use of microtunnels, which allow tunneling security on a granular per-application level. This ensures that only authenticated users can access authorized applications.
Jamf Private Access spans all locations. It allows and enforces the use of access and security policies across data centers, clouds, SaaS providers, operating systems and management approaches. IT administrators can prevent users from accessing devices that are deemed compromised.
Jamf Private Access is typically employed where additional security is required across a broader spectrum of remote devices, such as macOS, iOS, Android and Windows devices. It can be deployed alone or used with other Jamf security or device management tools.
Jamf Pro is a device management tool designed to support Mac, iPad, iPhone or Apple TV systems across an enterprise. With zero-touch deployment, IT administrators can provision, configure and manage devices remotely. Jamf Pro can collect hardware, software and security configuration information from Apple devices and generate reports that help manage devices and software licenses.
Application lifecycle management allows users and IT staff to handle automatic app configurations and deployments through a self-service app catalog. This minimizes the need for application help desks and app-related help tickets.
Jamf Pro handles the native security features of Apple devices for users. The tool helps manage device settings, optimizes configurations, limits or prohibits malicious software and handles all patching without the need for user actions.
IT administrators can monitor the Apple device environment through a centralized dashboard and oversee key issues such as device status, adherence to established system policies and attributes of mobile device configuration.
Although Jamf Pro can stand alone, other tools such as Jamf Connect can make features such as zero-touch deployment more secure. Similarly, endpoint protection can be enhanced by the addition of Jamf Protect.
Jamf Data Policy
Jamf Data Policy is a management tool for all mobile and Windows 10 devices. The tool supports and enforces acceptable use policies and monitors data consumption for mobile devices. It can also enforce data usage rules that help to ensure appropriate and cost-effective use of mobile devices and data.
Jamf Data Policy can set customizable data alerts and caps so that device users and administrators know when a device approaches the limits of its data plan. The tool can employ data compression to help reduce the volume of mobile data used, extending the existing data plan and saving money.
Roaming features monitor the device's location, allowing policies to be enforced based on user location. This can reduce potential compliance violations and reduce roaming fees. Additionally, Jamf Data Policy supports content filtering, using rules to restrict access to unacceptable websites and other content. This also trims data usage and mitigates legal exposure from noncompliant device use.
Jamf Data Policy is fully customizable, allowing administrators to create and apply different policies to different user groups for different situations. Policies can also be crafted for different device types or geographic locations. The tool handles real-time analytics and reporting, so organizations can get timely insight on managed devices across the enterprise.
Jamf Now is a simplified MDM platform for Apple devices that is intended for small businesses and other smaller organizations. The platform emphasizes broad functionality and simple operation.
Jamf Now includes zero-touch deployment, so IT administrators can provision and configure new users and devices without ever touching the device. App distribution allows organizations to buy volume app licenses and easily distribute apps to users, reclaiming and redistributing apps as required.
Jamf Now can handle email configuration for Microsoft Exchange, Google Mail, Yahoo Mail and other IMAP or POP mail accounts on any Apple device. It also offers Blueprints, or customizable sets of policies for devices. These can deploy apps, set restrictions and implement settings for specific devices or device groups.
Inventory management can help keep track of devices, asset tags and device configurations. It can also carry out device configurations such as OS updates. A single app mode allows a device to be locked to a specific app to ensure that the device is used for a specific purpose.
Jamf Now enhances security for smaller organizations through additional features such as a passcode to unlock devices and disk encryption through FileVault. Lost or stolen devices can be found with lost mode or neutralized with remote lock or wipe, and additional device restrictions can be applied and enforced with customizable settings.
Jamf Protect is an enterprise-class endpoint security tool for Mac systems that supplements the existing Endpoint Security Framework in macOS. The tool offers more controls, enhanced preventions, better visibility and stronger remediation.
Jamf Protect offers strong detection capabilities and provides visibility into devices and events by comparing actions against normal system behaviors. Administrators can be alerted to malicious applications, scripts and user behaviors. Jamf Protect also focuses on Mac-specific malware to provide antivirus protection on Apple devices. This advanced device protection is often implemented in conjunction with Jamf Pro to support policy-based workflows that can address a wide range of threats.
The tool includes granular monitoring, allowing administrators to oversee large device fleets for health, threats and compliance. Monitoring can spot devices that deviate from required configurations and take steps to remediate issues. Remediation can include isolation, malicious file deletion and reestablishing required device configurations. This may be implemented with Jamf Pro and Jamf Connect.
Jamf Threat Defense
Where Jamf Protect supports macOS devices, Jamf Threat Defense provides a strong enterprise-class security platform for iOS endpoints. It offers mobile threat detection and guards against zero-day phishing attacks and other emerging threats.
Jamf Threat Defense relies on machine learning to observe device behaviors and identify both known and unknown threats which traditional antimalware tools may not address. In addition to identifying device risks and configurations, it can use policy actions to alert administrators and take corrective management action. Security and privacy are further supplemented with data encryption and user privacy features.
Jamf is not the only option for Apple and mobile device management. Organizations can evaluate several Mac device management platforms before investing in MDM technology. Alternative examples include Manage Engine Mobile Device Manager Plus, Kandji, Addigy, Miradore and SureMDM.
Regardless of the ease and simplicity which management tools can promise, the deployment and implementation of MDM and other device management platforms require thought, planning and a keen understanding of the specific tool and its capabilities. This makes MDM a significant investment for organizations and IT administrators. Take the time to perform careful product evaluation and selection to ensure that a tool provides the features and functionality that the business needs.