Heads-up, Apple-in-the-enterprise admins. One of the biggest annual events for Apple IT professionals, Jamf Nation User Conference, rolled around this week in Austin, TX.
Led by new CEO John Strosahl, the company offered up a range of announcements, improvements, and insights from third-party presenters, including Cisco CIO Fletcher Previn. Michael Covington, Jamf vice president of portfolio strategy, discussed the advance of the Mac into the enterprise space, and stressed how his company’s solutions help provide the kind of digital business stability — even for remote enterprises — that businesses need today.
Here are the highlights of this year's event.
Macs are good for business
Previn is famous for his work launching a highly successful company-wide employee choice scheme when he was at IBM. That effort proved that Macs save money and boost engagement and productivity. He returned to JNUC to share his experience at Cisco, where 60% of employees now use Macs (and 24% of PC users switch platforms when they get the chance to upgrade).
Based on Cisco data drawn from across a 130,000-strong workforce, he detailed why it’s shrewd business to go Mac:
- Macs are up to $395 per machine cheaper to run than PCs.
- Sales teams using Macs outperform PC counterparts with 9.8% more deals.
- Software engineers generated 11.5% more code on a Mac.
- Employees using Macs and iPhones had 83% IT satisfaction.
- And Mac users see almost five times fewer cyberthreats — and nine times fewer virus issues — than PCs.
Jamf Pro 11 gains usability and more
The pride of the company's portfolio, Jamf Pro, is thesomething Apple administrators use every day. Announced at the event, Jamf Pro 11 sports an easier-to-navigate user interface, better accessibility tools, new shortcuts to get to the most popular workflows, and built-in support for Apple’s Declarative Device Management (DDM).
The latter makes for significant improvements in software update management workflows. Devices could defer updates before, which meant admins had to pursue users to upgrade — particularly when handling security challenges. With DDM support now in Jamf Pro, administrators can specify a date and time for updates, ensuring successful execution while promptly notifying end users.
That means IT can schedule and enforce the installation of software updates on managed devices, including Apple’s Rapid Security Response upgrades.
For new users, the onboarding system is now more transparent so new hires can see what’s going on; the company also streamlined its support for user enrollment and single sign-on.
Generative AI comes to Apple IT
For many, generative AI feels like it burst onto the scene at the beginning of 2023. Today, most companies, including Apple, are exploring the technology. Jamf is no different and is using this kind of AI to help power its support services.
The idea is that Jamf admins can ask it questions and receive answers to help resolve issues.
The company has a second vision to support security with genAI, combining raw telemetry and security alert data with the MITRE attack framework to flag attacks and advise admins on appropriate security mitigations.
Jamf CTO Beth Tschida took time to explain how this will work. “In the realm of endpoint security, it is becoming dangerously common for security duties to be piled on to IT admins," she said. "They’re given tools they can’t use and data they can’t interpret, and the situation is not unlike forcing an untrained flight crew to land a plane. It’s all fine and good until a company gets compromised and discovers that they had alerts along the way that could have saved them.
"By leaning on [genAI], we are able to rapidly give even entry level analysts a starting point and the ability to rapidly triage the alerts they are receiving and make timely decisions about what to do,” she said.
Security, security and Jamf Protect
Compliance is a big deal for enterprise security, which is why the ability to check managed devices against compliance policy is a useful addition to Jamf Protect.
It lets admins check for overall compliance, and lets them see which apps and OS versions in use across their environment are impacted by known Common Vulnerabilities and Exposures (CVEs). The idea is that admins can get good insight into the security (or otherwise) of their deployed devices.
All the same, security isn’t security if action beyond the perimeter is not also controlled; that's where improvements to Jamf Connect kick in, this time with much better support for Zero Trust Network Access, which is now incorporated. The idea is that this brings least-privilege, high-performance connectivity to cloud and on-premises data resources from macOS, iOS, iPadOS, Android and Windows devices.
Security isn’t just about digital doorways — it’s also about real ones. Jamf now partners with SwiftConnect to provide digital employee badges used in iPhones or Apple Watch to access buildings and offices.
At JNUC, the company enhanced its system. This means that managed devices will share device risk signals or user events data to temporarily disable a digital employee badge if something seems remiss. The idea is that miscreants cannot use hacked or stolen devices to access critical enterprise infrastructure.
Finally, in a detailed presentation at the show, Jamf Senior Threat Researcher Ferdous Saljooki took attendees through an in-depth technical look at state-sponsored malware recently used to undermine Mac security.
Education, the original mass deployment
One of the highlights from Jamf last year was information about how the nation of Taiwan deployed 400,000 iPads across school students in just a few weeks.
Challenges like these are bread and butter to education IT crews who regularly manage large-scale deployments in a short time. The extent of these often dwarfs those managed by enterprise IT, so it’s natural that Jamf serves this, its original market.
At JNUC 2023, the company improved the UI of its education focused products and introduced additional features to help reduce the pain of education IT. That means app installers, content filtering, and much better tools to manage and require compliance, not to mention further improvement in the management and deployment of shared devices.
The company has also introduced on-device in- and out-bound content filtering for supervised devices running Jamf Safe Internet.