Jamf brings powerful new compliance tools to Apple IT


As Apple becomes more deeply embedded in increasingly regulated enterprises, IT needs new tools for security compliance to keep their fleets in shape. Jamf introduced a batch of solutions to achieve this at a special event this week. I spoke again with Michael Covington, vice president of portfolio strategy at Jamf, to learn more about what the company has made available.

“We see organizations of all sizes struggle to establish good security hygiene for their Apple devices,” Covington said. “Our research shows 39% of organizations operate at least one device with known vulnerabilities, so improving basic endpoint configuration is low hanging fruit for security teams, and it can significantly improve their overall risk posture.”

What has Jamf introduced?

Jamf announced the following:

  • A Compliance Dashboard in Jamf Protect that lets admins monitor their fleet against CIS benchmarks.
  • The new Compliance Editor in Jamf Pro that lets admins deploy configuration files to bring mobile device in line with CIS benchmarks. This makes it easy for admins to select a baseline security standard and push it to all users. The idea is that organizations can ensure their fleets are compliant with relevant security standards.
  • Jamf Routines, a new Jamf Pro tool that offers new no-code automations and integrations, such as between Jamf and Slack or Teams. This helps keep those devices in compliance with security benchmarks.
  • App Version Control within App Installers, which puts admins in charge of app deployments and upgrades. Typically, some admins might want to test new application software updated across small groups before approving installation across the company. This tool helps them do that.

Privilege Elevation

The company also introduced a new Privilege Elevation tool in Jamf Connect for Macs. This lets IT assign admin privileges to users on a temporary basis. Covington explained what this is for: “There are many scenarios where a user could benefit from having ‘admin’ privileges, but granting permanent access presents a real security risk, both because of the damage that could be done accidentally and because of the risk of credential compromise with an active attacker.”

At the same time, a lack of admin access can be challenging. “System updates like adding a printer, installing a third-party app, or changing various settings are all fairly routine and benign, but may be unavailable when the organization enforces the principle of least privilege,” he said. “Privilege Elevation enables end users to receive elevated privileges on-demand, without requiring ad-hoc IT intervention. When scoped with this feature, users will be able to temporarily acquire local admin rights for a configurable amount of time. The feature includes safeguards and audit trails to reduce misuse and monitor for compliance.”

On Apple Watch and Vision Pro in business

From the thousands who took an interest in an earlier plea for device management support in Vision Pro  and Apple’s subsequent introduction of such support, we know that plenty of businesses are now making use of iPhones, iPads, and Macs at work. 

This extends to Apple Watch also, which is why Jamf now supports device management of that device. “We have seen some very clever solutions developed around the Apple Watch, with industries like aviation and medicine truly treating the device like a wearable computer instead of a timepiece,” Covington said. “Businesses that want to deploy the Apple Watch at scale will need management to do so. Jamf’s implementation is built on modern Declarative Device Management workflows and includes the ability for applications to utilize a secure enterprise VPN to access rich datasets.”

Covington confirmed his company is seeing its business clients begin to explore the potential of Vision Pro. He pointed to several industries — medical, education, field service and maintenance — already known to be using the device, saying:

“The key to extracting maximum value from a device like the Vision Pro is to develop a transformational application for the business, which typically requires secure access to critical enterprise data. As new applications are developed and tested, organizations are finding that they must manage and secure these new devices just like every sanctioned device in the business.”

Apple in the enterprise

It’s always good to get a reality check from Jamf concerning Apple’s enterprise markets. On the back of its success in mobile products and growing support for employee choice schemes, the company has done a great job of building a bridgehead into the industry, supported by third parties such as Jamf.

“Apple has made some tremendous strides in the enterprise over the past several years,” said Covington. “Their strength was initially in mobility, with businesses choosing the iPhone to enable a mobile workforce. But that position has expanded to both line of business solutions (often build around iPad) and to primary compute (with the MacBook becoming a de facto device choice for many users).”

The result (as regular readers may already recognize) is that, “Apple’s devices are no longer for niche use cases or hyper-specific user groups. They are now used to empower work in all corners of the business. With the recent introduction of enterprise support on both Apple Watch and the Vision Pro, it will be interesting to see what new enterprise use cases emerge for Apple to tackle in the future.”

Covington also confirmed the introduction of Apple Silicon chips in Macs helped spur interest across the enterprise, saying Jamf has seen the move accelerate employee choice programs. “Apple continues to outpace rivals with the overall compute experience they are offering professionals, with amazing hardware that comes to life through tightly integrated software, applications, and services,” he said.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Apple, Enterprise Applications, Enterprise Mobile Management, iOS, IT Management, IT Operations, Vendors and Providers

Previous Story

Google Workspace gets new genAI pricing options, Vids app

Next Story

Google adds a premium option for Chrome Enterprise