SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image

Jamf showcases new products to simplify and secure work

Jamf, the standard in Apple enterprise management, kicked off its 13th annual Jamf Nation User Conference (JNUC) virtually and in person in San Diego, California. 

Joined by partners including Apple, Google, Okta Microsoft, Amazon Web Services and SwiftConnect, and with customers American Airlines and HSBC, Jamf shared how its continuous product innovation is helping organisations succeed with Apple in a rapidly evolving work environment. 

Bring your own device (BYOD) programs have gained even more traction over the last two years, as the lines between work and home technology blur and more work is done on mobile devices.

After rolling out a new BYOD offering earlier this year, Jamf kicked off JNUC by demonstrating their internal deployment for BYOD devices, all built on Jamf and Apple-specific workflows. 

These features are intended to eliminate the common practice where employees carry two mobile phones, one for work and one for personal use. 

Key capabilities of this new workflow include employee self-enrolment and setup with no action needed from IT; device partitioning for secure work with a separate partition for personal privacy; cloud identity-based single sign-on for all work applications and access to corporate data; and self-service app installations with app-based security automatically set up.

Jamf’s new capabilities also include next-gen cloud VPN private access to enterprise resources with no setup required by users; automatic zero-trust blocking of all compromised users and devices; enterprise ID cards procured and placed in Apple Wallet for access to physical offices; simple workflows to setup dual eSims, supporting one work phone line and one personal; and Apple’s focus mode to transform BYOD iPhones to work-only or personal-only for better work life balance.

“The focus of this year’s JNUC is simplifying the management and security of devices used for work. In order to do this, we have something we call Trusted Access,” says Dean Hager, CEO of Jamf. 

“Trusted Access puts enrolment at the foundation – whether for a Bring Your Own (BYO) or corporately-owned device – and establishes the user as trusted. It also ensures only safe devices are able to access work resources to keep company data protected. For those devices that are enrolled and safe, their access to resources is completely seamless. The user can work anywhere, access all the corporate resources they need, and do not require multiple passcodes to remain productive.”

The unboxing and onboarding experience is also essential, especially today, as more and more employees sign in for the first time from home. 

Here, Jamf has taken zero-touch deployment to the next level.

Jamf-managed Apple devices can be shipped directly to an end user, ready for automatic configuration for an individual’s use and fully secured against on-device and in-network security threats from the moment the device is powered up for the first time. 

Jamf's endpoint security suite can now ensure macOS and iOS devices are configured correctly and secured against cyber attacks from the first boot with a new app called Jamf Trust. 

The Jamf Trust app binds user identity to the device so that Jamf’s security services are dynamically configured according to user identity and role.

Additionally, next month Jamf Protect will gain rich endpoint telemetry data collection along with a new offline deployment mode. It will stream telemetry data directly to a SIEM for customers with high compliance requirements.

In the last 12 months, Jamf has scanned more than 430 million unique domains. By measuring a multitude of dimensions of these sites, including top-level domains, subdomain entropy, domain compositions and brand impersonation, Jamf has been able to identify and block more than 122,000 zero-day phishing attacks just in the last year.

For the past two decades, Jamf has provided same-day readiness with new Apple operating systems.

Last year at JNUC, Jamf tackled an additional software problem for users and IT administrators: keeping apps updated. 

With the introduction of App Installers within the Jamf App Catalog, Jamf made third-party software updates for macOS, which constitutes 80% of all Mac apps run by Jamf customers, as simple as App Store updates.  

At this year’s JNUC, Jamf announced it has grown its monitored software to over one thousand titles. It now offers more than one hundred App Installers designed to substantially lower the work effort for IT while improving the security posture of an organisation’s fleet of devices. 

App Installers are pre-vetted and maintained (patched, updated, monitored for risk, etc.) over the device's lifespan. 

Jamf also announced new App Installer features to be delivered soon. These include improved user notifications and simplifying app installation within self-service. This is to ensure only apps relevant to the user and authorised by IT are displayed in their customised app catalogue.

Jamf has taken its patented Smart Group technology to the next level by synthesising multiple layers of data, including user, device and new risk data into powerful security workflows. This allows organisations to identify threats and take action on that information automatically.

With Jamf’s Apple device inventory and controls, Jamf is able to block access to Apple devices or specific capabilities on the device when a compliance issue has been detected. 

Additionally, working with cloud identity providers, like Okta, Jamf can now enforce the use of private access to ensure only protected devices with encrypted data can run enterprise apps while automatically blocking compromised users and devices.

Furthermore, Jamf announced deeper integration with leading cloud providers Microsoft and Google. 

The next generation of Microsoft device compliance integration will be available for macOS later this year. The technology is currently available on iOS, aligning the full power of Microsoft Device Compliance consistently across all Apple devices. 

This new workflow will allow admins to fully define compliance with any smart group criteria, including the newly added device risk score.

Jamf will also support BeyondCorp, Google's context-aware zero trust framework on iOS devices, in early 2023, an integration currently available to Jamf customers on Mac. 

Through a new integration coming early next year between Jamf and SwiftConnect, organisations will be able to empower their employees with a digital employee badge made accessible in Apple Wallet on iPhone and Apple Watch and authenticated through the employee’s cloud identity. 

This integration between Jamf Trust and SwiftConnect's cloud platform will integrate with cloud identity, credential management, and access control industry leaders like Microsoft, Okta, Google, HID, Lenel, and Genetec.

Coming next month, Jamf will provide support for Apple's new Declarative Device Management functionality. This means the device will proactively report its status in real-time, and then action can be automated or user-driven to get the device into a new state for security, compliance or productivity reasons.

Additionally, Jamf and AWS have partnered to automatically enrol virtual EC2 Macs into Jamf Pro when they are provisioned through the AWS portal. This provides IT administrators visibility into the entire physical and virtual Mac fleet. 

Additionally, administrators can now use Jamf to deploy policies, configurations and software to their virtual Macs while collecting a full complement of inventory details about the computer and the EC2 environment it’s running in.

Delivering in early 2023, Jamf announced a new remote access feature that will empower IT administrators with the ability to authenticate and take remote control of any Mac in their fleet directly from within Jamf Pro. In a hybrid work world, this capability substantially improves IT's ability to support users and devices anywhere in the world.

Launched earlier this year for macOS and iOS, Jamf Safe Internet ensures students have a safe and secure online learning environment from the moment they unbox their devices. 

This online student safety product is coming to Chromebook and Windows devices in early 2023.

Earlier this month, Jamf added support for Google Safe Search and YouTube restricted mode within Safe Internet. It has given organisations more robust control over access to content hosted on Google sites and ensures policies for student safety are consistently applied.

Finally, Jamf announced the expansion of their Matter Innovation Hub programme, opening five new hubs within the last year. 

This program is designed to deliver state-of-the-art solar-powered Apple classrooms to under-resourced locations across town and the world. Jamf and Matter have now partnered to open a total of 14 Matter innovation hubs currently impacting the lives of over 5,000 students. 

Follow us on: