What is Jamf Pro?
Jamf Pro, developed by Jamf, is a comprehensive management system for Apple macOS computers and iOS devices. With Jamf Pro, IT Technicians proactively manage the entire lifecycle of all Apple devices. This includes deploying and maintaining software, responding to security threats, distributing settings, and analyzing inventory data.
If you would like to learn more about Jamf Pro, please visit jamf.com
What benefits does a client receive from Jamf Pro?
- Reliability: Your device will quickly receive software updates and patches with little to no interaction on your part.
- Time Efficiency: You will stay more productive as deployment and updating processes run in the background, freeing up more time for teaching and research.
- Flexibility: You can choose when and where to install new software or run maintenance on your device through Self-service portals.
- Security: IT Technicians will manage the security of your machine so you don't have to. You can rest assured that software patches, antivirus protection, and firewalls are well maintained.
- Confidentiality: Your data and files will remain confidential; no personal data is scanned, indexed, or transmitted off your device. CMT servers also keep full audit logs of any actions performed by technicians.
- Compliance: Your device will always be in compliance with federal laws governing requirements for research or student data on University computers.
How does Jamf Pro work?
Jamf Pro consists of a management server cluster, known as the JAMF Software Server (JSS), a small software utility known as an "agent" on enrolled macOS computers, and a Mobile Device Management (MDM) profile on enrolled macOS and iOS devices.
The agent on a macOS client checks in with the JSS at computer start up and every 15 minutes thereafter, consuming 2KB of network traffic, 4MB Real Memory, and 0.10% CPU. In addition, computer inventory is uploaded to the JSS once a day, causing less than 200KB of network traffic, 8MB Real Memory, and 3.74% CPU. On average the inventory process takes 30 seconds to complete.
An iOS client checks in with the JSS once a day, or on request by a Jamf Pro Technician.
All client/server communication is encrypted by a certificate pair configured when the agent/profile is installed.
What information does Jamf Pro collect?
The CU implementation of the Jamf Pro has been customized to collect only the data needed to support macOS computers and iOS devices. This information includes:
- Hardware Specifications
- Installed Applications & Usage
- Services Running
- Available Software Updates
- Local User Accounts and Login/Logout Timestamps
- Security Status (Firewall, SSH, etc)
- Connected Peripheral Devices
No personal information is collected, such as the contents or names of personal files (documents, email, etc) or any browsing history.
How is the Jamf Pro agent installed?
Your IT support group can enroll your UCB-issued device remotely or by sending you an invitation by email.
How do I uninstall Jamf Pro from my device?
Clients who wish to remove their device from Jamf Pro should contact their IT support group for assistance.
What devices does Jamf Pro support?
Generally, Jamf Pro can support OS X 10.5 or later and iOS 4 or later. For more information, please see Jamf Pro Compatibility.
Is my device enrolled in Jamf Pro?
To find out if your UCB-issued device is enrolled, look for the Self Service application, which is automatically installed when your device is enrolled. On macOS, Self Service is located in the Applications folder or on the Dock. On iOS, the Self Service app is located on the home screen. See below for examples.
What is Self Service?
The Self Service application is similar to the Apple App Store, but it provides customized content for University devices. This content includes access to software, printers, maintenance tasks, links, and other documentation. The Self Service app gives clients the flexibility of choosing what to install and when to install it.
The Self Service app is managed and maintained by APPM. If you would like to make a change, please submit a request.
Can I connect to Self Service when I am off-campus?
Yes, Self Service will function when you are off of the University of Colorado network. Depending on the speed of your network connection it may take longer for tasks to complete.
What changes does Jamf Pro make to a Mac?
- Jamf Pro installs the Self Service application in the Applications folder of a Mac. Content such as software, printers, maintenance tasks, links, and other documentation are provided within Self Service.
- A service account will be created on the Mac with administrative privileges to carry out tasks from the JSS. This account is hidden from the general user interface and no human knows the password to this account. The service account password is maintained and randomized by the JSS at regular intervals. SSH will be turned on and access will be restricted to the service account.
- For OS X 10.7 and later, a Mobile Device Management (MDM) profile will be installed. This profile allows Jamf Pro administrators to remotely configure settings on the Mac. Basic security settings will be set at enrollment to ensure compliance with UNL policies. Please see UNL Security Policies for more information.
- For the full list of software components that are installed by the Jamf Pro agent, please refer to Jamf's knowledge base article: Jamf Components Installed on a Managed Workstation.
What changes does Jamf Pro make to an iOS device?
- Jamf Pro installs the Self Service app on the home screen of your University-issued iOS device. Access to content such as apps, configurations, links, and other documentation is provided within Self Service.
- A Mobile Device Management (MDM) profile will be installed at enrollment. This profile allows IT Technicians to remotely configure settings. Basic security settings will be set at enrollment to ensure compliance with UCB policies. Please see UCB Security Policies for more information.
How will software be installed on my computer?
Most software installations will be initiated by clients through the Self Service application. Your IT support group may also push software as needed/requested. CU OIT will not distribute software unless requested to do so by the client or department IT staff.
Who has access to my computer?
Select members of your IT support group have the ability to manage your UCB-issued Apple device with Jamf Pro. OIT UCB Jamf Pro Administrators also have campus-wide access.
Will I still have Administrative access to my Mac?
There will be no automatic changes to the privileges of your user account by enrolling in Jamf Pro. Your IT support group will contact you if changes are to be made.
What policies are enforced?
At this time there are no policies that are automatically enforced system wide by UCB OIT. The distribution of policies is the responsibility of individual IT support groups. If you have any questions about what policies are enforced on your UCB-issued device, please contact your IT support group.
UCB OIT does provide a catalog of software, maintenance tasks, and other links in Self Service. The Self Service catalog may also be supplemented by your IT support group.
What if I have other questions?
For more information please contact the Jamf Pro Administrator for APPM, Dave Long