Apple Device Management
What benefits do I receive from Jamf Pro?
- Reliability: Your device will quickly receive software updates and patches with little to no interaction on your part.
- Time Efficiency: You will stay more productive as deployment and updating processes run in the background, freeing up more time for teaching and research.
- Flexibility: You can choose when and where to install new software or run maintenance on your device through Self Service.
- Security: IT Technicians will manage the security of your machine so you don’t have to. You can rest assured that software patches, antivirus protection, and firewalls are well maintained.
- Confidentiality: Your data and files will remain confidential; no personal data is scanned, indexed, or transmitted off your device. Jamf Pro servers also keep full audit logs of any actions performed by technicians.
- Compliance: Your device will always be in compliance with NC State standards for research or student data on University computers.
How does Jamf work?
Jamf Pro consists of a management server cluster, known as the JAMF Software Server (JSS), a small software utility known as an “agent” on enrolled macOS computers, and a Mobile Device Management (MDM) profile on enrolled macOS and iOS devices.
The agent on a macOS client checks in with the JSS at computer start up and every 60 minutes thereafter, consuming 2KB of network traffic, 4MB Real Memory, and 0.10% CPU. In addition, computer inventory is uploaded to the JSS once a day, causing less than 200KB of network traffic, 8MB Real Memory, and 3.74% CPU. On average the inventory process takes 30 seconds to complete.
An iOS client checks in with the JSS once a day, or on request by a Jamf Pro Technician.
All client/server communication is encrypted by a certificate pair configured when the agent/profile is installed.
What information does Jamf collect?
The UNC implementation of the Jamf Pro has been customized to collect only the data needed to support macOS computers and iOS devices. This information includes:
- Hardware Specifications
- Installed Applications & Usage
- Services Running
- Available Software Updates
- Local User Accounts and Login/Logout Timestamps
- Security Status (Firewall, SSH, etc)
- Connected Peripheral Devices
- Network Information
- System Configuration Settings
No personal information is collected, such as the contents or names of personal files (documents, email, etc) or any browsing history.
How is Jamf installed?
TCTS automatically enrolls all new devices that are purchased from Apple. Alternatively, a technician can install the agent manually, or send an email invitation link to have a user self-enroll their device.
How do I uninstall Jamf Pro from my device?
You may not remove Jamf Pro from macOS and iOS devices, as outlined in the NC State Endpoint Protection Standard.
Is my device enrolled in Jamf?
To find out if your NC State issued device is enrolled, look for the Self Service application, which is automatically installed when your device is enrolled. On macOS, Self Service is located in the Applications folder or on the Dock. On iOS, the Self Service app is located on the home screen. See below for examples:
What is Self Service?
The Self Service application is similar to the Apple App Store, but it provides customized content for University devices. This content includes access to software, printers, maintenance tasks, links, and other documentation. The Self Service app gives clients the flexibility of choosing what to install and when to install it.
The Self Service app is managed and maintained by TCTS. If you would like to see something added, please submit a request to firstname.lastname@example.org.
Can I connect to Self Service from off-campus?
Yes, Self Service will function when you are off of the NC State campus network. Depending on the speed of your network connection it may take longer for tasks to complete.
What changes does Jamf make to an NC State Mac?
- Jamf Pro installs the Self Service application in the Applications folder of a Mac. Content such as software, printers, maintenance tasks, links, and other documentation are provided within Self Service.
- A service account will be created on the Mac with administrative privileges to carry out tasks from the JSS. This account is hidden from the general user interface and no human knows the password to this account. The service account password is maintained and randomized by the JSS at regular intervals. SSH will be turned on and access will be restricted to the service account.
- A service account will also be created for TCTS technicians to utilize for repairs and troubleshooting.
- For OS X 10.7 and later, a Mobile Device Management (MDM) profile will be installed. This profile allows Jamf Pro administrators to remotely configure settings on the Mac. Basic security settings will be set at enrollment to ensure compliance with NC State standards. Please see NC State Endpoint Protection Standards and drafts for more information.
- For OS X 10.12 and later, required apps such as the Spirion Identity Finder, Privileges administrative app, and NoMAD account management system are also installed at enrollment.
- Common apps such as Chrome, Firefox, and macOS App Store apps are automatically kept up to date.
- macOS minor version updates are applied with user approval.
- End-of-life applications are removed with user approval.
- NC State unity credentials are synchronized with user approval.
What changes does Jamf make to an NC State iOS Device?
- Jamf Pro installs the Self Service app on the home screen of the University-issued iOS device. Access to content such as apps, configurations, links, and other documentation is provided within Self Service.
- A Mobile Device Management (MDM) profile will be installed at enrollment. This profile allows IT Technicians to remotely configure settings. Basic security settings will be set at enrollment to ensure compliance with NC State standards. Please see NC State Endpoint Protection Standards and drafts for more information.
How will software be installed on my computer?
Most software installations will be initiated by clients through the Self Service application. TCTS may also push software as needed and/or requested.
Who has access to NC State Macs?
All senior Mac Administrative IT staff in the Office of Information Technology have access to the Jamf Pro console for all of NC State. Only TCTS staff have direct access to your device. All logins of service accounts are audited and logged for review by senior IT staff. TCTS staff do not have access to your User Account or password information, and you should never share your credentials with anyone, including IT staff!
Will I still have Administrative access to NC State Macs?
Yes, you will have access to temporary administrative permissions, should the need arise. You can escalate yourself to a system administrator by executing the “Privileges” app installed upon enrollment. System settings that conflict with NC State standards cannot be changed, even with local administrative accounts for end users, or IT staff.
What if I have more questions?
For all technical questions, you can reach out to our team via email at email@example.com.