Achieving zero-touch automation with Jamf and BetterCloud

Over the last year we’ve seen many companies undergoing tremendous and seemingly continual change. From hyper-growth to contraction, to mergers or acquisitions, the only constant is the need for IT to guide companies through these critical events. IT teams will need to become more agile and efficient in order to scale to meet the needs of an evolving organization.

Automation has long been recognized as a way of streamlining IT operations. This is where Jamf and BetterCloud naturally complement each other, and many customers are leveraging these two critical platforms together to automate their user lifecycle management processes for maximum operational efficiency. Let’s take a closer look at what automation looks like with BetterCloud and Jamf.

First, a quick overview of each Jamf action in BetterCloud

We’ll dive into some use cases for Jamf later in this post. But first, let’s review each Jamf action available in BetterCloud.

• Add user to user group: This action adds a user to a group in Jamf Cloud.

• Create admin: IT can use this action to create an administrator in Jamf Cloud.

• Delete admin: This action removes an administrator in Jamf Cloud.

• Delete user: This is fairly straightforward, but this action removes a user from Jamf Cloud.

• Lock device: In the event that a user leaves the company or loses a device, IT can use this action to lock the device.

• Remove user from all groups: Here, you can remove a user from all groups in Jamf.

• Remove user from group: This action enables IT to remove a user from a single Jamf Cloud group.

• Unlock user account: Here’s another straightforward action. This enables IT to unlock a user account remotely.

• Unmanage device: When an offboarding process is complete, this action removes a device from Jamf Cloud management.

As you might have guessed, this is a pretty comprehensive glossary of terms. But can IT use the actions above in existing BetterCloud workflows? And can you create standalone workflows for Jamf tasks? The answers to both of these questions? Yes, of course.

Automatically lock a device during the offboarding process

For departing employees, the process is pretty simple: turn in your laptop, load up your pictures and plants into a cardboard box and walk out — unless you’re working remotely and you get to leave the pictures and plants alone. For IT, however, the process is far from simple. From locking and wiping the laptop, to removing access to SaaS apps and sensitive company data, there are numerous, manual steps that have to occur both quickly and accurately.

Fortunately, BetterCloud enables IT to automate much of this work. In the screenshot below, you’ll see one example of how we might build a workflow to do the heavy lifting.

Here, we’ve done a few things. First, the IT administrator in this example has created a Google Workspace Group for all Mac users. The workflow above is triggered whenever a user is removed from that group, at which point the following steps occur:

• The user’s device is locked using a passcode set by IT

• The IT admin receives an email 14 days later to confirm if he or she has received the deactivated user’s laptop

• If the IT admin has received the laptop, he or she can put the machine back into rotation by clicking YES

Pretty simple, right? There are actually two ways you could apply these actions in a workflow.

Some IT administrators simply add each Jamf action above directly into their master offboarding workflows. But remember: the example workflow kicks off whenever a user is removed from the Mac Users group in Google Workspace. You can daisy-chain this to a master offboarding workflow by adding the “if” statement “Google Group is Mac Users.”

Automatically lock lost or stolen devices

Automating the management of lost or stolen devices is pretty similar to our offboarding example in the previous section of this post. You’ll notice that the main difference here is that we’ve created a group for Lost/Stolen Devices.

Additionally, take a look at how many more manual tasks this workflow handles on behalf of IT.

Here’s a short breakdown of what’s happening in the screenshots above.

• The BetterCloud workflow tells Jamf to lock the user’s device and reset the passcode.

• The workflow sends an email to the user, the user’s manager and the security team. This note confirms that IT is aware of the lost or stolen device and provides additional information regarding the next steps.

• After two days, the workflow removes the user from the Lost/Stolen Devices group in Google Workspace.

• After 23 additional days, the workflow triggers an email to the administrator to confirm whether or not he or she has received the lost device. If not, the administrator can kick off a remote device wipe by clicking “YES.”

I don’t need to tell you that’s a lot of time saved. In addition to the actions in Jamf that this workflow handles, it’s easy to forget that emails can be really annoying to write manually, especially when IT needs to cover important details regarding loaner laptops and remote device wipes. This workflow enables IT to write the email just once and add dynamic fields so that each note is personalized.

Additionally, the final step of this workflow reduces the risk that any lost or stolen device falls off of IT’s radar. Rather than requiring an admin to check on these devices manually, the workflow sends an email to confirm whether or not it’s time to wipe the lost device and remove it from Jamf management. Are these easy tasks? Yes. Are these easy tasks to forget to do without a workflow? Also yes.

Final thoughts

As companies continue to experience transformative disruption in an ever-changing economy, it’s more critical than ever for IT to automate device management. Long gone are the days when IT could wait around for folks to notify them about departing employees or lost devices. The combination of BetterCloud workflows and Jamf not only reduces the manual work related to user lifecycle and device management, but also makes it easier for IT to provide a more secure and seamless end-user experience.