Jamf Blog
A chain-link fence with windows visible but out of focus behind it
January 23, 2023 by Tim Herr

Shore up security with advanced Mac management techniques

Learn about some of the ways that IT admins can use Jamf MDM to improve an organization’s security posture.

At Jamf, we believe that reliably securing Apple devices has to start with managing them effectively. Our e-book, “The Advanced Guide to Mac Management,” offers a variety of tools and workflows that admins can use with Jamf mobile device management (MDM) to strengthen an organization’s security posture. (If you haven’t already checked out “Mac Management for Beginners,” you might want to start there.) Here’s a quick run-through of some of the management practices covered in the e-book that can help you to ward off cyber threats.

Discover advanced Mac management tools

PKI certificates: These contain information for identifying devices and users, allowing for encrypted and secure communication within an organization. Admins can use a certificate authority (CA), such as Jamf Pro’s built-in CA or a third-party solution, to issue PKI certificates. They can also be used to immediately revoke access for users who no longer have authorization or devices that have fallen out of compliance.

Push certificates: You use these to establish trust between the Apple Push Notification service (APNs) and a third-party service such as your MDM solution. With push certificates, the Jamf Pro server can communicate with APNs to send push notifications and initiate remote actions like uninstalling an app.

Conditional Access: Jamf and Microsoft work together smoothly to let you set parameters for securing organizational data. With the Conditional Access feature, admins can gate access to email and popular Microsoft business applications like Word and Excel along with Jamf Pro. This works when you register organizational devices (managed by Jamf) with Microsoft Intune; Jamf provide macOS inventory data to Intune, which assesses device compliance and responds with a compliance report. Microsoft Azure Active Directory (AD) can then enforce access controls based on this information.

TeamViewer: This is a secure solution that allows a Jamf Pro administrator to set up a remote screen-sharing connection with an end user’s computer. TeamViewer makes it easy for admins to identify problems without relying solely on the end user’s description or requiring them to mail in the device. In addition to saving time and resources, this enables rapid and effective identification of security issues that can keep cyber threats from impacting the rest of the organization. To take advantage of this functionality, admins will need to add a TeamViewer integration configuration to the Jamf Pro instance.

Jamf API: The Jamf API connects the Jamf platform to third-party solutions, allowing organizations to extend it and integrate their solutions into a cohesive system for Mac management. The API’s token-based authentication scheme helps to harden devices’ security posture while they interface with third-party applications and integrations. And when you use Jamf Protect for Mac endpoint protection, enabling these integrations works to keep it functioning optimally as it detects and remediates threats.

Webhooks: These HTTP callbacks allow Mac admins to subscribe to specific events on a Jamf Pro instance, so they can receive notifications and build custom workflows around them. Webhooks are healthy for cybersecurity because admins can use them to keep apprised of real-time events and create generic payloads.

Distribution points: These are servers, either on-premises or cloud-based, that host files and can be used to distribute packages, scripts and in-house apps and books to computers. Jamf Pro is designed to support distribution points and even features its own cloud-based distribution point: Jamf Cloud Distribution Service (JCDS). Keeping your distribution points secure is critical, as they can act as targets for cyber threats.

Mass actions: Admins can use Jamf Pro to perform mass actions, such as sending remote commands or emailing users, to different groupings of computers: static groups, dynamically generated Smart Groups, search results or lists of license usage matches. Mass actions help to tighten security because they dramatically reduce the chance that a device will be inadvertently missed in actions that defend from cyberattacks.

That's not all there is to learn!

When you download the e-book, you can find more detailed information on all these topics, plus more content not covered here. Read it to find:

  • A workflow for requesting and using a token with Jamf API
  • How distribution points work with Jamf
  • Combining scripting, configuration profiles and disk encryption
  • All about extension attributes
  • App management tools and practices, including patch management and App Installers for apps not in the Mac App Store
  • Further resources about Jamf security solutions for Mac

Read the full e-book to learn more about advanced Mac management techniques.

Photo of Tim Herr
Tim Herr
Tim Herr, Copywriter.
Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.