Between two Jamfs: A conversation about Jamf Pro best practices

For the purposes of this discussion, they split their recommendations into two broad categories: those relating to Jamf Pro’s core components and those relating to maintaining best practices in the future. They structure this discussion around four core areas of Jamf Pro: management, organization, deployment and settings; and four governance topics for long-term success: documentation and data, maintenance and cleanup, change management and the toolbox for admins.

Best practice for Jamf Pro core components

1. Management: Since policies and profiles do the heavy lifting in Jamf Pro, they constitute a great place to start examining your current workflows. Tyrrell and Kausalik-Whittle talk about how to name your policies, how many you’ll need per app, where to store credentials and how to organize your policies into categories. They also discuss how long it takes to make your profiles and give advice on naming, describing, scoping and signing profiles.
2. Organization: The next topic to look at is how a Jamf Pro instance is organized, which includes examining the composition of smart and static groups, advanced searches and categories. The presenters recommend using positive rather than negative values to define groups, as well as using groups for scoping, not reporting. (Advanced searches are better suited to the latter need.) They also explore naming conventions for policies, scripts, packages, extension attributes and groups.
3. Deployment: Tyrrell and Kausalik-Whittle focus on creating a deployment process that is clean and minimalist, especially for the profiles and policies that are scoped to all computers. With automated enrollment for required software and additional offerings easily accessible with Jamf Self Service, you can keep the enrollment process simple and avoid confusing your users.
4. Settings: Delving into Jamf Pro settings allows Tyrrell and Kausalik-Whittle to provide some especially relevant tips. They cover user access, password installation, using Jamf Cloud instead of self-hosting, Self Service branding and global management settings. They also recommend adding renewal dates and account information to a wiki or other information repository so that admins can actually take vacations and enjoy them.

Governance topics for long-term success

1. Documentation and data: Tyrrell and Kausalik-Whittle discuss what you should document, where you should store both team and customer-facing documentation, screenshots and text formatting for readability and accessibility features. For data, they focus on the Jamf Pro dashboard and how you can optimize it for your use, plus explore other options for data aggregation.
2. Maintenance and cleanup: Here the presenters examine cleaning up your Jamf Pro server with attention paid to determining cleanup frequency, removal criteria and checking for deprecated features. They recommend the Spruce command-line tool to aid in server cleanup.
3. Change management: Tyrrell and Kausalik-Whittle break down best practices for this area, including creating policies and extension attributes in a disabled state and only enabling them after they are approved. They recommend approvals for profile deployments and adding change approval notes to description fields, as well as using automation for scripts and extension attribute uploads.
4. Toolbox: If you need help finding tools, the presenters advise starting with what’s on the Jamf Marketplace. Spruce, git2jss, The MUT, PatchBot and Nudge are just a few of the available options that can help to streamline your workflows. And don’t forget to look to the Mac admins community as a whole, especially on Slack, and our own highly active users on Jamf Nation!