Introducing App Discovery in Jamf for Mac and Jamf for Mobile

The key tenant of Zero Trust architecture is that users and devices are not trusted by default but must be continually verified to connect to organizational resources. Jamf’s Zero Trust Network Access solution – available with Jamf for Mac and Jamf for Mobile – helps network and security teams implement this tenant. It makes sure that only authorized users on managed devices can access work apps and data. If a user or a device’s risk is deemed too high, access is restricted.

We are pleased to announce an update on how Jamf admins can manage and scale individual application access policies. An access policy defines the apps your users can access via Jamf 's Zero Trust Network Access and the rules by which those apps are both accessible and restricted.

Available today, App Discovery enhances how admins identify unmanaged apps and domains to ensure comprehensive access policies. It uses machine learning to group domains together that should be part of the same policy.

By analyzing device data traffic and providing a detailed list of apps being accessed (on managed devices) and the domains associated with those apps, it provides admins an easy way to analyze application usage – all in one place. If an app gains or wanes in use, admins can easily update or create a new access policy, without having to check individual app usage reports or policies

There are several data points you can view for each app and domain.

For each app:

• Review the number of devices accessing the application's domains
• The number of unique domains within the application
• The number of visits across all application domains, and
• The most recent activity for the application

For each domain, you can

• See usage data
• If covered by an existing access policy, the name of the policy

What does the workflow look like?

Under Policies > Access > App Discovery, you will see device groups. You can add domains to an existing policy or create a new policy.

You can modify the policy as necessary, like defining hostname used to access servers and data, choosing device groups that can access the app, set security settings (as seen below), and how devices should route their traffic.

Once that is complete, you review and save your changes.

App Discovery is designed to help admins easily scale how access policies are implemented for apps and domains. It helps identify those apps and domains and quickly apply those policies.

If you want to learn how to implement this new capability in your environment, reach out to your Jamf representative or contact us here.