Jamf Pro blueprints: enhanced device management with DDM workflows

"For those of you thinking: 'I have heard about blueprints,' you have! But today, we’re introducing blueprints in a whole new way: powered by Declarative Device Management."

— Molly Moseley, VP of Product Strategy, speaking at JNUC 2024.

At Jamf, we’re always working to enhance the Apple device management experience. If you've used Apple Configurator or other MDM solutions, you’re probably familiar with the concept of blueprints.

Today, we’re introducing blueprints in a whole new way within Jamf Pro, powered by Declarative Device Management, or DDM. This future-ready approach empowers you to manage device settings, commands, app installations, and restrictions in a more efficient, autonomous and declarative way.

What is DDM?

DDM is an enhanced capability of Apple’s MDM protocol, designed to take device management to the next level. With DDM, devices can proactively apply management settings, autonomously report state changes, and communicate asynchronously with the MDM server. This marks a significant shift from the traditional command-and-response model to a more efficient, autonomous approach.

Here’s how it works:

• Proactive management: Devices now apply settings automatically without needing constant requests to the MDM.
• Autonomous reporting: Devices can report changes in state as they happen, without waiting for an admin to prompt them.
• Asynchronous communication: Devices and the MDM interact asynchronously, reducing the need for constant communication.
• Faster, more reliable updates: With reduced communication to the MDM, devices receive updates more quickly and reliably.

This enhanced approach ensures that devices remain in the desired state, reducing admin workload and increasing reliability.

Blueprints in Jamf Pro

By harnessing the power of DDM, blueprints simplify the management of Apple devices. Our goal is to give you full control over device settings, commands, app installations, and restrictions—while ensuring compliance and security. Whether you use one of our quick-start blueprints or create your own with our blueprint builder, this release enables you to:

• Simplify device management: Streamlined deployment and updates allow organizations to be more agile and respond faster to the evolving needs of a modern workplace.
• Enforce policies faster: Admins can easily harness the power and flexibility of DDM to enforce compliance requirements.
• Enhance device security and control: Admins have full control over device restrictions, ensuring only trusted tasks are running and trusted apps are used. This safeguards data management and transfer to protect against threats and vulnerabilities.

All while upholding Apple best practices in a simple, scalable way. It’s security and simplification, all in one.

Enhancing device management for IT admins

Included in this release are six quick-start templates to empower IT admins with a more responsive and efficient device management experience. We help simplify the administration of these workflows by allowing the admin to select a target group of computers and mobile devices for a specific deployment.

Let’s look at how they can help streamline management tasks and enhance security.

1. Passcode policy settings: Ensure faster compliance with security standards by using DDM to configure and enforce passcode requirements on all devices.
2. External and network disk management settings: This blueprint offers enhanced security and compliance with granular data control, enabling admins to prevent data loss and manage access to sensitive information.
3. Safari extensions management settings: These settings allow admins to control how and which Safari extensions are used to protect users from cyber threats when using their company-managed devices.
4. Service configuration files settings: This helps organizations maintain compliance by restricting an end user’s ability to change and access common system services —macOS config files such as Mac built-in services like ssh and Bash.
5. Background task management: Providing an easy way for organizations to deploy and control which background tasks may run, the background task blueprint offers added security by ensuring only trusted and approved tasks are active. This protects the system from potential threats and vulnerabilities.
6. Math settings: Math settings enable admins to configure settings for devices' built-in math calculator app. They can manage restrictions on deployed devices, including limiting access to Scientific Mode, Math Notes videos, and controlling features like the Math Notes Keyboard, Square Root, and Unit Conversion.

Create your own

IT admins can use our blueprint builder to configure settings for a number of components, define the scope, and deploy it to computers and mobile devices within the target group. This provides them with the flexibility to create customized workflows that meet the specific needs of their organization and team.

Important note to customers

Admins must have SSO with OIDC configured in Jamf Account to configure and deploy blueprints successfully.

This will not only offer a seamless and consistent login experience across supported products (Jamf Pro, Jamf Protect, Jamf Security Cloud, and Jamf Account), but will enable your organization to take advantage of current and future platform innovations.

>> Learn how to set up OIDC-based Single Sign-On.

Availability

• For current Jamf Pro customers, blueprints is available to Jamf Standard and Premium Cloud Customers only. It doesn’t include Premium Cloud Plus, RAMP customers or on-premises customers.
• The workflows support macOS, iOS and iPadOS devices.

What's next

With improved DDM support, Jamf Pro is evolving alongside Apple’s advancements in the DDM protocol, ensuring seamless integration and enhanced functionality.

Our goal is to provide IT admins with greater visibility into the deployment of workflows, allowing them to precisely track and manage processes. It enables the fast delivery of new DDM workflows, streamlining the rollout of device updates and configurations.

This combination of simplicity, flexibility, and speed makes Jamf Pro an even more powerful tool for organizations looking to maintain control and security across their device fleets.

Learn more

• Discover how to set up SSO with Jamf Account.
• Read SSO with Jamf Account FAQs.