Jamf After Dark: Why we moved 1,900+ Apple devices back to Jamf
Travis County ITS Senior Systems Engineer Billy Roberts shares how his team uses Jamf to secure a CJIS-compliant hybrid device fleet — cutting app vetting time, blocking phishing threats and enforcing compliance.
Billy Roberts, Senior Systems Engineer at Travis County ITS, joins co-hosts Kat Garbis and Josh Thornton in this episode of Jamf After Dark. Roberts walks us through what it’s like to manage and secure a hybrid environment at a high-compliance government organization.
Inside Travis County's device fleet
Roberts works for Travis County, a county in Texas that includes the city of Austin and 1.4 million people. Their device fleet includes Mac, iPhone, iPad and Windows computers. Windows are by far the most common computer operating system, while mobile devices are exclusively Apple. User access differs on their mobile devices:
- 1700 iPhone devices are assigned to single users
- 149 iPad devices are assigned to single users
- 46 iPad devices live in a kiosk
- 136 shared iPad and iPhone devices
Roberts notes difficulty managing Android mobile devices, Travis County is required to conform to strict Criminal Justice Information System Standards (CJIS); Roberts found that they had insufficient control over Android devices.
Why Jamf instead of unified endpoint management?
Travis County used Jamf in 2019, but switched to a different device management software that was included free in other licenses. Roberts reports that this platform lagged behind Apple, so they weren’t able to take advantage of the latest Apple features. Additionally, software updates and device configuration changes were unreliable, causing disruptions during business hours.
These issues were untenable. They switched back to Jamf a few years later, starting with iPad and Mac, then iPhone.
“When Apple releases something, Jamf’s on top of it.”
How do you use Jamf?
Roberts currently uses Jamf Pro, Jamf Protect, Jamf Connect, Jamf Trust and Jamf Security Cloud. They originally used Jamf Trust and the Jamf Security Cloud for app scoring, but, as he notes, it does more than expected.
Travis County ITS has a separate security team. Roberts shares an interaction he had with this team that involved Jamf: After running a phishing email simulation, Security noticed that they had fewer users click on the links than normal. So they asked Roberts if Jamf could have affected this. Roberts noticed that if the email hit an iPhone inbox before a Windows laptop, Jamf would quarantine the email so that it would never reach the user. As a result, Security had to change their tactics and make the phishing emails more complex.
Roberts also uses Jamf to enforce access restrictions. Travis County is strict about software updates; devices that fall out of compliance lose access to certain resources, especially email. Jamf helps Travis County identify problems and troubleshoot issues.
The episode ends with a story about mobile app evaluation. Listen to find out how they cut their app vetting process from 45 days to a couple weeks!
Gain access to all the Jamf After Dark podcasts today!
