Jamf Connect feature: Limit Application Access for Unmanaged Devices

Strengthening mobile security is critical. Especially for unmanaged devices that lack the management, identity and security controls of managed endpoints. In this blog, learn how Jamf Connect’s newest feature adds a layer of security to protect against unauthorized access and data breaches.

April 8 2024 by

Aaron Webb

Close-up of a Do Not Enter sign

In today's modern workplace, the use of mobile devices has become ubiquitous, offering employees flexibility and convenience in accessing company apps and resources. Whether an organization provides corporate-owned devices or implements a formal Bring Your Own Device (BYOD) policy allowing users to utilize their personal devices for work, the choice often rests with the individual. However, despite the robust security measures typically in place for PCs, laptops and corporate-owned mobile endpoints, there remains a critical gap in security when mobile devices operate outside the organization's security framework.

Minding the gap

To address this challenge, Jamf Connect has introduced an innovative feature called Limit Application Access for Unmanaged Devices. This feature allows organizations to prevent devices that are not managed by their Unified Endpoint Management (UEM) solution from accessing enterprise and SaaS applications. When enabled, only devices that are actively enrolled in the connected UEM/MDM, and have synced within the last 72 hours, will be granted access.

It is essential to understand the role of Mobile Device Management (MDM) or Unified Endpoint Management (UEM) solutions in modern IT security and the fact that they provide centralized control over devices. Management allows administrators to enforce security policies, deploy software updates and remotely manage devices.

Over 50% of devices accessing corporate resources are unmanaged.” — Anand Oswal, Palo Alto Networks

However, when a device is unmanaged—that is, not enrolled in the organization's device management solution—it becomes a potential entry point for security breaches. Unmanaged devices pose significant security risks, often found to be lacking essential security features such as:

  • volume encryption
  • passcode requirements
  • app allow listing
  • misconfigured settings
  • unpatched vulnerabilities

This makes unmanaged devices more susceptible to malware and phishing attacks, among other modern security threats. In fact, Anand Oswal, SVP, Palo Alto Networks recently found that a staggering “90% of successful malware attacks come from unmanaged devices.” Additionally, because of a lack of visibility into endpoint health, unmanaged devices used for work access sensitive corporate data without proper authorization, leading to data leaks and compliance violations.

A modern solution to an age-old problem

By leveraging Limit Application Access for Unmanaged Devices in Jamf Connect, organizations mitigate risk while maintaining better control over their environment. By enforcing access restrictions based on device management state, organizations ensure that only authorized and properly managed devices have access to sensitive applications and business resources. This proactive approach prevents unauthorized access, strengthening the overall security posture.

Setting up Limit Application Access for Unmanaged Devices

To enable this feature in Jamf Security Cloud, follow these simple steps:

  1. Navigate to Policies: Go to Policies in the Jamf Security Cloud dashboard.
  2. Access Policy: Select Access Policy from the options provided.
  3. Create New App Policy: Click on New App Policy to create a new policy for the desired application.
  4. Security Settings: When configuring the security settings for the new app policy, administrators will have the option to enable Device Management State-Based Access Control.

Looking for more detailed guidance?

Conclusion

This addition to Jamf Connect represents a significant advancement in access control technology, providing organizations with the tools they need to secure their digital environment effectively. By implementing security measures that encompass all mobile devices — regardless of ownership model — organizations ensure that protections extend holistically across their infrastructure. Also, enhancing it by incorporating a defense-in-depth strategy that fortifies their security posture and mitigates risks associated with mobile device use cases.

As the threat landscape continues evolving, solutions like Jamf Connect play a crucial role in safeguarding sensitive information and helping organizations on their compliance path.

Jamf Connect plays a crucial role in safeguarding sensitive information and helping organizations on their compliance path.