Mac endpoint telemetry with Jamf
Gain unprecedented visibility into macOS activity with our powerful Mac endpoint telemetry update.
The complexities of macOS visibility
Macs are essential to today’s workplace but keeping them secure and compliant often presents unique challenges. That’s where Jamf’s next-generation Mac endpoint telemetry comes in.
In this blog, we’ll explore how telemetry helps organizations gain critical visibility into macOS activity. This in turn assists organizations in meeting compliance standards, accelerating security investigations and improving IT operations – without adding complexity.
What is endpoint telemetry?
At its core, telemetry is the logging and collection of key activity on a device to create a detailed audit trail for Security and IT teams.
Put simply, it’s your record of what’s happening on each endpoint, helping you answer important questions like:
- Who accessed this computer, when and from where?
- What changes did they make to the system?
- What software did they run?
- Which processes were executed and with what privileges?
- What other systems did that computer connect to?
Think of it as a way to shine a light into every corner of your Mac fleet, ensuring nothing slips through the cracks.
Mac endpoint telemetry with Jamf
When it comes to endpoint visibility, not all solutions are created equal. Jamf telemetry is built specifically for macOS and backed by over 20 years of Apple expertise to help organizations collect and analyze system, user, application and network activity. It’s curated to provide meaningful, actionable insights – not just raw data.
Here’s how Jamf Mac telemetry makes a difference:
- Compliance audits: Track user logins, authentications and system changes to meet stringent logging mandates like HIPAA or NIS2.
- Investigations: Reconstruct timelines to quickly pinpoint what happened during an incident with confidence.
- Threat hunting: Detect stealthy attackers with visibility into rare events, anomalous behaviors and macOS-specific techniques.
- IT operations: Provide a seamless experience for your end users while you:
- Monitor app usage
- Uncover shadow IT
- Proactively resolve performance issues with app metrics and crash logs
Whether you’re managing compliance frameworks, investigating security incidents or streamlining IT workflows, Jamf provides the visibility and control you need without adding unnecessary complexity.
What’s new in telemetry?
Mac telemetry is widely available with Jamf for Mac.
Logging data to comply with the NIST 800-53
Jamf’s Mac telemetry capability represents a major leap forward for teams managing and securing Macs: it delivers accurate, reliable and actionable insights to meet your compliance, security and IT needs. It delivers dynamic insights to IT & security teams that are reported in real-time.
- It’s built on Apple’s Endpoint Security API, providing:
- New and enriched insights purpose-built for modern security needs, curated and enriched by Jamf
- A lightweight, high-performance design that minimizes system impact and preserves the end-user experience
- Tamper-resistant auditing to ensure logs are reliable and secure
- Actionable insights for real-world use
We listened carefully to your feedback and refined existing telemetry with:
- Improved process logging that enhances audits with complete traceability, parent-child relationships and contextualization at every step
- Expanded visibility into critical activities that help organizations gain richer insights into authentication events, local and remote access, user management and more
- Easy to set up configurations with new telemetry categories, granular exceptions and built-in optimizations to tune telemetry with your organization’s specific needs – reducing data overhead and analysis costs
Deeper insights
Uncover new risk with unprecedented visibility into macOS activity like:
- User behaviors for tracking events like privilege escalations, Sudo command execution, user substitutions and other critical actions
- Sensitive system operations including unmanaged configuration profile installs and third-party extension loading
- Enhanced Apple security telemetry: new insights into when users override Gatekeeper protections, a common attack vector on macOS
- Persistence mechanisms for detecting commonly abused persistence techniques like LaunchDaemons and LaunchAgents from background task management
- Network telemetry: new visibility into inbound and outbound network traffic, helping teams identify suspicious activity, like data exfiltration or unexpected communications from compromised systems
Seamless integration, faster value
We know onboarding new tools can feel daunting, so we’ve made it as easy as possible.
Enhanced SIEM add-ons for Splunk, Elastic, Google SecOps, Microsoft Sentinel and more, with integration tools to ensure quick adoption
Pre-configured optimizations by Jamf Threat Labs help you see value immediately while
comprehensive resources make onboarding straightforward – whether you’re an IT admin or a seasoned security pro.
Check out Jamf’s telemetry technical documentation for a list of real-world workflows using telemetry.
Example of Mac telemetry in Elastic
Already using telemetry with Jamf Protect?
Here's what you need to know.
If you’re among the many customers already using Jamf’s telemetry capability, visit our technical documentation to learn how to migrate. The new telemetry data model documentation provides detailed examples and object dictionaries to help you adapt your workflows with ease. (To access this content, log in to the Jamf Learning Hub with a valid Jamf Account.)
Here are some important details to help you plan your Mac telemetry implementation:
- Deployment modes: The Mac telemetry described in this blog are relevant for any deployment model – the full Jamf Protect agent or Offline Deployment Mode.
- SIEM Integrations: Add-ons for Splunk, Elastic, Google SecOps, Microsoft Sentinel, Sumo Logic, DataDog or an Amazon S3 bucket are all available today.
We value your feedback
We’re always listening to your feedback to shape the future of Jamf for Mac. Let us know how we can continue to improve and stay tuned for even more enhancements coming your way.
Get started with Jamf
For over 20 years, Jamf has been the leader in Apple-first management and security, helping organizations with an Apple-first platform to hunt threats, remediate incidents and achieve compliance. With this updated release, organizations can gain complete visibility into Mac endpoints by collecting and analyzing telemetry with Jamf.
Learn how Jamf can help you better collect and analyze telemetry today.