Kicking off Jamf’s European Jamf Nation Live tour in London
As last year, Jamf began Jamf Nation Live in the beautiful Great Gallery at Tobacco Dock in London this June 9. CEO Dean Hager delivered the keynote to an enthusiastic full house. We’ve broken down the keynote for you below.
Keynote: A fond farewell from Jamf CEO Dean Hager
But first, a few words about Jamf and the future of enterprise technology.
After Jamf CEO Dean Hager welcomed Jamf Nation and thanked everyone who made the day possible, he had to say goodbye.
“I don’t know if you’ve heard,” said Hager, “but I recently announced my retirement as Jamf’s CEO this upcoming September.” Hager will remain on Jamf’s board of directors, but will hand off CEO responsibilities to Jamf’s president and Dean’s business partner for the past eight years, John Strosahl.
“That means this trip is my last Jamf Nation Live event — which of course makes me very reflective of my time here at Jamf,” said Hager
As a matter of fact, London was where Hager attended his first Jamf Nation event outside of the US.
Jamf looks very different than it did back then.
During Hager’s first trip to Europe as Jamf’s CEO in 2015, Jamf had approximately 400 employees: fewer than 20 of them located in Europe.
What Jamf looks like today
- Jamf has more than 800 employees in Europe alone, with several thousand more located across the globe.
- Jamf serves over 72,000 customers around 95% of which joined us after Hager’s 2015 trip.
- Amazingly, over 40% of all Jamf customers are located in EMEIA.
- Jamf’s offerings have increased substantially, both through Jamf-developed innovation and acquisitions. Jamf has acquired a total of nine companies; six of them were founded outside of the United States.
- Most significantly, Jamf simplifies work for people around the world: managing and securing more than 30 million Apple devices at work and in school that are used by approximately 50 million people.
This illustrates a transformation at Jamf, but also across the entire market. And it would not have been possible without Jamf Nation.
Growth of Jamf Nation
“Jamf Nation” refers to the community of enterprise and education Apple experts and enthusiasts that has existed organically for more than 20 years. In 2011, Jamf Nation came together online on a community website.
More than a website, more than a group of customers, over the years Jamf Nation has been the source of some of the most valuable Apple enterprise solutions today.
“I have said it many times,” said Hager, “but I believe Jamf Nation is the tightest community in all of high tech. You are the very best part of Jamf.”
Importance of JNUC
At JNUC, Jamf leaders have an opportunity to not only reveal new features and improvements, but also to hear from Jamf Nation. This helps Jamf define the direction of our products. Some of our greatest innovations have come directly out of JNUC discussions.
- A single JNUC conversation in 2017 led to the release of Jamf Connect
- A 2018 JNUC roundtable discussions about the gap between how many employees wanted Mac and how many had Mac led to our launch of Jamf Protect.
- These JNUC discussions led to the unveiling of Jamf’s current strategy: to manage and secure Apple at Work.
“At JNUC in San Diego a few months ago,” said Hager, “we explained it this way. We believe the goal of IT and InfoSec teams fundamentally comes down to two things:”
- Providing people technology that they LOVE — because it makes their job so much simpler; while
- enabling organizations to provide enterprise access to work resources in a manner where every user, device, and application is TRUSTED.
(1) Loved technology. (2) Trusted access. All of the product advancements we announced at JNUC was designed with these two goals in mind.
New features and increased capabilities for Jamf
If you missed JNUC or our Jamf Event last April, Jamf announced advancements such as:
- Support for Apple’s Declarative Device Management
- Additional App Installers with significant user-experience improvements
- Safe Internet for schools — including support for Chromebook and — coming soon — Microsoft Windows
- New on-device filtering controls specifically for Apple
- Advanced endpoint protection and network threat prevention
- Jamf Connect with Zero Trust Network Access (ZTNA) capabilities
- New capability to use our Jamf Trust app to provision digital employee badges in Apple Wallet
Jamf + Apple
To achieve our mission, Hager said, “we must innovate at the pace of Apple.”
Why is Jamf so obsessed with Apple?
- Our purpose is to simplify work. Apple is the best, consumer-simple technology to achieve this purpose.
- Over the past 15 years, Apple’s growth in the enterprise has been nothing short of amazing. We believe within the next decade, the enterprise will be dominated not by Microsoft Windows, but by Apple devices.
But that doesn’t mean we partner only with Apple.
Jamf + partners
Jamf works closely with a number of partners in addition to Apple. In fact last JNUC, for the first time, executives from Apple, Microsoft, Amazon, Google and Okta all spoke from the same stage about their partnerships with Jamf. That’s how Jamf became the only solution provider in the world integrated with the zero trust frameworks of all three of the world’s largest cloud providers.
Jamf has more than a dozen integrations with Microsoft technology. Our device inventory mirrors to Microsoft Endpoint Manager; Microsoft Azure AD is the leading identity provider for Jamf customers. We log our security data to Microsoft Sentinel, and Microsoft Device Compliance uses Jamf inventory to determine whether a device can access Azure resources.
Jamf Cloud runs on AWS, obviously. But in the past year, we have expanded and deepened that relationship. For instance, AWS Verified Access integrates with Jamf to determine which Macs can access applications in the AWS Cloud. We are the only Mac solution provider working with AWS Verified Access, and the only company in the world capable of managing virtual EC2 Mac instances.
Our collaboration with Google is also deepening. As both Amazon and Microsoft do, Google checks with Jamf for both macOS and iOS device compliance before allowing access to Google cloud resources, through Google BeyondCorp.
We also partner to support Google Chrome Cloud Management, enabling Google’s vision for secure and private browsing. Jamf partners with the Google Identity team, and as I mentioned earlier, we now support Google Chromebook devices with our Safe Internet solution.
Okta and Jamf have a reciprocal relationship; Jamf is an Okta customer, and Okta is a Jamf customer. This means that when we collaborate, we are able to test new capabilities out on ourselves first.
For instance, last April Okta and Jamf announced that we were offering the very first combination of identity provider and device management provider to support Apple’s new Platform SSO and Enrollment SSO frameworks — which significantly improves enrollment and user experience for Jamf and Okta customers.
Person + purpose
“I believe there are fundamentally two reasons for deploying devices in an organization,” Hager said. “The first is to put a new device into the hands of a person for their personal productivity. That’s the reason most of us carry a Mac or an iPhone — to be more productive in our jobs.”
Mac + mobile
There has been a profound movement in the industry. Five to 10 years ago, organizations separated their strategies and solutions into two distinct groups: computer and mobile. But that is changing.
Perhaps iPhone and Android look similar. They don’t behave similarly. And nobody at work carries both.
But people do carry both a Mac and an iPhone.
When we talk about personal productivity, we are almost always talking about two devices: a computer and a phone.
In the words of Tim Cook: “[Apple tries] really hard to design [their] products in such a way that they work seamlessly together... So that you can start work on one device and finish on another.”
— Tim Cook, CEO of Apple
Apple takes the same approach with their management and security frameworks.
For instance, all of these frameworks have one thing in common:
- Apple Business Manager
- Automated enrollment
- User enrollment
- The App Store
- Volume purchasing
- SSO extensions
- Apple’s security framework
- Declarative management
They are all designed to be common across Apple devices — but not across Android or Windows.
Jamf’s management and security strategy
When it comes to management and security within an organization, Jamf believes the strategy shouldn’t be to consider computers or phones, but rather the platform being deployed, and the platform’s maker.
To create common work experiences across all devices in the Apple platform, Jamf offers:
- Jamf Self Service for workers to get the applications and tools they need, when they need them
- Jamf Trust to provide users confidence that their Apple devices is secure.
We create similar enrollment experiences across Apple devices:
- Uniquely-supported automated device enrollment for corporate-owned devices
- User enrollment for Bring Your Own Device (BYOD)
- Customized, organization-created enrollment screens for all Apple devices based on Jamf’s integration with cloud identity providers across Apple devices.
Collaboration with Apple and Jamf
At WWDC23, Apple announced some truly spectacular new functionalities and advancements, including those in Declarative Device Management, Managed Apple IDs, and device attestation.
“There is so much to talk about that is brand new from Apple,” said Hager. “But ultimately, I think it comes down to three things: converging management, identity and security; expanding the enterprise capabilities of Apple devices like tvOS and watchOS; and transforming management to the Apple way, which is different from both Android and Windows.” Apple, he went on to explain, offers a more distributed and device-centric management, which improves both security and privacy.
“You’ve experienced the power of Apple,” said Hager. “Collaborating together — sharing files, content, and ideas across Apple devices — is simply different than any other device type.”
Apple explains that’s because of the powerful integration between hardware, OS, apps and services.
We at Jamf believe this integration should extend to the workplace with a management and security system that is built specifically for Apple.
There is another reason to deploy Apple tech beyond putting a new device into the hands of an individual for their personal productivity, continued Hager. “Have you ever seen a point-of-sale iPad in a retail store? Of course you have. In this case, the iPad is not assigned to a person. The iPad has a specific industry purpose.”
These devices are almost never Mac. Devices that have a purpose are often iPhones, but even more often: iPads.
There are two types of purpose-related deployments:
- When the device is assigned a specific individual
- When the device is shared amongst several people
Purpose-related deployments in education
For educators, this entire concept was modeled after what we are doing in schools with 1:1 and with shared iPads. The purpose of these devices is to teach and learn. Education is the industry where Jamf learned the nuances of these unique workflows, which we have extended to other industries.
Jamf’s deskless solutions
“Let me give you a few examples of how devices are deployed for a purpose not only in education,” said Hager, “but across nearly all industries.”
Transportation: iPad in the air
This deskless workflow involves iPads assigned to pilots as their electronic flight bag — a development that is transforming the industry.
As pilots are using iPads for their work, and are away from home for such long periods of time, its natural for them to also want to use the iPad for entertainment. However, airlines don’t want to incur the cost of pilots streaming entertainment via cellular data. More importantly, connected to Wi-Fi or not, airlines and their customers definitely don’t want pilots streaming entertainment while in the cockpit.
Retail: to every thing there is a purpose
While you likely haven’t had a chance to witness iPads in space, you almost certainly have seen them in retail: shared iPads used for point-of-sale, loyalty systems and kiosks.
Jamf has customers like Ritual Cosmetics who run over 700 stores entirely on Apple mobile devices, without any IT support in the stores.
Each device has a unique purpose and needs to power up directly out of the shrink wrap, already configured specifically for that purpose. With Jamf, the technology needed to open a remote store has never been so simple.
Healthcare: complex systems need simple solutions
In healthcare, there are so many deskless workflows.
- Hospital patients are assigned iPads at their bedside to use for entertainment and as a portal for working with their care providers.
- Care providers use iPhones for clinical communications. This is an extremely complex workflow where the iPhone must be handed off from one care provider to another between shifts.
The complexity of a workflow that offers a personalized experience on a shared device is extremely difficult. But Jamf has built unique solutions specifically for this purpose, and even more specifically for healthcare.
The big news coming out of WWDC was the announcement of Vision Pro, Apple’s new augmented reality goggles. They create a more immersive experience with content and data while still allowing the user to engage with the people around them.
“This product is perfect for healthcare,” said Hager. “The care provider, instead of looking away at a screen, can still be looking directly at and engaged with the patient. And can you imagine how these augmented ultrasound images might alert midwives or physicians to things that the naked eye might have missed?”
“I believe the Vision Pro is not only the future of work, but also the future of Jamf’s deskless solutions,” continued Hager.
Beyond Mac + Mobile
As of this week, Apple now has five manageable operating systems. The first four: macOS, iOS, iPadOS, tvOS, Jamf has supported for a long time. In fact, in addition to our other capabilities with Mac and mobile devices, Jamf manages hundreds of thousands of Apple TVs used for classrooms, conference rooms, hotel rooms and digital signage.
Apple is taking tvOS further into the enterprise with new video conferencing capabilities and and coming support for tools like WebEx and Zoom. They plan VPN support to enable trusted, secure viewing of work content from your home TV.
+ Apple Watch
And finally, after begging for it for years, Apple admins and developers can depend on MDM and VPN support for Apple Watch. This broadens the Apple platform and expands to so many deskless use cases.
+ Vision Pro
“While its not available yet, and probably won’t support MDM immediately, mark my words,” said Hager. “The Apple Vision Pro will be a manageable device in the future. And we will help Apple use it to redefine the future of work.”
“As someone who has two huge displays on my desk,” continued Hager, “I can’t wait to have nearly unlimited virtual space to put my work while freeing up physical space in my office. And as someone who travels a lot, I can’t wait to sit comfortably on a plane doing work without a computer taking up room on my lap or on my tray.”
As exciting as all this is, this expanding set of new devices is only half the story.
Apple ID + Managed Apple ID
While it most certainly doesn’t come with the same fanfare, what Apple is doing with personal Apple IDs and Managed Apple IDs will redefine how we use both BYOD and corporate-owned devices.
More and more, no matter who owns the Apple device, employees use them in a way that blends personal and work lives. Apple is helping us draw a virtual line between the two with a personal Apple ID for your personal life and a Managed Apple ID for your work life.
Jamf is embracing Managed Apple IDs and has partnered with all major cloud identity providers to simplify federation, enrollment and usage workflows.
Trusted Device + Trusted Identity
“At the end of the day,” said Hager, “Jamf’s role is more than a device management or security company. Our job is to ensure that every Apple device and every single identity is trusted — whether the device is deployed to a person or for a purpose.”
And we must do it in a way that keeps the user experience consumer-simple and that protects privacy. We want employees and students to continue to love the technology they use.
We call this combination Trusted Access.
To explain this concept further, Michael Covington, Vice President of Portfolio Strategy at Jamf, joined Dean Hager on the stage.
“Every one of you is running your business — in some form or fashion — on Apple,” Michael Covington said.
And Apple, he continued, has moved on from being a fringe group of devices to appearing in the boardroom, on the road or in the classroom. Employees are doing more with Apple than ever before to enable real business applications, from workers who need to move seamlessly between devices to users who operate LoB applications on the front lines.
Apple as a target
In just the last year, we have seen a 25% increase in productivity tools being used on Jamf-managed devices. And as we do more on the Apple platform, it becomes more of a target.
Covington outlined what happened just in the first four months of 2023:
- The first viable ransomware attack targeting macOS
- Sophisticated cryptojacking malware that targets powerful Apple silicon chips
- Spyware that continues to evolve and target mobile workers around the globe
It’s time to harden the Apple platform and proactively take steps to protect the devices, the users that count on them every day and the growing set of applications that touch critical business data.
“It is no longer an option of whether to secure your Apple devices,” said Covington. “It’s simply a matter of getting on with it.”
Where to start?
With Trusted Access.
“Trusted Access,” said Covington, “sits in that place where management and security intersect.” It’s a way of talking about what your organization wants to achieve with technology, and it’s an outcome that intentionally breaks away from the product silos we have today to focus on today.
What is Trusted Access? Isn’t this just Zero Trust?
In a word: no. It’s more than that.
Many businesses have spent the last several years planning Zero Trust initiatives, but they ran into roadblocks when it moved from planning to execution. Many Zero Trust projects are stalled, or have even been canceled.
The culprit? It’s usually the mix of vendor solutions. “It looks good on paper,” said Covington, “but doesn’t translate well into a composite solution that you can actually implement with existing staffing.”
Jamf is here to fix that.
“We want to give you a framework where you can choose the components that make the most sense for you,” said Covington, “and rest assured that they’ll work together when you take them out of the box.”
Trusted Access is about ensuring that only:
- Authorized users
- On enrolled devices
- That are free of threats and meet the organization’s standards
Can access sensitive data and applications.
As your organizations embrace modern security concepts like Zero Trust, it’s critical to address the needs of users on these modern devices. Unfortunately, Apple devices have historically been left out of Zero Trust planning because many security vendors haven’t bothered to support them fully.
This means that the first challenge in solving the Trusted Access puzzle is often in establishing a trust relationship with the devices that seek access to sensitive data. Where many Zero Trust initiatives have failed to date is where they’ve forgotten about the device. Device enrollment is a critical step for any device, whether company-owned or BYOD; Mac or mobile.
Of course, none of us live in a world of just devices. Knowing the user has become increasingly important. Users need to access, customize and provision devices for individual, shared or task-based use.
And identity is the cornerstone of all Zero Trust strategies. So why has identity historically been absent from conversations about Apple devices?
Protecting endpoints and preventing threats
“Because it’s been complicated,” said Covington. “We want the technology to fade into the background, and for users to focus on tasks, not the IT process.” But we also want to ensure that every device/application/transaction has a user tied to it, so that you can enforce security policies. These should include secure provisioning, adhering to compliance baselines, auditing settings and resetting when things change.
“But we cannot stop with ‘compliant’ settings,” said Covington. “We must defend.”
Managing risk isn’t just about identifying and blocking malware. It’s also about ensuring your users are kept safe and your data protected.
Some threats — in fact, many threats — come from being connected to the Internet. We want to ensure that we are looking holistically at the capabilities required to actually protect and fully assess the devices used for work.
Zero Trust Network Access (ZTNA)
“So while many people assume that Zero Trust Network Access (ZTNA) is just an alternative to a VPN,” said Covington, “it is so much more than that.” It’s less about connectivity and more about policy that is made possible at this stage of the Trusted Access journey.
- A user on an unenrolled device should not be allowed to access your CRM.
- An unauthorized user on a company-issued device should not have access to your cloud storage.
- Even an authorized user on an enrolled device should not have sustained access to your data center if the device is infected with malware.
“But all of these scenarios are likely playing out in each of your organizations today,” said Covington. “And it’s because you have no central source of truth. No binding of services. No shared intelligence.”
Trusted Access was designed to put an end to all of this.
Automation and remedies
“When things go sideways,” added Covington, “— and they will go sideways — we don’t want to stop with a mere ‘block.’ We want to only get out of the way when the user is productive, close the loop, and bridge management and security with the implementation of more effective policies and the application of automation and remediation.”
That is Trusted Access.
If you desire to ensure that only authorized users, on enrolled devices, that are free of threats are able to access your sensitive business applications, then this is a framework you should be considering.
Don’t delay on implementing Trusted Access.
“If your organization has stalled with Zero Trust because it couldn’t figure out how to make it work, show them how it can be done!” said Covington. For Mac and iPhone/iPad. For those who use a desk or who are deskless. And combining management with security.
“You have access to all of the tools to do this today,” said Covington. “Use your modern devices as the proving ground that this can be accomplished. Let’s get on with it!”
Small sessions at Jamf Nation Live, London
After Michael Covington and Dean Hager thanked the crowd and ended the keynote, Jamf Nation split up into a variety of excellent small sessions.
After work, we play!
After all of the presentations, sessions and networking, Jamf Nation headed up to enjoy drinks, discussion and the spectacular views from Skylight: Tobacco Dock’s rooftop bar.
We had the privilege to repeat this amazing day across the rest of the region — in Germany, France and the Netherlands, with our incoming CEO-to-be, John Strosahl!
Here’s to everyone who attended, and we look forward to seeing many of you at JNUC in September!
Have market trends, Apple updates and Jamf news delivered directly to your inbox.