Partner Spotlight: Advisory Solutions

Advisory Solutions and Jamf help creative organizations succeed with Google Workspace

With its ever-expanding suite of productivity and security tools, Google Workspace is occupying a larger percentage of the IT ecosystem for many companies. According to a recent study by IDC, many organizations they interviewed “linked significant operational efficiencies across their organizations to deeper collaboration, ease of information sharing, and enhanced productivity tools.”

Advisory Solutions, a Jamf Managed Service Provider with a nationwide reach, has discovered that their creative- and collaboration-focused organizations thrive with Google Workspace on Apple hardware. Their extensive experience with both Google Workspace and Apple has made them a trusted source for companies building a cloud-first system. Partnering with Jamf in enabling companies to design, deploy, and support Apple IT strategy made perfect sense.

What is the Jamf MSP Partner Program?

The Jamf Managed Services Provider Partner Program (MSP) helps organizations succeed with IT deployment —no matter the scope— by handling their day-to-day management and security needs. Those that join want to enhance organization infrastructure for the benefit of their clients. They receive Jamf sales training and technical enablement including Support, field marketing resources and lead generation events, and much more.

>> Discover more about the Jamf MSP Partner Program in this overview.

What technology has Advisory Solutions used to support growing agencies?

Advisory Solutions allows creatives to stay focused on creativity. And we've found Apple and Google Workspace to be an excellent way to do just that.

To help ensure that every Mac, iPhone, and iPad is managed, secure and ready to be put to work, Advisory uses the following tools:

• Jamf Pro
• Jamf Connect
• Jamf Protect
• Google Workspace
• Chrome Browser Cloud Management

Madhive

Madhive develops innovative solutions that brands and publishers use to measure customer intent data while integrating with secure blockchain technology. Madhive has been a Google Workspace customer since its inception in 2015. They use Google Meet hardware and integrate resources into their NYC office.

In 2021, Madhive engaged Advisory Solutions to perform a full-scale audit of its systems, security and overall IT strategy. During the audit, Advisory identified several issues around Mobile Device Management (MDM) that needed immediate remediation.

What Madhive needed

Madhive faced a few challenges: their MDM was no longer robust enough for their needs; they wanted to establish a standardized, true zero-touch experience for their hybrid workforce; and as a SaaS company, it was vital for them to ensure adherence to SOC2 requirements for patching, security and compliance consistency across all devices.

How Advisory Solutions and Jamf helped

Using all of the major components of the Google Workspace ecosystem, Advisory helped manage employee onboarding/offboarding via automation out of Google Forms— using OU-based permissions for simpler permissions and Chrome Browser Cloud management.

Advisory Solutions was also able to build out a true zero-touch platform using Jamf Pro, introducing consistency in the onboarding process. In addition, we built out security baselines that adhered to Madhive's SOC2 required standards and enhanced them using CIS benchmarks. Madhive also moved from their previous and less comprehensive endpoint security system to Jamf Protect: the gold standard in Apple endpoint security.

Results

In addition to streamlining device and user onboarding that will support their growing business, Madhive was able to reach compliance for all of their devices within 45 days through policy enforcement and config profiles that mandated encryption.

Looking ahead

As Jamf and Advisory continue to support Madhive, the next iteration of the security buildout will introduce Okta and Jamf Connect integration for "just in time" user account provisioning. This will also enable centralized password management across their entire hardware and software ecosystem.

Blavity

Global, Los Angeles-based Blavity Inc. offers advertising solutions to premium multicultural publishers and creators. The world’s leading enterprise for premium content and a network for youth, Black culture and technology, Blavity distributes original content and offers networking opportunities to young multicultural audiences. This helps clients reach the fastest-growing and most influential consumer segments around: Millennials and Generation Z.

In 2020, Blavity engaged Advisory to help drive security and automation in their fleet.

What Blavity needed

Blavity knew they needed an MDM system, but had no idea which one. Employees, due to COVID, were increasingly being hired around the country instead of solely in the Los Angeles area. It was incredibly important to them to have a centralized way of managing assets, particularly from an HR perspective.

Blavity required:

• A centralized solution for fleet management and security standardization
• Standardized documentation to simplify employee onboarding
• Centralized ownership assignment of assets with locations easily visible in the hostname
• Real-time updates of this information enabling HR to easily identify which asset belonged to which employee
• Standardized endpoint security with a tool that could integrate into a more robust security framework

How Advisory Solutions and Jamf helped

Together, Jamf and Advisory Solutions created an Apple Business Manager account for Blavity and linked that to their newly-created Jamf Pro instance. This allowed them to continue their swift growth using zero-touch provisioning. Using DEPNotify, the partners smoothed intake and automated data collection, creating a better onboarding process for new hires and IT.

With Jamf’s API pulling intake information into both Google Sheets and for inventory management as well as Advisory’s asset management system Wizarrd, Jamf and Advisory offered real-time inventory updating. We were also able to provide select HR staff members with the ability to remote lock machines when they were lost or not returned with MDM commands.

Looking ahead

Because of its integration with Red Canary for log aggregation across the ecosystem, we chose Jamf Protect as the endpoint protection solution for Blavity's Macs. RedCanary will be rolled out as part of the larger focus on security this year.

Wondersauce

Wondersauce has been a client of Advisory since 2017. During the last six years, we have explored several different MDM implementations, iterated a forward-looking IT strategy and worked closely with the People Operations team and leadership to simplify on- and off-boarding.

Wondersauce has always been a Mac-forward company, but when their contract was nearing completion with their previous MDM, we had an opportunity to look at a more enterprise-based solution to meet the needs of their ever-growing clientele.

What Wondersauce needed

While they have long been a Google Workspace company, Wondersauce had relied on a third-party file-sharing platform in addition to Google Drive. This created parallel cloud file-sharing structures representing security risks and operational inefficiencies for Wondersauce.

Wondersauce needed to:

• Migrate from a mid-tier MDM solution to one that offered API-based customizations
• Centrally manage devices no matter where employees were in the world
• Enforce VPN for computers in specific geographical zones
• Introduce a more automated and simplified approach to OS update testing cycles
• Ensure no personal Apple IDs were in use
• Implement a standardized patching solution across the entire fleet to introduce enforcement
• Allow for integration of Jamf into their parent company’s MDM (Intune) without sacrificing a Mac focus for management

How Advisory Solutions and Jamf helped

To increase compliance and replicate the system Wondersauce was used to, Advisory used Team Drives in Google Workspace to simplify their user experience and increase adoption. Advisory then extended the Google Workspace ecosystem by introducing Chrome Browser Management using Jamf’s automated and secure deployment capabilities that require no action from end users. This ensured that every Wondersauce computer user worldwide had a consistent, secure, and compliant experience. With Jamf’s help, we were able to, alongside an organization-wide refresh:

• Migrate all machines over to the new system seamlessly
• All for dynamic addition users to smart groups, ensuring always-on VPN for IP allow-listing using extension attributes and user input
• Use a Python script in Jamf’s Self Service to allow users to opt into OS beta tests which would then update their membership in a Smart Group
• Ensure that no personal Apple IDs were in use on company machines and help users sign out of active accounts with extension attributes

Results

This increased adoption of patching by over 50% and has now allowed Advisory to ensure that the highest data retention standards are in place throughout Wondersauce's fleet.

Looking ahead

While still in beta, the next phase of our use of Jamf Pro will be the AAD integration of Jamf Pro-enrolled machines.

Splash

As a platform that allows companies to manage sophisticated event programs, Splash focuses closely on PII and security.

Splash had an urgent need to seamlessly transition IT assets from a Jamf instance they didn’t own into their own instance. Once transitioned, the assets needed to be properly managed to ensure compliance with SOC2 requirements.

What Splash needed

• A script-based approach to un-enroll and re-enroll devices with the least amount of interruption to employees
• To migrate users into department-specific configurations
• A way to link their global offices into a single Jamf instance
• To maintain patching and security compliance across all fleets around the world
• Security protection and integration with their identity provider

How Advisory Solutions and Jamf helped

Using Jamf’s Self Service app, users seamlessly transitioned from one Jamf Pro instance to another without the need for lengthy downtime through erases and installs. The partners also used pre-stage enrollment to segment machines by their department. This allowed for a much more customized user-deployment experience.

They also connected multiple ABM accounts into the Jamf Pro instance to ensure that machines purchased in Europe and the United States all flowed into a single source of truth. And they maintained browser patching and security through Jamf’s Chrome Browser Management integration.

Looking ahead

Jamf will become integral in the next stage of our maintenance to help seamlessly uninstall their previous identity provider from the machines in favor of Jamf Connect and Okta— which will roll out by the end of Q1.