Jamf Blog
April 28, 2022 by Jesus Vigo

Zero touch deployment: as easy as ABC

There’s a simplicity and ease to Apple device deployment that admins have embraced, known as Zero Touch Deployment. It’s a game changer to be certain and our host, Chris Reynolds breaks down what it is, how it works and what you need in order to get started deploying hardware and software the easy way.

What is Zero Touch?

First, let’s get a small misconception out of the way. Zero Touch Deployment does not mean “any touch” or “no touch”, for that matter. Devices — whether new in box or from existing stock — still and will always require reconfiguration to some degree.

However, the purpose of Zero Touch is to delineate that, with the proper setup, IT can develop an onboarding workflow that allows them to shift the burden of manually setting up each device to the end-user themselves, managing the process each step of the way through automation.

The end result? New devices are provisioned quickly, efficiently and the same way each time. End-user’s get their devices faster and are empowered by being able to setup their devices as they see fit — but within the purview of IT and security policies. And best of all? The process is completely granular, allowing IT to modify it as needed so that user’s in say, the Marketing department get exactly the software they need, while members of the Finance department get the apps that are important to them without compromise or provisioning additional software that isn’t required.

Components necessary for Zero Touch

As Chris explains in the video, there are a few components required for Zero Touch to be a reality. Luckily, organizations already have many of these components and many of them are free and just require initial configuration to get going.

That’s it! The first two can be obtained from Apple, while the third requires an MDM solution, like Jamf Pro, in order to manage the devices once they are enrolled and in the hands of end-users.

Now, there is some minor configuration that will be required to get the ASM/ABM and Jamf Pro accounts to communicate, as well as some default settings that should be configured, especially if the ultimate aim for your organization is to automate as much as of deployment process as possible. Chris does a stellar job of providing this information as well as some suggestions for getting started with a strong, Zero Touch foundation.

Benefits to Zero Touch vs Legacy Deployment

Now, any admin that has to ever deploy computers like laptops, for example, to a remote team using legacy deployment methods will know exactly how taxing, time consuming and well, error-prone the process could be.

Most of the time, admins would utilize monolithic, or thick-imaging, to create one giant, general purpose image with all the settings, software, configurations — everything needed by anyone that would use the laptop — in an effort to not miss anything important and make sure everyone was accounted for.

While it sounds great in theory, and it could be at times, in practice the process could be affected negatively by any number of variables, resulting in a complete waste of time. One that led to manually wiping all devices again and starting again from step one.

Thankfully, these days are behind us as Apple admins and the shining light that is Zero Touch illuminates those once dark times. For starters, Zero Touch is modular, meaning that if any point fails in the chain, simply restarting from that point is all that’s necessary to move forward. Plus, given this modularity, when workflows need to change, such as when upgrading to a newer version of macOS, it’s usually as easy as downloading the latest version of the installer — the rest remains the same and the deployment should continue to work as intended.

Another benefit to keeping everything separate is that each device gets a cleanly installed version of macOS each time. Settings, configurations and applications are added during their respective phase in the Zero Touch workflow. Speaking of apps, when it’s their turn to be installed, the cloud-based nature of the deployment strategy favors only the latest versions of apps, such as those found on the Mac App Store, so there’s little to no reason to worry about keeping legacy versions of applications handy or creating awkward upgrade processes that install newer versions over a chain of older versions that could potentially break functionality. All that is a thing of the past!

Centralized device management & automation

Finally, centralizing device management is the core function that keeps Zero Touch operating beautifully — from the initial pre-stage phase to enrolling the device in MDM, provisioning it with the settings, configurations and applications required by the user it is assigned to, to on-going maintenance by IT staff, including maintaining the device’s security posture with first and third-party patches and updates, policies to ensure device’s remain compliant and inventory is up to date.

Through helpful management functionality, like Smart Groups and Self Service, both aid in establishing automated workflows, empowering end-user’s to stay productive with access to resources anywhere and at any time. On the administrative side, IT can rest assured that automation helps them to not only work smarter, not harder, but keeps devices, users and data safe throughout the device’s lifecycle.

Read more BETT Apple at School content:

Discover how Jamf can help your organization succeed with Apple!

Watch the entire presentation now.

Photo of Jesus Vigo
Jesus Vigo
Jamf
Jesus is a Copywriter, Security focused on expanding the knowledge base of IT, Security Admins - generally anyone with an interest in securing their Apple devices - with Apple Enterprise Management and the Jamf solutions that will aid them in hardening the devices in the Apple ecosystem.
Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.