A holistic approach to security: zero-touch deployment

What is zero-touch deployment?

Zero-touch deployment is a simple concept: it’s a way for Mac admins and other IT professionals to equip and secure devices from one location rather than needing a manual setup for each device.

But it’s more than that. Zero-touch deployment isn’t just about a remote start-up of enrollment or configurations. It’s how a single administrator, using Mobile Device Management (MDM), can equip and secure dozens, hundreds, or even thousands of devices. And the admin doesn’t even need to be present when individual users want to get started-- that can happen at any time and in any place of the user’s choosing. A user simply unwraps the device sent directly to them, powers on, and begins their own enrollment process immediately.

MDM vendors with a feature such as Self Service: Jamf's customizable app catalog for users -- can offer employee empowerment and increased productivity, as well as increased security. Individual users can choose the apps they need from a vetted list, allowing them to get down to work safely with no IT involvement.

The practical use of this is obvious in nearly any context, particularly for global organizations with differing time zones, and for organizations hiring for many positions each month.

How does zero-touch deployment work in an Apple environment?

Any Mobile Device Management (MDM) provider offering zero-touch deployment to its customers needs to have a seamless integration with a few Apple programs:

• Apple Business Manager and Apple School Manager: these programs for businesses and schools work to enable zero-touch through automatic device enrollment. This recognizes the serial number of a device when it powers up for the first time and automatically enrolls it into your (MDM) server.
• Apps and Books: this allows organizations to purchase app licenses and ebooks in bulk and distribute them directly to individual users.
• Managed Apple ID: these IDs are unique to an organization and separate from personal Apple IDs. IT can associate Managed Apple IDs with the email address and phone numbers of specific individuals for the time the employee uses the device. App admins manage the services that a Managed Apple ID can access.

Is zero-touch deployment only for onboarding?

Zero-touch deployment is incredibly helpful for onboarding, but it is also absolutely essential for cloud security. It ensures the security of device deployments.

As organizations increasingly adopt remote and hybrid work structures, their cloud security has become more complex by necessity. Using zero-touch deployment to automate updates, patches, encryptions, user IDs and more removes the chance of user error. It pushes security updates and permissions, integrations with managed ID and access vendors and apps directly to an entire fleet as soon as it’s available.

There simply is no way to keep your organization devices secure without some form of automation, and automation just isn’t possible without zero-touch deployment.

How to choose an MDM that offers zero-touch deployment

As with all vendor choices, an organization needs to sit down with leadership and IT to understand exactly what management level they need for their unique situations.

But not all zero-touch deployment solutions are created equal: for instance, does the vendor incorporate BYOD devices under zero-touch deployment management such as Jamf Pro does?

Or will you need to create a patchwork of systems? Does your vendor offer same-day support as all of Jamf’s products do?

If you don’t have genuine same-day support and you’re not able to update all devices en masse -- company-owned or employee-owned, you are only as secure as your weakest connection, or as quickly as IT can get its hands on all devices used for work in an organization. This is dependent on staff availability, the responsiveness of all employees and how seamless your vendor can be.

Ensuring your MDM offers zero-touch deployment in all aspects of its service removes all of these complicating factors and helps Apple admins to breathe easier.

***

This post is one of a series on a holistic approach to security. See a roundup of all of the posts, or read one below:

• How Trusted Access can protect your organization's data
• Mobile Device Management (MDM): a basic building block for tighter security
• Threat prevention and remediation from Jamf
• Zero-Trust Network Access (ZTNA) addresses modern data security needs
• Automated application management keeps everyone more secure
• Modern endpoint protection can mitigate new security challenges
• How inventory management affects security
• How Self Service can mitigate risk from third-party apps
• How identity and access management can protect your users and your sensitive data
• How content filtering and safe internet can keep users —and your data— safer
• The importance of visibility in compliance and security