Enabling Zero-Touch IT in SaaS Management Platforms (SMPs) with Jamf

Remote work has evolved into “just work” for so many people. As a result, workdays have become nonlinear and the number of people working asynchronously has skyrocketed.

But IT admins still do a good portion of their jobs manually, especially when it comes to off-boarding departing employees. For starters, they get buried under endless digital piles of help desk tickets from frenetic managers looking to ensure their former teammates don’t leave with company-owned hardware. To complete those tickets, IT has to bounce between endless tabs to deprovision application access — and once that task is done — they often run virtual shipping departments out of their own homes to process computers returned to the company.

In a recent post, we talked about how our IT team has embraced a zero-touch IT mindset to deliver a best-in-class employee experience. One of the key components of their strategy includes automating device management during the off-boarding process — and Jamf has been a critical tool in our quest to create a zero-touch IT environment.

Let’s take a closer look at how we’ve optimized our off-boarding processes with Jamf.

Automated device locking and off-boarding with BetterCloud and Jamf

BetterCloud’s integration with Jamf enables us to remotely offboard departing employees from their computers more securely and thoroughly. During our JNUC 2022 presentation, you’ll be able to see one example of how we might build a workflow to handle all of the tasks related to locking a user’s laptop on their last day of work.

We can create a Google Workspace Group for all Mac users. This workflow runs whenever a user is removed from that group, at which point the following steps occur:

• The user’s device is locked via Jamf using a passcode set by IT
• The IT admin receives an email 14 days later to confirm if they have received the deactivated user’s laptop
• If the IT admin has received the laptop, they can put the machine back into rotation by selecting YES

While this example is a standalone workflow that runs whenever IT removes a user from the Mac Users group in Google Workspace, this can easily be daisy-chained to a holistic off-boarding workflow by adding the “if” statement “GoogleGroup is Mac Users.”

It’s not difficult to see how many manual tasks related to off-boarding that our integration with Jamf handles. Not only does this take a significant amount of work off IT’s plate, but it also gives everyone across our organization peace of mind that they’ll get the hardware they need in a timely manner. More importantly, the sensitive data stored on those devices will be secure, even if the computer is lost or stolen.