Skip to main content

Securing Apple with Jamf Pro

Protect data and ensure user privacy

Security and privacy concerns are real for organizations. With recent, highly visible security breaches and vulnerabilities, learning how to combat new exploits and potential threats, while still maintaining user privacy, are top priorities for IT leaders.

The resources below provide ways to protect company and user data so IT can mitigate risk and alleviate security concerns — without negatively impacting users.

See how Aquent meets their Apple device security needs and goals.

Apple native security

Put built-in tools to work.

Apple’s iOS and macOS operating systems are built on a secure UNIX foundation, known as one of the most secure platforms in the world. Each Apple operating system comes with built-in security components, including:

  • Hardware-based encryption
  • Native VPN protocols
  • The App Store ecosystem for trusted software
  • Native software patching utilities

You can use Jamf Pro to leverage these native tools and secure your Mac and iPad devices without adding complexity with extra components.

Vulnerabilities, such as Shellshock or Heartbleed, are going to happen. But with Jamf Pro's ability to quickly and easily package the patch from Apple, deploying the fix to users is seamless and noninvasive. You can then receive inventory reports to ensure all devices are updated and secured.

Encrypting Mac computers

Automate security settings on your device.

One way to mitigate risk is to encrypt client machines. To help with this, Apple offers an encryption tool called FileVault 2.

What is FileVault 2?
Built-in disk encryption for macOS that encrypts the entire drive using XTS-AES 128 encryption technology.

How does FileVault 2 work?
Creates a pre-boot login partition where the user enters their password and FileVault 2 decrypts the drive and it boots up normally.

How to turn FileVault 2 on?
In the System Preferences, under the Security & Privacy Panel.

With Jamf Pro, you can automate FileVault 2 settings for each device, ensuring they are encrypted — all without touching a device. And because this is a built-in Apple feature, you are not adding unnecessary components that slow down your users.

Protect data with passcodes

Safeguard personal and corporate information.

With many organizations housing sensitive corporate and private data on employees’ devices, one of the simplest ways to uphold security standards is to require passcodes. Jamf Pro gives you the ability to require a simple or complex password and require password rotation.

Compliance and security reporting

Reduce risk and streamline audits.   

With Mac and iOS devices out of compliance posing substantial risks for organizations, keeping devices in compliance is no longer an option. It’s a requirement.

Jamf Pro allows you to monitor the status of your security protocols using inventory data and lets you set policies to automatically correct lapses in security or notify IT of non-compliance. This can be especially crucial for organizations that must meet HIPAA security standards for Mac. 

You can also create custom security reports for your organization or use the built-in templates to generate reports to demonstrate compliance with security standards. This provides organizations the confidence needed to gladly hand over their compliance reports during an audit. 

The JSS allows us to simply click that button, set up a code, and lock that machine down. We don't have to worry about our data being obtained in any way, shape, or form. 

Chris Giordano

Support Engineer at Aquent

Secure your management tools and server

Remain current and run on a secure platform.

The Jamf Software Server (JSS) can run on macOS, Windows, or a Linux server. For security measures, the JSS can limit access to the server by restricting who can log in and provide granular control over what those who have access can see and do.

To simplify server setup, we offer customers the ability to host their JSS in the cloud. To see what’s included and how this benefits organizations, visit our JAMF Cloud page.

If you'd like assistance securing your JSS, contact the security experts on our Professional Services team. 

Integrate 3rd party tools

Add the security components you desire.

For a complete ecosystem of security, some organizations need to go beyond managing encryption and passcodes, and add a single sign-on or antivirus tool.

Jamf Pro allow you to take a wide range of third-party tools, such as CrashPlan or Sophos, and seamlessly integrate them with your infrastructure and with one another. Package and deploy these tools to users, instead of forcing individuals to download on their own without IT's support or knowledge. 

We engage with third-party consultants to go through a more thorough code-assisted penetration testing. JAMF also tests the security of its software against mock third-party hackers even before launching new software.

Jason Van Zanten

Jamf Information Security Lead

Jamf internal security

An IT staff just like yours.

Regardless the size of the organization, IT staffs are inherently similar. They need to secure devices, keep accurate inventory, and deploy the right software to the right devices.

So how do we do that at Jamf? Take a stroll through our internal security page to see our security overview and the five most common questions our employees have for IT.

Request your free 14-day trial.

Ready to try the Casper Suite?

With automated security settings, compliance reporting, and third-party integration, you can ensure your Mac and iOS devices are protected.

See for yourself.

Request trial