Docker needed to do what many enterprises struggle with: deliver enterprise-grade security and audit readiness while preserving the Apple experience employees expect. With a lean IT team and no central office, they had to figure out how to scale without breaking what was already working.
Starting from a Living Room
Docker is the world's leading developer productivity platform, used by millions of developers to build and ship software faster. When new employees, known internally as 'Dockhands,' join the company, they overwhelmingly choose Apple. MacBooks are selected five times more frequently than PCs, across every function from engineering and AI to finance and leadership.
In 2022, Docker formed its first dedicated IT team. The realities of supporting that 95% Apple fleet across a remote-first, global workforce hit immediately.
There was no central depot. No on-site staff. Before the IT team was built out, a single team member, Senior Systems Administrator Shawn Shakir, was manually configuring devices at his home and shipping them to new hires around the world. The endpoint management tool in place at the time couldn't support zero-touch deployment and offered limited visibility into inventory and device ownership.
"I often say we were operating at the very edge of the capabilities of our tools," said Jeffrey Strauss, Director of IT and Workplace Operations at Docker. "That can sometimes be good, but when the tools can't support growth, it's time to evaluate them."
The problems were concrete: manual deployments eating tens of hours each month, gaps in governance and reporting that made audit preparation stressful and no sustainable path to scale without burning out the team.
Choosing Jamf
Strauss is a former Jamf employee, and he's upfront about it. But that history didn't give Jamf a free pass.
"We still went through full vendor due diligence," he said. "Jamf was included not only as the industry leader, but also because of my personal experience, especially around the customer relationship Jamf maintains. Their support is excellent. The community surrounding the product is excellent. When those strengths are built on a strong technical foundation, it's hard to beat."
Other tools could solve pieces of the problem. But none could cover deployment, compliance and automation at Docker's scale without adding overhead. Three capabilities proved decisive:
- Zero-touch deployment. Jamf's pre-enrollment integration with Apple Business Manager let Docker move from manual configuration to automated, drop-ship deployment. Devices now go directly from Docker's value-added reseller to employees anywhere in the world, ready to use out of the box. The tens of hours Shakir had been spending each month on manual setup were effectively eliminated.
- Compliance and reporting. Jamf gave Docker reliable inventory records from day one: how many machines were in the fleet, who had them and the ability to report on any of it individually or in aggregate. That visibility had been a gap the team couldn't close with the previous tool.
- Automation and flexibility. From custom configurations and script deployment to dynamic grouping and targeted policies, Jamf enabled Docker's IT team to automate nearly every endpoint operation in ways tailored to their specific workflows.
- Integration and extensibility. Jamf's open architecture and deep integration capabilities meant Docker could connect device management data with other platforms in its stack, including asset lifecycle tools like Oomnitza, without building custom workarounds.
- Identity and access. Jamf's integration with Okta streamlined access management across Docker's environment. "Jamf's connectivity and integration capabilities have significantly streamlined MDM administration at Docker," said Dan Schultz, Systems Administrator Team Lead. "Both the Jamf administrative console and the Self Service portal are integrated with Okta for SSO, ensuring secure and efficient access management."
The Switch
Switching endpoint management tools across a distributed, remote workforce is the kind of project that can go sideways. Docker's team, Shakir alongside administrators Dan Schultz and Fiona McShane, worked closely with Jamf engineers to design, test and execute the rollout.
The goal was to make the transition silent to end users, and they largely achieved it. "Short of one or two edge cases, it was completely seamless and invisible," Strauss said.
What stood out to him wasn't just the technical execution. "Our greatest vendor partnerships exist when our problems become their problems. Jamf exemplifies this ethos. They were with us every step of the way, responsive to all our needs and helped us cross the finish line."
What Changed
Before Jamf, Docker's IT team was spending its time just keeping up. After, they were finally able to get ahead.
Audits became manageable. Docker manages Mac, Windows and Linux devices, but macOS became the easiest platform to support during SOC 2 audits.
"Of all our platforms, we have the easiest time during SOC 2 audits with our Mac fleet, and that's because of the robustness and reliability of Jamf," Strauss said. "It's actually much more challenging porting those capabilities to our Windows and Linux tools, because they often lack what Jamf provides natively. We find ourselves working with AI coding tools to help us port code or figure out clever workarounds for capabilities that are built right into Jamf."
When Docker's security partners make a request, the answer has always been yes. "We haven't had to tell them, 'Sorry, we can't do that,' yet."
The audit story also improved when Docker adopted Oomnitza alongside Jamf to connect device data with broader asset lifecycle intelligence. "We felt like Goldilocks," Strauss said. "Some solutions were far too robust. Some weren't robust enough. Oomnitza was just right." By feeding Jamf's inventory data into Oomnitza's reporting and visualization layer, the team turned SOC 2 preparation from one of the most stressful times of the year into something Strauss describes as "really easy." The integration also gave other teams self-service access to logistics, inventory and compliance data, removing IT as a bottleneck for operational questions.
Jamf's integration with Okta also became critical to Docker's ability to scale. "The ability to use Okta LDAP in Jamf Pro has unlocked numerous capabilities for us," said Strauss. "By eliminating the need to maintain separate LDAP servers, we can map attributes directly from Okta into Jamf Pro. This gives us comprehensive device and user information at our fingertips and enables the flexibility to segment our fleet as needed to support business growth. Before leveraging this Jamf + Okta integration, scaling was a challenge, but with their powers combined, we haven't experienced one scaling challenge yet."
The reduction in administrative overhead has been tremendous, and we often find ourselves asking why other tools can't be as robust and reliable as Jamf.
What It Meant
The team stayed intact. In an industry where IT burnout and turnover are persistent problems, Docker's record stands out. Every member of Docker IT who was part of the original team, save for the newest hires, is still there nearly four years later.
"The most meaningful metric for me, as the leader of my teams, is the reduction in workload, real or perceived," Strauss said. "We're a lean team by design, and one of the ways we stay lean without burning out is by amplifying our impact: streamlining, automating and being able to trust our workflows. Jamf and Oomnitza make that possible."
The onboarding experience became a point of pride. For Strauss, device management was never just an operational problem. It was an experience design problem.
"When you open that meticulously crafted box that reads 'Designed by Apple in California' on the bottom, you know the experience is going to be fresh and exciting. When people choose an Apple device at Docker, we want the experience to be Designed by Docker IT, with the unboxing experience carried through to the onboarding experience."
Asked to sum up Jamf's value in a single sentence, Strauss couldn't quite manage it:
"With Jamf, anything you can do sitting directly in front of a computer, you can do remotely, at scale, anywhere, at any time and you can report on any of it individually or in aggregate. Isn't having you in front of every machine in your fleet valuable?" He paused. "Sorry, that's two sentences."
We couldn't perform to the level we're known for, build the reservoir of goodwill we've built, or remain sane without Jamf and Oomnitza.