The University Medical Center Utrecht (UMC Utrecht) is one of the largest academic health care centers in the Netherlands, with over 1,100 beds and more than 11,000 employees. UMC Utrecht is comprised of the academic hospital, the faculty of medicine and the Wilhelmina Children’s hospital.
From research to remote work: prioritizing security in healthcare
University Medical Center Utrecht
Utrecht, Netherlands
Together with national and international partners, UMC Utrecht invests in innovation and research to keep the care provided at the highest level, and to work towards a healthy society in the future.
Doctors, researchers and medical students all share the need for reliable technology with safe and secure connection to sensitive resources and productivity tools. As device choice programs increase demand for Apple devices, IT teams are expected to learn how to manage them.
From the introduction of Mac in the research area to the pandemic demand for work from home solutions, UMC Utrecht’s IT team has managed Apple technology successfully with Jamf.
As medical teams choose Apple, IT turns to Jamf
The three focus points for the use and management of technology at UMC Utrecht are patient care, research and education.
Research was the first area to introduce macOS into their technology environment. As new research projects required the purchase of new equipment and were given their choice of device, UMC Utrecht researchers chose Mac.
This meant the IT team supporting the research department not only had to become knowledgeable about Mac hardware and software, but also needed to learn how to effectively manage multiple Apple devices.
Henk Codfried, IT Senior Systems Manager, was tasked with researching how to manage Mac in a modern way. “We quickly came to the conclusion that it can be done with Jamf,” said Codfried, who began Apple device management by using Casper Suite 8 (now known as Jamf Pro) nine years ago. “We managed research computers for more than five years that way.”
As individuals from other areas introduced Mac into their environment, IT leaders looked to Codfried and his small team of four for device management. Over time their Mac fleet grew to 400 across different departments and end users, like researchers, doctors and nurses, academics and medical students.
Remote work pivot: Upscaling Mac deployments
The COVID-19 global pandemic escalated the need for IT device management to support end users efficacy, while still meeting security and privacy requirements, with the new challenge of a dispersed network and workforce. Codfried’s team was initially tasked with managing a pilot with 1,000 MacBook users.
Prior to this pandemic, the IT team had already been tasked with expanding their device management capabilities. Because of the UMC Utrecht security requirements, their current solution involves both a robust on-prem environment, and the implementation of appropriate memcache and web app servers to smoothly handle server loads and traffic.
Over the course of the past two years and the rapid need for said expansion, the demand for Mac devices within the institution’s fleet has been phenomenal. Now that new employees are offered their choice of device, Codfried notes, “We see most are picking Apple devices.” And with an Apple Enterprise Management solution, the growth in device count has not resulted in additional IT support and staff needs. “We do all the IT management between me and my colleague Thijs van Vught” says Codfried. “You don’t need a whole IT team to manage their needs.”
Empowering users by simplifying and securing work
Over the years the IT team has both improved their security posture and simplified their user experiences with Jamf.
While Jamf Pro automates device deployment and device and app management, the addition of Jamf Connect assists in user authentication and identity management to securely connect users to organizational resources. Users can simply sign in and get to work.
With the addition of Jamf Protect — endpoint protection built exclusively for Macs — protects again macOS malware, detects and remediates Mac-specific threats, which is important to Codfried. But the help doesn't stop with the software solutions. Jamf’s blog posts about security have been immensely helpful to their security posture and knowledge base. “I like knowing that Jamf Protect does what it needs to do. They write about what works for Jamf Protect, and do the research about macOS malware. It’s easy for us to get an overview of what’s happening.”
Jamf Protect features he’s found especially useful include the ability to build a custom prevent list in threat prevention, and the beta feature USB media type enforcement. “People that have the need to work with USB types of media, we are going to supply them with a specific allowed USB stick, and it can control which vendor it’s allowed to get read and write access in macOS. For me that’s going to be a big feature that we use.”
And most recently, UMC Utrecht has adopted Jamf Private Access, in another pilot program. “Because we are having a lot of people working from home, we needed a secure way to make sure that people get to the business applications and resources they needed.”
People are loving it. They love how they can close the lid, open the lid and get connected back on the network and be productive. And that’s the main thing, being productive.
UMC Utrecht’s experience with using Jamf solutions to manage Apple devices has been positive for both the IT team and end users.
“The main compliments that we get from users is the amount of flexibility they get, and the feeling that they own the device, that they bond with the device,” explains Codfried. “Because basically, they get a sealed box with a Mac, they can unseal it and open it and start the onboarding process. And after that they are on their own.” As for IT’s experience, “I must say, we don’t get many help desk tickets. And most tickets are easy peasy, lemon squeezy stuff.”
Jamf provided a quick and easy onboarding and gives a carefree IT experience
The reason Jamf management solutions for Apple devices work so well is obvious to Codfried. “I like the way Jamf thinks. It’s an Apple-focused organization and I know that I’m really getting taken care of. When a new macOS version comes out, I’m 100% certain that my products or my environment or the Mac devices that I control are taken care of.”
Jamf trainings support expert management
From the time they began using Casper Suite, Codfried has prioritized complete education for the IT team. Admins were certified in the Jamf device management training courses Jamf 100 to Jamf 400.
“The one rule that we made is that you only get complete, full access to the Jamf Pro instance if you’ve got all the qualifications.” As in passing every one of the Jamf Pro certification courses, from Jamf 100 to Jamf 400.
“In order to get access to Jamf Pro you have to know what you’re doing. Passing your exam means that you are eligible to control computers,” explained Codfried. “You don’t want someone that didn’t do much training to mess up your whole environment, and then have to go hey, what did he do?”
With each new version of Jamf Pro released, all four team members sign on for training and recertification. The same goes for Apple updates. “Education is number one for us. When Apple comes with the new macOS version we go to the trainings and get the knowhow in how to manage macOS.”
The commitment to become expert at device management with Jamf has paid off, with both IT time for deployment and managements slashed, and user experience improved.
“The deployment for us, now it’s just 20 minutes if you have a good internet connection,” says Thijs Van Vught, ICT Infrastructure Specialist at the UMC. “First login also doesn’t need to be on-site.” Martijn Cabout, Product Owner DWO Management confirmed that "Jamf provided a quick and easy onboarding and gives a carefree IT experience.”
For end users, “It’s saving them time to work with Jamf. It’s just opening your laptop, logging in, and your work can progress,” says Van Vught. “For persons to work at home, this was the perfect package to deploy in the COVID time. Just deploy your device at home, and go to work.”
Future plans
As UMC Utrecht’s partnership with Jamf has grown to include more products, the IT team continues to explore new usage prospects.
“We hope to do iOS management and Apple tvOS management soon,” revealed Codfried. While they are managing a few devices now, the plan is to see this support expand. There are also exploratory projects for iOS in the hands of clinicians and for patients.
Based on past experience, the possibilities are endless, and destined for continued success.
The stability and user-friendliness of my workspace at home has been tremendously important during Covid. I have been very happy with the MacBook friendliness, and stability and have hardly needed any support, which made me happy and very productive.
