Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
There will be a decline in corporate customers in the next 5 years due to Apple silicon, without good VM solutions for Windows applications. Everyone knows that in the corporate world we have programs that only work on Windows. And all of us "corporate customers demanding Macs" will have no choice but to go to a Windows machine when upgrading in order to effectively do our jobs when there is no intel alternative.

I'm dreading it.... at least I got a new top of the line 16" MacBook Pro in 2020 that should last me a good 4-5 years.
Off topic comment reply here, but I find this interesting. I agree with the high end MacBook Pro long term statement. Same for iMac, Mac Pros, etc that are high end enough, tons of power still, albeit at a precarious per watt performance. I’m extremely satisfied with a high end iMac 27" and it’s actually plenty quiet. But can’t imagine how amazing the ARM ones will be though.

Do you think though that there might be a slight possibility of these windows-only enterprises, apps, etc (or at least a subset of them), getting some sort of motivation and porting their stuff to make it work on M1 Macs?
Some of them might be impossible, granted. I’m not too familiar in general of what’s Windows only out there but for me personally the only reason I had Bootcamp was because of 3dsmax... now I access it via Parallels Desktop if it is for light enough 3D files. But heck, I’m forcing myself to open Blender whenever I can now.
 
  • Like
Reactions: Analog Kid
Yep! It's pretty cool. For instance, the latest Zoom update (either the app or the mechanism) broke Zoom audio for a lot of our teachers today, and it was asking them all for admin credentials, which they don't have. We got probably 10 tickets in an hour or so about it.

I was able to find a script on a Jamf forum that someone else had used a year ago to fix the same problem, test it on a machine or two in my office, then put it in Self Service with a forced restart, a pretty icon and called it Zoom Audio Fix. We directed them all to Self Service, and voilà! Problem fixed on ten machines remotely in under an hour.
Amazing. As a non IT related or knowledgeable guy here, nice to have a practical example of what can be done with this Jamf service being discussed.
Clears the perspective for me.
 
  • Like
Reactions: iObama
JAMF is amazing and definitely worth the acclaim!
At what point does Apple decide that JAMF has become too powerful, and therefore must be cut out of the equation?
That scenario won't happen. If it was likely to happen, it would've done so already. Apple is perfectly content to have JAMF take care of the things it tried (and failed) to do with modern (i.e. post-Snow Leopard Server) versions of macOS Server. Apple builds in Business Manager and School Manager (and the VPP and DEP programs therein for both) and then is perfectly content to let MDM providers like JAMF do the rest. It's a win-win for both companies.
 
  • Like
Reactions: IG88
That’s why they acquired Fleetsmith in late 2020. Get ready!

I'm nervous and excited! Nervous because I think some things are gonna be locked the **** down, and excited because I think some other things will be opened the **** up 😂. But definitely excited to see Apple jump into the arena here. I know at least around 2018 or so, they were using Jamf to manage their in-store fleet.

Amazing. As a non IT related or knowledgeable guy here, nice to have a practical example of what can be done with this Jamf service being discussed.
Clears the perspective for me.

Awesome!! I'm glad to hear it. It's funny, it is pretty magical. If I can get my non-techie friends to sit still long enough to listen a little about it (😂), they're usually pretty amazed by what it can do as well. It does the above, plus a billion other things.

Managing Jamf is easily my favorite part of my job. But it wasn't plug and play by any means... took about a year and a half to get everything perfected. THEN magic ;)
 
We've got a few hundred Macs at work that we'll probably have to get rid of because Jamf can't work behind our firewall. We're required to block possible data exfiltration technologies like iCloud and iTunes, and Apple has a nasty habit of wiring those servers together with the Software Update servers. Also Apple's firmware updates (like for the T2) try to make direct connections to hardwired, undocumented Apple URLs that we can't set up whitelist rules for at the firewall.

And on top of that there's the PITA of the App Store, which has no concept of a company account or group licensing besides five-person "families". Not that Windows is much better (WSL is fun to install offline), but most of our stuff isn't in the Microsoft Store. And Adobe requires the creation of a custom installer for each serial number on an open-Internet machine, which then has to be vetted (somehow) and brought across the gap.

We tried to make Jamf work. A couple of their devs came down to work with us for two weeks. No go.

So IT has decided it's just easier to migrate everyone to Windows and RHEL because they have proper Enterprise support that doesn't require direct Internet access for everything.

It's really frustrating. We've had mostly Macs since the 80s. Lots of folks hating to see them go, getting stuck with Dell XPS boxes when they need Mac Pros.

(The big bosses have been pushing NIST SP800.171 and DoD CMMC on us for over a year now.)
 
Jamf is super easy to get past. A couple years ago I was IT in my school and I had no problem getting around it on my issued machine lol
 
That’s why they acquired Fleetsmith in late 2020. Get ready!
No. It’s not about Jamf becoming ”too powerful”. Apple acquired Fleetsmith because they wanted the people at Fleetsmith, and because they feel the need to have a first party SaaS-based management solution to make it easier to sell Apple hardware into small firms. Currently for Apple to sell their own hardware they have to also sell the customer on a third party management solution (made all the more difficult if that third party is a company called ”Jamf” that few people have ever heard of), so this addresses that barrier.
 
I don't allow it on any of my personal devices. My employer has to supply me with the equipment (and cell plan) if they want to get access to it.
That is the point of Jamf's MDM products - they are enterprise management tools for managing enterprise devices.

Although Apple have now added a "User Enrollment" option which allows organisations to help their staff with BYOD better by restricting access to personal data while allowing the distribution of volume-purchased and in-house software and configurations which ease the setup of network, corporate email etc. for the user. This doesn't even collect the serial number of the device.

It's funny how everyone here is talking only about the "control" element of MDM rather than the convenience element. We use Jamf largely to distribute, configure and update software to Apple devices to make life easier and more secure for our users. There is no enforcement, and yet 2500 users see the benefit of this service...
 
  • Like
Reactions: iObama
We've got a few hundred Macs at work that we'll probably have to get rid of because Jamf can't work behind our firewall. We're required to block possible data exfiltration technologies like iCloud and iTunes, and Apple has a nasty habit of wiring those servers together with the Software Update servers. Also Apple's firmware updates (like for the T2) try to make direct connections to hardwired, undocumented Apple URLs that we can't set up whitelist rules for at the firewall.

And on top of that there's the PITA of the App Store, which has no concept of a company account or group licensing besides five-person "families". Not that Windows is much better (WSL is fun to install offline), but most of our stuff isn't in the Microsoft Store. And Adobe requires the creation of a custom installer for each serial number on an open-Internet machine, which then has to be vetted (somehow) and brought across the gap.

We tried to make Jamf work. A couple of their devs came down to work with us for two weeks. No go.

So IT has decided it's just easier to migrate everyone to Windows and RHEL because they have proper Enterprise support that doesn't require direct Internet access for everything.

It's really frustrating. We've had mostly Macs since the 80s. Lots of folks hating to see them go, getting stuck with Dell XPS boxes when they need Mac Pros.

(The big bosses have been pushing NIST SP800.171 and DoD CMMC on us for over a year now.)
Yes, there is a lot of truth to this, although the issue isn’t that Jamf can’t work behind the firewall, it’s that Apple’s MDM architecture has requirements that conflict with established network security practices for many large enterprises, especially regulated enterprises. And I agree it has almost certainly been a constraint for Apple’s enterprise adoption.

That said, the situation has been getting better, with better documentation, and more of the data flows being proxy-friendly. And through having the right kind of security and risk discussion, an increasing number of enterprises - including regulated enterprises and I believe even the DoD themselves - have become comfortable enough with the risks of doing it to accept them.
 
What are some competitors to Jamf? Are there iOS management solutions for the home/family? What is the extent to the monitoring capabilities of these services? I can see these services being useful outside of enterprise and in the home for example especially with large families.
 
Off topic comment reply here, but I find this interesting. I agree with the high end MacBook Pro long term statement. Same for iMac, Mac Pros, etc that are high end enough, tons of power still, albeit at a precarious per watt performance. I’m extremely satisfied with a high end iMac 27" and it’s actually plenty quiet. But can’t imagine how amazing the ARM ones will be though.

Do you think though that there might be a slight possibility of these windows-only enterprises, apps, etc (or at least a subset of them), getting some sort of motivation and porting their stuff to make it work on M1 Macs?
Some of them might be impossible, granted. I’m not too familiar in general of what’s Windows only out there but for me personally the only reason I had Bootcamp was because of 3dsmax... now I access it via Parallels Desktop if it is for light enough 3D files. But heck, I’m forcing myself to open Blender whenever I can now.
Yes, I think it will be very interesting to see how this plays out, especially when Apple releases the higher-end models based on Apple Silicon. The performance advantages versus Windows or Linux on Intel may be compelling enough for some enterprise workloads to get ported over.
 
  • Like
Reactions: amartinez1660
Jamf? Never heard of them. Weird...
And this is a big issue for them and for Apple - and I believe is part of why Apple acquired Fleetsmith.

It’s great to see Jamf doing well, but it’s largely because they’re riding the wave of growing Apple adoption in enterprise and they’re the de-facto standard solution for Mac management, with Mac admins typically being fiercely loyal to them. But it’s an increasingly competitive market, with products from well-established enterprise brands like Microsoft (with Intune) and VMware (with Workspace ONE / AirWatch), that are maturing very quickly and have a number of key advantages over Jamf, not least of which is that they already have large commercial relationships in enterprises. So it will be interesting to see if Jamf can continue to grow their footprint given those pressures.
 
  • Like
Reactions: amartinez1660
i am glad the only "restriction" on my work iPhone is the Outlook App with a office 365 subscription lol I wouldn't want this spyware on my device.

At my old job I had all kind of restrictions on my android device, could not even open internal pdfs in the mail app and basically everything was synced to a company account, including search history. I could not even change the horrible pixelated default company wallpaper. nightmare and no thank you. I used to put the SIM card in my spare iPhone and accessed emails via safari browser to avoid using the android device.
 
Last edited:
Very happy with JAMF here. We originally started with Profile Manager 8 years ago but that quickly became a problem once we started growing. 1400 iPads, 270 Macs now and still growing every year.
 
  • Like
Reactions: 960design
These types of tools are spyware and a privacy nightmare. As folks move to single BYOD for personal and work, enterprise endpoint protections should come in standalone apps for enterprise applications, not through complete OS-wide surveillance. The above comment about wanting location tracking is worrisome, and that mindset just normalizes workplace surveillance.
I would never bring in my own device if they install anything on it. And wouldn't take with me any company device which has location tracking.
 
  • Like
Reactions: 960design
We have 10k Mac's or more in our environment, but we don't use JAMF... We ended up using Filewave, which can manage, macOS, Windows iOS/iPadOS, Android and Chromebooks. its super easy to use and very efficient.
 
We've got a few hundred Macs at work that we'll probably have to get rid of because Jamf can't work behind our firewall. We're required to block possible data exfiltration technologies like iCloud and iTunes, and Apple has a nasty habit of wiring those servers together with the Software Update servers. Also Apple's firmware updates (like for the T2) try to make direct connections to hardwired, undocumented Apple URLs that we can't set up whitelist rules for at the firewall.

And on top of that there's the PITA of the App Store, which has no concept of a company account or group licensing besides five-person "families". Not that Windows is much better (WSL is fun to install offline), but most of our stuff isn't in the Microsoft Store. And Adobe requires the creation of a custom installer for each serial number on an open-Internet machine, which then has to be vetted (somehow) and brought across the gap.

We tried to make Jamf work. A couple of their devs came down to work with us for two weeks. No go.

So IT has decided it's just easier to migrate everyone to Windows and RHEL because they have proper Enterprise support that doesn't require direct Internet access for everything.

It's really frustrating. We've had mostly Macs since the 80s. Lots of folks hating to see them go, getting stuck with Dell XPS boxes when they need Mac Pros.

(The big bosses have been pushing NIST SP800.171 and DoD CMMC on us for over a year now.)

That doesn't sound like a Jamf or Apple issue, but an issue with you security team being overly cautious. Apple publishes a list of websites that need to be open to work properly. It should be more than enough for most companies. Jamf has a presence in the government, so it can work. But, it may be a case your company security higher-ups don't want to work with Apple, so they pretend they don't know how to do it. (I don't know how any company can ignore that we are in a connected world).

As far as the App Store, license management and a company account is exactly what Apple Business Manager is for. You but and distribute Apps from the App Store in a single location. App are then distributed via MDM to devices without the need for a user to log in to the App Store.
 
We've got a few hundred Macs at work that we'll probably have to get rid of because Jamf can't work behind our firewall. We're required to block possible data exfiltration technologies like iCloud and iTunes, and Apple has a nasty habit of wiring those servers together with the Software Update servers. Also Apple's firmware updates (like for the T2) try to make direct connections to hardwired, undocumented Apple URLs that we can't set up whitelist rules for at the firewall.

And on top of that there's the PITA of the App Store, which has no concept of a company account or group licensing besides five-person "families". Not that Windows is much better (WSL is fun to install offline), but most of our stuff isn't in the Microsoft Store. And Adobe requires the creation of a custom installer for each serial number on an open-Internet machine, which then has to be vetted (somehow) and brought across the gap.

We tried to make Jamf work. A couple of their devs came down to work with us for two weeks. No go.

So IT has decided it's just easier to migrate everyone to Windows and RHEL because they have proper Enterprise support that doesn't require direct Internet access for everything.

It's really frustrating. We've had mostly Macs since the 80s. Lots of folks hating to see them go, getting stuck with Dell XPS boxes when they need Mac Pros.

(The big bosses have been pushing NIST SP800.171 and DoD CMMC on us for over a year now.)
That makes me sad. I understand (and live) corporate rules and they can get in the way. I try to talk to the bosses and explain things very simply. We have speed limits on the road ways for safety, most of us follow them. Same for computer management. Safety in place as long as it does not get in the way of work. If something is not working, then rethinking your system may be needed. We do not govern all cars to drive at a maximum of 55mph. We do not force seat belts to be connected before starting engine. We do not force blood/breath samples to be evaluated before starting. Some would argue that these are sometime necessary, I disagree. Follow the rules or lose the 'privilege'.

PITA App Store
This part lost me. www.business.apple.com is Apple's business manager. You can manage every app license available within the app store, very easily. Distribution/reclamation/updates via any MDM you wish.

So IT has decided
Often a sign of a lazy IT culture. This leads to data loss, incursions and tons of other frightening things. Which leads back to overcomplicated systems to protect IT from themselves.
For example: direct Internet is not required. Local servers can cache and distribute updates to all devices on the network. These servers will of course need to have access to the outside from time to time to receive the updates, but this can be done in a controlled and easily traceable way.
 
Last edited:
My company would switch to Jamf in a heartbeat if they would support location tracking on deployed devices. We have roughly 1500 devices across the country.
We use Jamf in the PK-12 setting and we can view the location of devices. Incredibly helpful in this virtual learning environment where kids "lose" stuff far too often.
 
What are some competitors to Jamf? Are there iOS management solutions for the home/family? What is the extent to the monitoring capabilities of these services? I can see these services being useful outside of enterprise and in the home for example especially with large families.
One that I know of is Cisco Meraki--what we used prior to Jamf and are mostly transitioned out of now (the last licenses in there expire this year).
 
huh ... didn't even know Apple owned JAMF. No wondering it's a decent upgrading service. Love that it can be reskinned too (for, you know, a service my employer can push **** onto me)
It's just a very badly written article headline. They are not owned by Apple.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.