At what point does Apple decide that JAMF has become too powerful, and therefore must be cut out of the equation?
That’s why they acquired Fleetsmith in late 2020. Get ready!
At what point does Apple decide that JAMF has become too powerful, and therefore must be cut out of the equation?
Off topic comment reply here, but I find this interesting. I agree with the high end MacBook Pro long term statement. Same for iMac, Mac Pros, etc that are high end enough, tons of power still, albeit at a precarious per watt performance. I’m extremely satisfied with a high end iMac 27" and it’s actually plenty quiet. But can’t imagine how amazing the ARM ones will be though.There will be a decline in corporate customers in the next 5 years due to Apple silicon, without good VM solutions for Windows applications. Everyone knows that in the corporate world we have programs that only work on Windows. And all of us "corporate customers demanding Macs" will have no choice but to go to a Windows machine when upgrading in order to effectively do our jobs when there is no intel alternative.
I'm dreading it.... at least I got a new top of the line 16" MacBook Pro in 2020 that should last me a good 4-5 years.
Amazing. As a non IT related or knowledgeable guy here, nice to have a practical example of what can be done with this Jamf service being discussed.Yep! It's pretty cool. For instance, the latest Zoom update (either the app or the mechanism) broke Zoom audio for a lot of our teachers today, and it was asking them all for admin credentials, which they don't have. We got probably 10 tickets in an hour or so about it.
I was able to find a script on a Jamf forum that someone else had used a year ago to fix the same problem, test it on a machine or two in my office, then put it in Self Service with a forced restart, a pretty icon and called it Zoom Audio Fix. We directed them all to Self Service, and voilà! Problem fixed on ten machines remotely in under an hour.
That scenario won't happen. If it was likely to happen, it would've done so already. Apple is perfectly content to have JAMF take care of the things it tried (and failed) to do with modern (i.e. post-Snow Leopard Server) versions of macOS Server. Apple builds in Business Manager and School Manager (and the VPP and DEP programs therein for both) and then is perfectly content to let MDM providers like JAMF do the rest. It's a win-win for both companies.At what point does Apple decide that JAMF has become too powerful, and therefore must be cut out of the equation?
That’s why they acquired Fleetsmith in late 2020. Get ready!
Amazing. As a non IT related or knowledgeable guy here, nice to have a practical example of what can be done with this Jamf service being discussed.
Clears the perspective for me.
No. It’s not about Jamf becoming ”too powerful”. Apple acquired Fleetsmith because they wanted the people at Fleetsmith, and because they feel the need to have a first party SaaS-based management solution to make it easier to sell Apple hardware into small firms. Currently for Apple to sell their own hardware they have to also sell the customer on a third party management solution (made all the more difficult if that third party is a company called ”Jamf” that few people have ever heard of), so this addresses that barrier.That’s why they acquired Fleetsmith in late 2020. Get ready!
That is the point of Jamf's MDM products - they are enterprise management tools for managing enterprise devices.I don't allow it on any of my personal devices. My employer has to supply me with the equipment (and cell plan) if they want to get access to it.
Yes, there is a lot of truth to this, although the issue isn’t that Jamf can’t work behind the firewall, it’s that Apple’s MDM architecture has requirements that conflict with established network security practices for many large enterprises, especially regulated enterprises. And I agree it has almost certainly been a constraint for Apple’s enterprise adoption.We've got a few hundred Macs at work that we'll probably have to get rid of because Jamf can't work behind our firewall. We're required to block possible data exfiltration technologies like iCloud and iTunes, and Apple has a nasty habit of wiring those servers together with the Software Update servers. Also Apple's firmware updates (like for the T2) try to make direct connections to hardwired, undocumented Apple URLs that we can't set up whitelist rules for at the firewall.
And on top of that there's the PITA of the App Store, which has no concept of a company account or group licensing besides five-person "families". Not that Windows is much better (WSL is fun to install offline), but most of our stuff isn't in the Microsoft Store. And Adobe requires the creation of a custom installer for each serial number on an open-Internet machine, which then has to be vetted (somehow) and brought across the gap.
We tried to make Jamf work. A couple of their devs came down to work with us for two weeks. No go.
So IT has decided it's just easier to migrate everyone to Windows and RHEL because they have proper Enterprise support that doesn't require direct Internet access for everything.
It's really frustrating. We've had mostly Macs since the 80s. Lots of folks hating to see them go, getting stuck with Dell XPS boxes when they need Mac Pros.
(The big bosses have been pushing NIST SP800.171 and DoD CMMC on us for over a year now.)
Yes, I think it will be very interesting to see how this plays out, especially when Apple releases the higher-end models based on Apple Silicon. The performance advantages versus Windows or Linux on Intel may be compelling enough for some enterprise workloads to get ported over.Off topic comment reply here, but I find this interesting. I agree with the high end MacBook Pro long term statement. Same for iMac, Mac Pros, etc that are high end enough, tons of power still, albeit at a precarious per watt performance. I’m extremely satisfied with a high end iMac 27" and it’s actually plenty quiet. But can’t imagine how amazing the ARM ones will be though.
Do you think though that there might be a slight possibility of these windows-only enterprises, apps, etc (or at least a subset of them), getting some sort of motivation and porting their stuff to make it work on M1 Macs?
Some of them might be impossible, granted. I’m not too familiar in general of what’s Windows only out there but for me personally the only reason I had Bootcamp was because of 3dsmax... now I access it via Parallels Desktop if it is for light enough 3D files. But heck, I’m forcing myself to open Blender whenever I can now.
And this is a big issue for them and for Apple - and I believe is part of why Apple acquired Fleetsmith.Jamf? Never heard of them. Weird...
I would never bring in my own device if they install anything on it. And wouldn't take with me any company device which has location tracking.These types of tools are spyware and a privacy nightmare. As folks move to single BYOD for personal and work, enterprise endpoint protections should come in standalone apps for enterprise applications, not through complete OS-wide surveillance. The above comment about wanting location tracking is worrisome, and that mindset just normalizes workplace surveillance.
We've got a few hundred Macs at work that we'll probably have to get rid of because Jamf can't work behind our firewall. We're required to block possible data exfiltration technologies like iCloud and iTunes, and Apple has a nasty habit of wiring those servers together with the Software Update servers. Also Apple's firmware updates (like for the T2) try to make direct connections to hardwired, undocumented Apple URLs that we can't set up whitelist rules for at the firewall.
And on top of that there's the PITA of the App Store, which has no concept of a company account or group licensing besides five-person "families". Not that Windows is much better (WSL is fun to install offline), but most of our stuff isn't in the Microsoft Store. And Adobe requires the creation of a custom installer for each serial number on an open-Internet machine, which then has to be vetted (somehow) and brought across the gap.
We tried to make Jamf work. A couple of their devs came down to work with us for two weeks. No go.
So IT has decided it's just easier to migrate everyone to Windows and RHEL because they have proper Enterprise support that doesn't require direct Internet access for everything.
It's really frustrating. We've had mostly Macs since the 80s. Lots of folks hating to see them go, getting stuck with Dell XPS boxes when they need Mac Pros.
(The big bosses have been pushing NIST SP800.171 and DoD CMMC on us for over a year now.)
We like people like you. Keeps our job fun.Jamf is super easy to get past. A couple years ago I was IT in my school and I had no problem getting around it on my issued machine lol
That makes me sad. I understand (and live) corporate rules and they can get in the way. I try to talk to the bosses and explain things very simply. We have speed limits on the road ways for safety, most of us follow them. Same for computer management. Safety in place as long as it does not get in the way of work. If something is not working, then rethinking your system may be needed. We do not govern all cars to drive at a maximum of 55mph. We do not force seat belts to be connected before starting engine. We do not force blood/breath samples to be evaluated before starting. Some would argue that these are sometime necessary, I disagree. Follow the rules or lose the 'privilege'.We've got a few hundred Macs at work that we'll probably have to get rid of because Jamf can't work behind our firewall. We're required to block possible data exfiltration technologies like iCloud and iTunes, and Apple has a nasty habit of wiring those servers together with the Software Update servers. Also Apple's firmware updates (like for the T2) try to make direct connections to hardwired, undocumented Apple URLs that we can't set up whitelist rules for at the firewall.
And on top of that there's the PITA of the App Store, which has no concept of a company account or group licensing besides five-person "families". Not that Windows is much better (WSL is fun to install offline), but most of our stuff isn't in the Microsoft Store. And Adobe requires the creation of a custom installer for each serial number on an open-Internet machine, which then has to be vetted (somehow) and brought across the gap.
We tried to make Jamf work. A couple of their devs came down to work with us for two weeks. No go.
So IT has decided it's just easier to migrate everyone to Windows and RHEL because they have proper Enterprise support that doesn't require direct Internet access for everything.
It's really frustrating. We've had mostly Macs since the 80s. Lots of folks hating to see them go, getting stuck with Dell XPS boxes when they need Mac Pros.
(The big bosses have been pushing NIST SP800.171 and DoD CMMC on us for over a year now.)
We use Jamf in the PK-12 setting and we can view the location of devices. Incredibly helpful in this virtual learning environment where kids "lose" stuff far too often.My company would switch to Jamf in a heartbeat if they would support location tracking on deployed devices. We have roughly 1500 devices across the country.
One that I know of is Cisco Meraki--what we used prior to Jamf and are mostly transitioned out of now (the last licenses in there expire this year).What are some competitors to Jamf? Are there iOS management solutions for the home/family? What is the extent to the monitoring capabilities of these services? I can see these services being useful outside of enterprise and in the home for example especially with large families.
It's just a very badly written article headline. They are not owned by Apple.huh ... didn't even know Apple owned JAMF. No wondering it's a decent upgrading service. Love that it can be reskinned too (for, you know, a service my employer can push **** onto me)