WWDC 2023: What’s new in shared device deployments
Month: June 2023
Author: June 27, 2023 by Tim Knox
Source: https://www.jamf.com/blog/shared-ipad-in-business-wwdc2023/
WWDC 2023 introduced several new improvements on how organizations will be able to provide shared devices to their users.
Apple introduces Return to Service
Historically, iPhones and iPads were predominately a one to one (1:1) type of deployment, but as they have made larger inroads into education, enterprise and the growing deskless workforce, Apple has been consistently giving people more flexibility on how those devices are being used.
Shared iPad for businesses and schools allowed for multiple users to log in to a single iPad with Managed Apple IDs and use it as their assigned device for the day or their shift. This is really useful for organizations that are able to federate their identities into managed Apple IDs, but less useful for people who want to use iPhones or who don’t have any credentials in an identity provider.
For devices managed by the Jamf platform, the Jamf Setup app worked around these limitations by allowing users to select a role for the day and use Jamf Reset to completely wipe the device once they are done. The downside of that workflow is that someone would need to go through the Setup Assistant again in order to get it back under management. This was time consuming and simple mistakes can be made while selecting the Wi-Fi, language and region.
At this year’s WWDC, Apple announced Return to Service which will totally change that experience. Return to Service is a new MDM action that will send an EraseDevice command along with the previously selected language, region and critically — a Wi-Fi profile. Previously, these un-skippable user selections had to be performed each time a device was wiped and reenrolled. Being able to send a wipe command to a device and have it completely set itself back up again is a game changer in the deskless workforce and should improve the troubleshooting experience for support calls to IT.
Shared iPad updates
But Apple isn’t sleeping on Shared iPad. It can be confusing when you log into a device and don’t see the apps you were expecting to see right away; delaying access until everything is in place means you won’t be too early to the party. The AwaitUserConfiguration key lets you keep a user at the login screen until the device is totally ready and released by the MDM server. Apple also sped up logging in to Shared iPad for new users with the SkipLanguageAndLocaleSetupForNewUserskey. The shared iPad will use the selection made during the initial provisioning and not ask each new user to make those selections. This feature is off by default, so you will need to turn this on via MDM once available.
Additionally, changes in the way Shared iPad handles quota configurations will make it easier for IT admins to reserve the space needed for new apps and content while the device is in use.
Jamf has lots of ways to help IT deliver an excellent shared experience for their users and students while Shared iPad grants access to people with appropriate managed Apple IDs at a device level:
- Shared iPad’s Temporary Sessions allow access for people who just need a grab-and-go device or for people who don’t have any credentials by offering a Guest login, deleting all data once the user logs off
- Jamf Setup and Jamf Reset allow you to select a role and destroy all your data when you are done with it
- Our new Single Login feature — used with Jamf Setup and Jamf Reset — personalizes the device for each user based on their Azure credentials.
Being able to be flexible with your shared iOS and iPadOS devices is getting easier each year, and we look forward to seeing how all these changes will be used by our customers.
Learn more about Jamf and Shared iPads!
WWDC 2023 Takeaways: The impact on health and wellness
Month: June 2023
Author: June 23, 2023 by Adam Mahmud
Source: https://www.jamf.com/blog/wwdc-2023-health-and-wellness/
It’s been a couple of weeks since Apple’s World Wide Developer Conference (WWDC), and if you are still trying to catch up with the highlights, let us help you get up to speed.
WWDC Blog recaps:
- Check out our day–one recap
- Hear our thoughts about how these innovations will help Apple win the enterprise and change the future of work
- Discover what’s new from Apple for Education to innovate
While WWDC brings a number of exciting announcements for developers and users alike, impactful innovations in Apple’s longstanding mission to improve health and wellness were also visibly on display.
It’s been a few years since Tim Cook was first quoted saying Apple’s greatest contribution to humanity would be in health. And he has reaffirmed this belief over the years. If this emphasis wasn’t clear during the recent WWDC sessions, Apple’s press release brings it into view: Apple provides powerful insights into new areas of health.
“Our goal is to empower people to take charge of their own health journey. With these innovative new features, we’re expanding the comprehensive range of health and wellness tools that we offer our users across iPhone, iPad, and Apple Watch.” – Sumbul Desai, M.D., Apple’s Vice-President of Health
At Jamf, we are passionate about the way that technology empowers people to live a better life. And while there were a number of platform improvements for device management announced this year, the updates highlighted below are all personal features.
Whether your device is provided and managed by work or your own, all Apple devices share these user features, which if leveraged, can help you become a better version of yourself. Check out the details below!
Mental Health
It’s no surprise that mental health awareness is continuing to come into focus. Especially with what the world has faced over the last few years. After living through a global pandemic, people from all walks of life are more openly discussing and destigmatizing the need for mental health, which is long overdue.
While many have been harnessing the benefits of mental health services for years, others are exploring what’s available for the first time, often in a digital or app-based form. Mixed with the growing concerns about privacy, some look for these self-service ways to start their own mental health journey, but are left with fear and doubt. Luckily for them – and us all – Apple offered an exciting glimpse into what’s ahead with the fall operating system releases.
Assessments
As Apple shared in the press release, “a recent CDC article shows that nearly 30% of US adults have showed symptoms of anxiety or depression.” That is quite an impactful stat. Even more impactful is what Apple is doing about it. Apple users will now have simple, on-demand access to assessments in the Health app to survey for depression and anxiety, and determine if it’s time to get additional help. These are often the same surveys used in a clinical setting, but now available whenever is right for you.
Mindfulness
While the Mindfulness app is not new to watchOS, and it has long offered breathing and meditation exercises to help reduce stress, its functionalities are drastically expanded across the platform this year. New in Mindfulness on watchOS 10, users can now log “momentary emotions” and their overall mood. And this data will be available in the Health app to review insights about what may have contributed to their state of mind.
More on the Health app below… so keep reading.
Journal
Apple’s announcement of a Journal app for iOS 17 provides users with a whole new way to capture their thoughts and reflect on moments in their lives. With a new Journaling Suggestions API, a user can benefit from quick prompts from their digital life – say places or photos from a recent vacation – or a recent workout with friends. On-device machine learning allows this experience to be snappy for users, and entirely secure. Notifications can be configured to remind a user when it’s time to journal, helping this practice become a habit.
As cited in Apple’s release, “research shows that reflecting on one’s own mental state can help build emotional awareness and resilience; can reduce emotions like sadness and anger; and positively impact our body by slowing our heart rate.” While journal and diary apps are not at all new, it’s exciting to see how Apple is opening up a native way that integrates across devices and the platform overall.
Vision Health
The second health category highlighted at WWDC 2023 was vision. Apple has introduced two specific ways to help users to monitor and adjust behaviors that help prevent Myopia or nearsightedness.
Why Myopia you ask? It’s the leading contributor to vision impairment around the world. So what are the features of iOS 17, iPadOS 17 and watchOS 10 that help, and what are the behaviors to watch out for? Some may have felt like common sense to many parents for years but are now things able to be realized through monitoring and tracking. For example:
Monitor Screen Distance
It’s now possible for iPhone and iPad devices to help us hold them at the proper distance from our eyes. In iOS 17 and iPadOS 17, a user can be notified if they hold their device at a distance closer than 12 inches for an extended amount of time. Reading at a distance closer than this is a known risk factor for Myopia.
Track Daylight Exposure
New in watchOS 10, it’s now easy to monitor how much time we get outside. It’s recommended that children are exposed to sunlight for 80-120 minutes per day to help prevent Myopia, and the new ambient light sensor in Apple Watch allows for the data to be captured. As per the theme of this article, the data is available in, you guessed it, the Health app on iOS or iPadOS to interpret and track.
Physical Health & Wellness
Beyond the mental and vision health updates above, Apple introduced some other awesome updates that are worth a shout-out:
Medications
While the Medications feature of Health was added in a prior iOS version, the iOS 17 and now iPadOS 17 updates are super powerful. Users can configure a follow-up reminder to occur if they miss logging taking their medication. This can also be configured as a Critical Alert – so that the alert’s sound overrides the device’s mute switch. Something that was only previously reserved for specific app vendors with a special entitlement from Apple’s Worldwide Developer Relations team for their app. Now this is possible for something as simple, yet crucial, as taking medication.
Apple Fitness+
A host of new user enhancements are available in Apple’s subscription workout offering. These include “Custom Plans” that tailor workout and meditation sessions, “Stacks” so a user can more easily link their sessions together; and “AudioFocus” to more easily bring attention to the trainer’s voice or background music.
Putting it all together
Health App for iPad
The Health app has been hinted at as the hub which centrally controls readings throughout this blog. But for any active iPhone user, this isn’t any secret. Health is the way to deep dive into your workout data from the Fitness app, sleep data from your Apple Watch or other third-party app data that you have elected to share.
On its 9th birthday, Apple Health takes a step forward with the long-awaited introduction of iPad support. This new app launches as part of iPadOS 17, and will securely sync a user’s health app with watchOS and iOS devices via iCloud. While this on its surface is a big deal – now offering users the iPad’s larger screen real estate to interact with their health data and refreshed look for favorites, trends and insights – the future implications may be even larger.
HealthKit
HealthKit – Apple’s open-source framework for developers to build apps that work with Apple Health – also makes this same transition. With third-party developers now able to integrate their iPad apps directly with Apple’s secure health ecosystem, new use cases and capabilities emerge for iPad applications to participate in Apple’s secure health information data exchange. While first introduced in 2014 on iOS 8, the ecosystem of Apple’s open-source APIs expanded in 2015 with ResearchKit and in 2016 with CareKit, which allowed third-party developers to build rich, native iOS apps for clinical trials and surveys. Later, remote care at home modalities allowed data collected by patients to be seamlessly shared back to their provider and care team through HealthKit integrations.
Some of these apps have existed for years and integrate with their own proprietary peripheral devices to record a user’s information back into their app’s platform (ex. a wireless blood pressure monitor). That said, those app developers were not able to write that information into a user’s HealthKit store from iPad directly. With this change, users and developers have a whole new world to explore. Of course, in typical Apple fashion, this is all built with security and privacy in mind and only the user who can share which apps can share (and read) their Health data.
While there is a lot to unpack, we hope this article helps surface what is most important: How technology can help us be better versions of ourselves. While Jamf is a software provider that makes IT management and security solutions for Apple and therefore helps our customers succeed with Apple, our purpose is to ensure people are empowered with their technology. And I for one can’t wait to start testing out the new features on my own journey to be a better me.
To ensure your organization is best positioned to embrace the latest from Apple, contact us today.
Security 360 Highlights: Threat and attack convergence
Month: June 2023
Author: June 21, 2023 by Jesus Vigo
Source: https://www.jamf.com/blog/threat-convergence-evolving-cybersecurity/
In the previous series entry, we discussed the criticality of protecting user privacy, highlighting how this cybersecurity concern has made its way to the top of the list that threat actors are targeting as they attempt to compromise devices, users and data across the modern threat landscape.
As we continue to draw from Jamf’s Security 360: Annual Threat Trends Report, we dive into the trend of threat and attack convergence and how stringing various attack types together creates novel threats that could undermine organizational security practices by sidestepping controls altogether. In this entry, we discuss:
- What is convergence?
- Why is this so concerning?
- How can it undermine my security plan?
- Can you provide some examples?
- How you can protect against converged threats
Onward we go…
What is convergence?
Convergence noun
con·ver·gence
1 : the act of converging and especially moving toward union or uniformity
According to Merriam-Webster, the definition of “convergence” above is just one of several meanings relating to the unification of two or more entities. The fourth meaning defined, relates more closely to the topic at hand and is noted as“the merging of distinct technologies, industries, or devices into a unified whole.”
Taken a step further into the cybersecurity realm, CSO Online defines convergence to mean the “formal cooperation between previously disjointed security functions.”
Why is threat convergence so concerning?
Convergence is one of those phrases that crop up in technology every few years after new technologies have been around for some time and find a second wind when combined with another seemingly disparate technology to introduce something that is newer, or at the least, addresses a previously unknown need.
Consider when existing internet access was merged with standard mobile phone functions, like calling, contacts and messaging support, to introduce smartphones that handled all the above while enabling internet-enabled features, such as email and web apps on the go. That merging was effectively the convergence of those two technologies (internet and mobile phone) to introduce what would become mobile computing and revolutionize personal and professional usage in the years to come.
While the above is an example of a good form of convergence, today’s focus is to discuss a negative side to convergence. One achieved when threat actors leverage multiple technologies to create a new form of threat or devise a novel attack that, if used, may introduce risk into the enterprise.
How can it undermine my security plan?
“0.02% of Android devices were rooted and 0.001% of iOS devices were jailbroken in 2022. 0.004% of users / 0.3% of organizations had a jailbroken or rooted device in 2022.”
Last year’s stat: Less than 1% of organizations had a jailbroken or rooted device in 2021.
Emerging threat tactics are the epitome of threat and attack convergence in cybersecurity. In doing so, bad actors can disproportionately impact the endpoints connecting to your organization’s infrastructure by using known threats and attacks in new, unknown ways to increase the success rate of data breaches. Because of the way in which convergence works – to give existing technology new life, as mentioned before – your company’s security strategy may only be capable of detecting and subsequently staving off a combined attack in part, or perhaps not at all.
Whether the converged attack penetrates your defenses in whole or in part is inconsequential to the fact that it pierced your security and in turn, compromised defenses. The extent of the fallout from the breach will vary wildly from one organization to the next and be wholly based on factors, such as:
- unique business continuity needs
- regulatory compliance requirements, if any
- the severity of damage to:
- equipment
- data (sensitive and user privacy)
- reputation
- business operations
- loss of revenue
Can you provide some examples?
Unfortunately, there are a number of real-world scenarios to draw from when it comes to assessing how critical it is to protect against converged threats and attacks. The following few examples have occurred over time – ranging from recent years while others go back nearly three decades.
But make no mistake, bear in mind what convergence is and what it is intended to achieve: to create something new out of two or more things that are known, existing quantities. This is to say that, even older threats and attacks thirty-plus years old have the ability to gain a new lease on life as a “new converged threat or attack” that is capable of circumventing modern security protections that would’ve otherwise thwarted the legacy threat by itself.
But it’s air-gapped?!
2010: Any IT or Security person worth their salt (and of course, working in the industry at the time) will no doubt know of and remember Stuxnet. The first-of-its-kind WORM was developed to target vulnerable software that managed the SCADA interfaces used to control centrifuges used in the uranium enrichment process.
That’s the short take on it. For a longer take, Wired has an excellent write-up on the entire timelineleading up to and encompassing the event for those that wish to dive deeper into how the first digital tool was weaponized for cyberwarfare.
TL;DR: the computers used to manage the equipment were air-gapped, meaning they were cut off from the internet. And yet, through the ingenuity of converging a physical threat (USB thumb drive) and a malware threat (Stuxnet), the first targeted attack of its kind was made possible whereas neither threat might not have otherwise been successful on its own.
Supply-chain whack-a-mole
2020: Occurring more recently and having decidedly a further reach of impact is the SolarWinds supply chain attack. Billed as a routine update, the real nightmare that was about to unfold only did so after 18,000 estimated customers – not devices but actual companies that relied upon SolarWinds’ Orion software to monitor and manage their networks – downloaded and installed the routine update.
The update was, in fact, a vehicle for delivering malicious code to Orion which was then leveraged to carry out the larger cyberattack, as explained in further detail by NPR.
TL;DR: the suspected nation-state attack was made possible by bad actors relying on multiple threat vectors, namely compromising SolarWinds’ network and their build system (used to deliver updates to customers), creating a trojan that would deliver malicious code to clients that updated (infecting systems inside customer networks), installing tooling to exploit customer’s systems and networks, compromised cloud-based services accounts (allowing threat actors to read confidential/sensitive data, like documents and emails) to elevate account privileges for espionage and exfiltration of sensitive, confidential and classified data.
But who are you, really?
1995: Kevin Mitnick, the white-hat hacker, keynote speaker and security evangelist we know today got his start at the ripe old age of sixteen when he carried the first of many computer crimes before turning fugitive from the U.S. Department of Justice (DOJ). During his two-and-half-year run, the DOJ tallied up Mitnick’s crimes – many of which utilized advanced convergence techniques to keep them at bay.
TL;DR: while it’s beyond the scope of this blog to cover each of the crimes committed, it is sufficient to say that illicit access gained during attacks came by way of social engineering (masquerading as utility company employees to obtain physical access to secure locations), spoofing communications (convincing target networks to obtain access to networks), exfiltrated proprietary software and data, intercepted communications, like email, and used cloned cellular phones to hide his location and remain anonymous.
Help protect against converged threats
By now we know the criticality and severity of threat and attack convergence, as well as the benefits that convergence has made in the technology overall. So, it should come as no surprise that converging security protections play an equally significant role as part of a coherent, risk management program.
Much like how a defense-in-depth strategy relies on layers of controls to catch threats that may otherwise slip through undetected, the convergence of security functions, practices, protocols, alerts, reporting, monitoring, threat hunting, detection, incident response, policies and remediation workflows aims to integrate and organize within priorities and business objectives through:
- Communication
- Coordination
- Collaboration
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) developed the Cybersecurity and Physical Security Convergence Action Guide, a resource providing high-level guidance to organizations looking to understand “risks associated with siloed security functions, a description of convergence in the context of organizational security functions, benefits of convergence, a flexible framework for aligning security functions, and several case studies.”
Learn more about these and other growing threat trends impacting cybersecurity!
The Deskless Workforce: Understanding the Impact on Business and Employees
Month: June 2023
Author: June 20, 2023 by Laurie Mona
Source: https://www.jamf.com/blog/the-deskless-workforce/
Organizations with “deskless” employees who use modern mobile devices may find that it’s a balancing act to effectively support users while maintaining device management and security standards.
And for teams that support mobile-first employees using Apple technology – such as iPads and iPhones – it’s crucial to know how to optimize these devices for each use and turn them into efficient, secure on-the-job tools.
The solution: Mobile Device Management (MDM) and identity and security technologies that simplify workflows, create efficiencies and help meet regulatory compliance and security standards.
Check out how to support the mobile Apple devices of your deskless workforce with Jamf.
What is the deskless workforce?
The majority of the world’s workers – 80%, or 2.7 billion people – don’t sit at a desk. Note that we’re not talking about remote employees who are simply working outside the office, but those whose job functions are mobile by necessity.
In industries such as healthcare, transportation, retail, education, manufacturing and field service, deskless workers spend their time on-the-go: working room-to-room, from a vehicle, in a large open space inside a building or outdoors.
We see these employees in positions as varied as the frontline, operational workers, nurses, pilots, flight mechanics and cashiers.
When this mobile workforce interacts with technology, it’s usually in a task-oriented and time-sensitive fashion. However, these workers can feel unsupported in the tech they use. In fact, more than 60% of deskless workers report a lack of satisfaction or feel the need for improvement in the tech they use.
So how can organizations better support employees and their devices?
Solving challenges with technology
While organizations may provide mobile devices to help deskless workers be more efficient and simplify workflows, they also have to figure out how best to implement, manage and secure these tools to make them productive in practice.
Typical device management needs that arise in deskless environments include automating management and security tasks, over-the-air device provisioning, ensuring productivity apps work with each new OS update, and connecting authorized users to productivity apps.
The ‘Deskless’ environment also faces unique challenges, such as “hiding” the technology so workers can rapidly connect to the task-oriented tools that make them productive. For example point-of-sale applications, clinical communications tools and pre-flight checklists.
Needs specific to deskless use cases include:
- Shared device use: clinical communication devices in a hospital, shift workers on a manufacturing floor
- Customized device provisioning to role-specific configurations: ability to understand the device’s state and distinguish it from others in the fleet
- Workflows to verify device compliance for regulated industries: retail store devices support the correct version of iOS or iPadOS and POS app
- Meeting industry-specific security requirements: PCI DSS in retail, HIPAA in healthcare
- Content filtering and data capping: control types of data accessed, manage cellular data consumption
- Ability to operate in environments with connectivity issues: minimize disruption to application connections
- Integration with other platforms, tools and workflows: help connect employees to all their work resources
The organization’s desired result: The ability to provide an employee-friendly experience that promotes productivity and streamlines IT administration.
If you’re using Apple technology (as is many employees’ preference) to support your deskless workers your organization can benefit from using the Apple-first vendor that supports both your desk-bound and deskless workers: purpose-built management, identity and security solutions from Jamf.
Streamlined workflows for mobile workers
Employers can offer workers using iPhone and iPad in mobile-first, task-based roles simple, secure and customized experiences with Jamf.
Jamf technologies enable ‘deskless’ roles to succeed by bringing a set of product capabilities to these modern work tools that are designed to operate together, right “out of the box”.
The benefits of using Jamf include:
- Deliver an Apple-first, Apple-best experience by building on native Apple frameworks.
- Perform over-the-air management and security tasks without interrupting end-user tasks.
- Streamline administration by simplifying IT workflows and redundant processes.
- Support end-user needs for efficient, reliable tech that helps them do their job better.
- Remain compatible and reliable with every new OS release.
- Find the solution that best fits your needs with help from industry experts.
Manage, secure and simplify purpose-built work tools with Jamf.
App installers just leveled up.
Month: June 2023
Author: June 13, 2023 by Haddayr Copley-Woods
Source: https://www.jamf.com/blog/app-installers-deploy-to-Self-Service/
What is ‘App Installers’?
Part of the Jamf App Catalog, App Installers is a curated collection of Jamf-managed and Jamf-provided installer packages that automate and streamline updating and deploying third-party apps. Jamf Pro automatically sources these packages from vendors, repackages them if necessary, and updates and deploys these titles to designated Mac machines in a Smart Group.
App Installers:
-
- Saves admins time
- Ensures that end users always get the latest and updated version of apps
- Increases security by always keeping apps up-to-date
App Installers increases visibility into the status of all App Installer deployments in an environment, and Jamf continues to expand our list of available titles. Learn more from our FAQ blog post.
New to App Installers
-
- End-user experience improvements with new notifications
- Ability to force-quit grace period: choose how many minutes the user has to save work and close the app before the app force-quits to complete the update
- Custom “Update Complete” message
- Automatic start of app after update
App Installers via Self Service Catalog
This has been the most-requested feature update since we launched App Installers in Jamf Pro 10.37. You asked, and we answered!
When distributing software titles from the Jamf App Catalog, Apple admins can now choose to either deploy via a Smart Group or make the app available in Self Service for end users to install when they are ready.
After installation, the app automatically updates when a new version is available in the Jamf App Catalog without the user having to perform any additional action.
Try Jamf Pro for free.
Mastering Enrollment Single Sign-On with Jamf and Okta
Month: June 2023
Author: June 13, 2023 by Sean Rabbitt
Source: https://www.jamf.com/blog/road-to-enrollment-single-sign-on/
Enrollment single sign-on (ESSO) supported by Jamf in partnership with Okta is here, but no matter what your identity provider is today, the road to success is paved with testing your existing single sign-on setup.
Jamf and Okta provide best-in-class identity management.
What is enrollment single sign-on?
Now available with the release of Jamf Pro 10.47 and if Okta is your cloud identity provider: when a user initiates an enrollment of their personal device into an MDM, a “helper application” will be pushed down to the device first without the need for an Apple ID or user effort. This helper app can be used to hold the user’s identity provider (IdP) credentials for the inevitable 27 different sign in requests that will come in for setting up MFA, Apple iCloud, e-mail, activating Jamf Connect ZTNA, access to cloud services like Office, Jira, Confluence, Salesforce…
Enrollment single sign-on is based on the single sign-on extension
The amount of time a user spends setting up their phone is about to get much, much quicker. The enrollment single sign-on extension (ESSOe) will make the onboarding experience easier and life with your BYOD device at your organization happier over time.
The single sign-on extension (SSOe) is so new that you may not have it set up in your environment yet. Okta has released functionality to all Okta Identity Engine tenants, and Microsoft just made SSOe available through general availability on Azure this month.
Single sign-on is enabled by an app installed on a device and a configuration profile pushed down to the device by the MDM.
Unlike ESSOe which is intended for personal devices enrolled through account-driven user enrollment, this standard extension to the Apple operating systems is available now for all devices managed by an MDM — institutionally owned through any method or personal through user enrollment.
The single sign-on extension is supported by Okta using the Okta Verify app on macOS, iOS and iPadOS. On Azure, the extension is supported by the Company Portal app on macOS and Microsoft Authenticator on iOS and iPadOS.
No matter your identity provider, the simple presence of the app on the device combined with a configuration profile you push via Jamf is all your user will ever really need. They won’t need to register a device with Okta nor will they need to enroll a device for Azure Conditional Access. The only thing a user will need to do is log into something gated by your identity provider once. After that, the SSOe informs the Apple device to use the helper app to automatically cache the user’s credentials and negotiate access tokens for services.
Modifying authentication policies to use single sign-on
To make enrollment single sign-on work, your authentication policies and conditional access policies need to adapt to take advantage of single sign-on. Take the time now to communicate with your identity team and discuss allowing Okta Verify as an authentication method. Discuss using biometrics as a non-phishable “second factor” for advanced security. For Azure users, even though ESSO isn’t available at this time, discuss using the new Authentication Strength grants and “Require MFA” grants in your conditional access policies.
The authentication policy or the conditional access policy will need to allow this new simplified login process for your end users to access cloud resources like email, iCloud, activating Jamf Connect ZTNA and others, otherwise the default will be the good ol’ password 27 times a day like the old days.
Use Jamf Pro to target test groups and devices
Unlike some apps or configurations you can test locally, the single sign-on extensions must be pushed down via an MDM like Jamf Pro or Jamf School. But we’re ready for that.
Once your identity team has set up authentication and conditional access policies, set up a group of test devices and a team of volunteers to try out the SSOe day to day. You can use a Static Device Group or Static Computer Group to pick a specific group of devices to receive the Okta Verify app via policy or via VPP automatic installation as well as the configuration profile.
Once your test group gets the app and the configuration, simply go through your day-to-day activities. Log into your cloud applications, hit your corporate websites gated with OAuth, SAML and OIDC logins, and see the magic happen.
Once your users are comfortable and you’ve tested that end users can access their mission critical resources, roll out the app and config to your fleet and listen for the sighs of “aaaah….” single sign-on is really single sign-on and not 27 times typing the same user name and password over and over and over and over again.
Take advantage of ESSO with Jamf Pro and Okta.
5 WWDC enhancements to help edu innovate with Apple and change the future of learning
Month: June 2023
Author: June 13, 2023 by Mat Pullen
Source: https://www.jamf.com/blog/helping-apple-win-in-education-and-change-the-future-of-learning/
Mac blurring the lines between education and industry
Mac has long been the standard in education when it comes to creative subjects, with media and music subjects utilizing the creative tools on hand. With the development of curriculum worldwide adopting a more creative approach highlighted in a recent Gallup survey with educators highlighting, “creativity in learning produces positive critical outcomes for students…when teachers leverage the full potential of technology.“ When it comes to meeting the needs of industry, the Future of Jobs Report identifies that “analytical thinking and creative thinking remain the most important skills for workers in 2023.” By being able to take advantage of these tools, schools can enhance learning and teaching while also preparing students to work with industry-standard equipment at the same time. The updated Mac lineup, including the new 15” MacBook Air with special pricing for education, brings a bigger screen along with its ultra-portability for educators and students on the move. And with the Mac Studio and Mac Pro with Apple Silicon, those studying media and creative subjects have access to the tools needed to take on these roles, having a huge impact on future employability.
With the introduction of macOS Sonoma, we saw more focused software enhancements that support education, like increased accessibility support through the introduction of widgets on the desktop. These help users maintain focus on the key things they need, right when they need them. Also, the Presenter overlay in FaceTime offers new opportunities when it comes to making engaging presentations – whether teaching remotely or simply providing students alternatives to how they share their learning.
iPadOS continues its simplicity and creativity
iPad has seen a boom in education since its release, though initially a consumer device, education soon realized the power of it in the hands of learners. With iPadOS 17, this continues to be an essential device for learning and teaching.
As education institutions continue to develop their approaches to technology-enhanced learning, iPadOS brings new tools to support how that looks in not only the traditional classroom but providing opportunities to transform anywhere learning takes place. With developments to Freeform, students keep focused while allowing them to follow along with the teacher as they explore new content and utilize creative tools to build on that knowledge.
Other key education wins include the enhanced way PDFs are managed and supported. Machine learning supports Autofill and Annotation over those documents, bringing critical functionality for collaborative work. The Notes app also receives this enhancement as well, adding more opportunities for differentiation to support student choice in their learning. And when it comes to working directly on the iPad, the alternative to printing PDF documents offers schools cost savings over constrained budgets while easing teacher workload concerns. These further evidence the return on investment, crucial when considering an iPad for education.
New apps are often quickly embraced in education and used in innovative ways. With Journal, the opportunities are here for learning to be collated in new ways, offering students the chance to review moments with a wealth of information to create new thoughts and ideas.
Managed Apple IDs (MAIDs) support that collaborative nature in the classroom, allowing learners and teachers to work on documents, share thoughts and ideas while working independently on the same documents or projects. With easy student sign-in, MAIDs provide additional support when it comes to setting up students on their devices. Teachers can now scan a student’s device and sign them in, making the process so much easier, especially for the youngest of learners. Other developments with Managed Apple IDs in education include partitioning personal and work accounts on devices and the ability to use Managed Apple IDs, with features like Continuity Camera and sign-in with Apple, further enhancing the user experience for educators and students on their devices.
Finally with iPadOS, one of the key elements that make the iPad so user-friendly in education are the tools that support learners of all kinds to achieve, such as:
- Accessibility enhancements in both auto-correct and dictation bring support for those learners that need extra support in getting their thoughts down.
- MAIDs allow students to have personal and school-based accounts on the same device.
- Profiles in Safari empower students to keep specific websites they are using together based on the subjects being learned separately from the websites they use outside of learning to maintain that learning focus.
- In the same way, as widgets enhance the learning experience on Mac, on the iPad, it brings them to the home screen with the promise of interactivity. Study apps like Quizlet, bring interactivity to the widget itself, maintaining the focus on learning.
Apple Watch to support education
Apple Watch can be seen on the wrists of many students as they utilize the device for their own needs – from simple timekeeping to health and fitness tracking. With the announcement of watchOS management, what might this do to enhance its use as an educational tool?
Sports courses that focus on data to make improvements in analyzing performance can benefit from being able to use Apple Watch to support curriculum enhancements. By providing instant access to improvements in the biomechanics movements with specialist apps or simply having access to heart rate and recovery rate.
Management of the Apple Watch now makes this a teaching aid. One that can be deployed in the same way an iPad is, giving institutions new possibilities whilst still having those management tools to keep it simple. And with MAIDs, educators can utilize the communication and productivity tools the watch brings with the added compliance, achieving parity with institution-secure devices. With Apple Watch, educators also get the added benefit of well-being and fitness goals, helping combat the growing health issues facing them today.
AppleTV as the classroom display
Apple TV has long been a great way to not only share information in a classroom but also support cost-saving approaches to AV setup while transforming what a learning space looks like. Schools utilize Apple TV, not only for the in-classroom screen sharing of devices but also to utilize those same screens as digital signage, as with Texas A&M. Further supporting students between learning or as a separate learning point for information, by displaying relevant content that students can engage with, transforming what learning spaces look like.
With Apple TV enhancements with FaceTime support, creative use of Apple TV can take things even further. Bring in that expert from outside the classroom and have them interact directly with the learners using the Continuity Camera – right from the classroom! Furthermore, bring the guest even closer to the learners and their work, after all, there’s no need for the camera to stay in one place.
The next technology disrupter in education?
10 years ago, iPad wasn’t in every classroom. Despite being considered too expensive to be an educational tool, it succeeded in revolutionizing the education sector to become exactly that. By disrupting what education looked like and transforming new opportunities for many, Apple ushered in iPad to become the gold standard in education technology. What might the impact be of the Apple Vision Pro on education?
Disruptive tools, like Vision Pro, can bring a whole new way to support education by taking learners to new worlds whilst still connecting them to their real world. Something that supports the connection between the two supports so many in education.
Students can make connections between the content they need to know and what it actually looks like. As developers embrace this, and ed-tech enthusiasts explore the possibilities, this could be a real game changer in a new approach to technology-supported education.
Students can explore new worlds without having to travel to those locations. Vision Pro could not only provide access to places that they may never get to visit but also provide new ways to engage with the content available within their immediate space. We see how augmented reality is helping learners explore in new ways already, by creating and interacting with content that once lived in two dimensions or text-based. Bringing that into a fully immersive experience impacts the experience, cements understanding and engages learners with a deeper connection.
Let’s see what the next 10 years bring to this space.
To ensure your organization is best positioned to embrace the latest from Apple, Contact Us
Jamf releases Jamf Connect 2.24.0
Share me
Month: June 2023
This release includes the following changes and improvements:
Today we shipped Jamf Connect 2.24.0 which gives you the ability to configure Offline Multi-factor Authentication for users devices.
Users can now enroll in offline multifactor authentication (MFA) via the Jamf Connect menu bar app. This feature enables users to log in to their computer with a time-based one-time password through their mobile device, without needing a connection to an identity provider.
Product Documentation
For additional information on what’s included in this release, review the release notes via the Jamf Learning Hub.
Jamf Connect enables organisations to deploy single sign on login to a Mac using Cloud credentials users already know.
Jamf Pro and Jamf Connect now part of the Microsoft Intelligent Security Association
Month: June 2023
Author: June 9, 2023 by Mignon Wagner
Source: https://www.jamf.com/blog/jamf-pro-and-jamf-connect-now-part-of-misa/
It has only been a few weeks since we announced that Jamf is now a member of The Microsoft Intelligent Security Association (MISA) based on our integration between Jamf Protect and Microsoft Sentinel. MISA is an ecosystem of independent software vendors and managed security service providers that have integrated their solutions with Microsoft security technology to help customers better defend themselves against increasingly sophisticated cyber threats.
In our recent press release, Vasu Jakkal, CVP Microsoft Security, explained the value and mission of MISA:
“We believe that by coming together as a community to innovate, build strategies, and share knowledge, we empower ourselves and our customers as defenders. That’s why MISA is such a vital part of our mission. Together with our partners like Jamf, we can turn obstacles into innovation and embrace today’s challenges as an opportunity to build a better, safer world for all.”
Today, we are thrilled to announce another significant milestone in our partnership. Jamf Pro and Jamf Connect are now also part of the MISA program! With the integration of Jamf Pro and Jamf Connect with Azure Active Directory, organizations can now guarantee that only authorized cloud identities on compliant Apple devices can access critical business applications.
Jamf Pro and Jamf Connect integrate with Azure AD
Enhanced management and security for organizations with a Microsoft environment
It is crucial to adopt solutions that prioritize both security and user experience. Combining the best of management and identity and access management, Jamf Pro and Jamf Connect integrated with Azure Active Directory empower organizations to securely control device access and data security. By enforcing Microsoft conditional access policies on macOS, iOS and iPadOS devices, businesses can implement real-time remediation workflows to keep corporate data secure, regardless of where an employee and their device is located.
Streamlined user experience for uninterrupted workflows
User experience is a crucial aspect of any solution. Jamf’s partnership with Microsoft through our integrated solutions in the MISA program aims to strengthen the Trusted Access experience that users love and organizations can trust. Zero-touch onboarding and automated device enrollment ensures all devices are enrolled and under management, while single sign-on (SSO) and multi-factor authentication (MFA) through Azure Active Directory allows for authentication and authorization into Jamf consoles and products, reducing the risk of unauthorized access.
Enforce delivery of Microsoft certificates on managed Apple devices
If you would like to enforce the delivery of Microsoft certificate-based authenticatiob on managed Apple devices, Jamf Pro and Jamf Connect allow organizations to ensure that their devices possess the necessary certificates to meet compliance standards. This added layer of security mitigates potential vulnerabilities and strengthens the overall security posture of the organization.
Together, Jamf and Microsoft are driving innovation and delivering unparalleled security for Apple devices in the modern workplace.
To find out more about our partnership with Microsoft, explore our Integrations page or find our available integrations in the Jamf Marketplace.
Take a deep dive into the Jamf Pro and Jamf Connect integration with Microsoft.
5 enhancements from WWDC to help Apple win the enterprise and change the future of work
Month: June 2023
Author: June 7, 2023 by Michael Devins
Source: https://www.jamf.com/blog/helping-apple-win-the-enterprise-and-change-the-future-of-work/
Mac momentum to accelerate
Apple at work is already on the rise, fueled by strong user preference and compelling technology fit for the enterprise. Apple kicked off WWDC with the introduction of new Mac hardware, powered by their industry-leading Apple silicon. The 15” MacBook Air brings a large display to an ultra-portable form factor at an incredibly competitive price point; ideal for Mac choice programs and as a standard offering for new employees.
The updated Mac Studio and Mac Pro with Apple Silicon prove again that Apple is not just capable of making the most portable computers but also the most powerful computers. Ones that handle data-intensive workflows across a wide range of industry use cases, including audio/visual, data science, 3D modeling and more.
In addition to compelling hardware updates, macOS Sonoma brings a variety of new enterprise capabilities to a wide range of Macs already deployed in the enterprise. With macOS Sonoma, organizations can deploy phishing-resistant Passkeys to users, enhance the operating system and application update experience and utilize Managed Device Attestation to leverage the Secure Enclave for strong assurance of identity and security posture.
iOS and iPadOS gain security and privacy enhancements
For most organizations, security across mobile devices remains a leading priority. At the same time, end users are more conscious about their privacy than ever before. Apple continues to enhance both in a way that maintains an appropriate balance.
As organizations continue to adopt MFA to secure work resources and applications, Apple has extended AutoFill for one-time verification codes sent via email to simplify the secure login experience for users. Apple further protects browser activity within Safari by offering new Profiles to separate work and personal data, showing how Apple is supporting both the hybrid nature of work and the way that most users blend their work and personal activities across their various devices.
AirDrop, Apple’s peer-to-peer file-sharing capability, has been simplified to make sharing contacts and files simple, now supporting secure transfers over your cellular network if devices are separated during a large transfer. Apple also introduced additional permissions that limit how apps can access photos and calendar events, keeping personal information private.
Apple Watch and the mobile workforce
Apple Watch continues to lead the growing smartwatch category and initial enterprise adopters are finding ways that these consumer-oriented devices can be used in the workplace. This is very reminiscent of how consumer demand brought iPhone into the enterprise 15 years ago. With this week’s announcements, Apple is set to dramatically accelerate workplace adoption with the introduction of enterprise-specific features that further extend the manageability and security of Apple Watch for businesses.
Organizations will soon be able to enroll and manage Apple Watch with the same MDM that manages the user’s paired iPhone, bringing familiar controls and streamlined configuration of secure network connections, settings configuration and app management to a broader range of devices. This will allow organizations pioneering innovative new wearable use cases to define best practices and security requirements that can be deployed consistently, at scale.
Apple TV in hospitality and conference rooms
Many organizations already deploy Apple TV for dynamic digital signage and kiosk experiences across a variety of industries, including hospitality, retail and more. The introduction of AirPlay support in hotels will make it seamless and secure, as users no longer need to enter their personal accounts into smart TVs. Apple users can enjoy all of their favorite content on the big screen while traveling with their personal or corporate Apple devices.
Apple will also be adding support for deploying secure network connections with VPN and 802.1x ethernet connections, preparing Apple TV for a host of new enterprise use cases. Continuity Camera support being extended to Apple TV makes the biggest screen in your office (or home) the best display for video conferencing. In addition to FaceTime, both Zoom and WebEx will be bringing their apps to tvOS. Paired with the existing support for deploying apps and settings to Apple TV with MDM, the platform is poised to dominate the enterprise as a secure, digital communication hub.
The next dimension of computing is spatial
To the delight of many, WWDC saw the return of Apple’s famous “One more thing…” The introduction of Apple Vision Pro truly set the stage for the next dimension of computing. Grounded strongly in reality, the Apple Vision Pro shared an inspiring vision (pun intended) of a future without a trackpad or touch screen.
Apple explained how visionOS frees users from the constraints of the traditional computer monitor, allowing users to place all of their apps anywhere in their environment. Apple showed how work collaborations can feel more intimate by placing life-sized people in the room and a virtual whiteboard on the wall.
Among the first use-case examples Apple highlighted was a 3D model of a heart and the significant benefits to education this platform can offer. They also highlighted how designers can visualize a 3D model and how businesses can pre-visualize production lines before manufacturing begins. Apple also showed us how existing productivity apps, like Microsoft Excel and Word can be experienced on Apple Vision Pro and announced that video conferencing apps like Teams, WebEx and Zoom can use your digital persona for video conferencing.
Apple traditionally launches products with broad consumer appeal and then iterates toward enterprise use cases and supporting frameworks. Uniquely, this wide array of enterprise use cases was highlighted as part of the announcement. Apple clearly sees a massive opportunity to transform the very nature of work with Apple Vision Pro and spatial computing.
Advancing the enterprise
Regardless of which platform excites you most, it’s clear that Apple is making major strides across all of its platforms to advance the power and capability of Apple at work. Some enhancements will be immediately valuable to organizations deploying Mac, iPhone, iPad, Apple TV and Apple Watch at work. Other innovations, such as spatial computing with Apple Vision Pro, offer a new world of possibilities for the enterprise that has yet to be explored.
The cumulative effect of WWDC 2023 cannot be understated. Apple is truly advancing into the enterprise in all dimensions.
To ensure your organization is best positioned to embrace the latest from Apple, Contact Us