Dear Onsite Family,

President Cyril Ramaphosa showed decisive leadership and placed South Africa on a 21 day lockdown from 27 March 2020, we at Onsite want to let you know that you are not in this alone and that we are still here to help you!

For all Onsite Customers;

  • Our support team will continue to assist you remotely through our Helpdesk at and via email on
  • Onsite will continue to monitor, maintain and update all IT infrastructure and services so that when we go back to work you are able to start unhindered.
  • Onsite is available to assist all organisations to implement work from home and remote learning programs. Plus Onsite Customers will gain free access to our newly launched online training platform, and training passes will be available to new customers.
  • We will still be processing renewals during this time for all subscription-based services so that you can be assured of continued services.
  • Customers should please try as far as they can to continue to pay their accounts on time and to please contact to make arrangements should they need to. This is imperative so that we can continue to pay our staff and support you.

For Schools;

  • Our support engineers are still available to help and support you remotely and you should continue to request help through our Helpdesk – or by email
  • Teachers that need remote learning assistance on Microsoft Teams, Edmodo, Google Classroom and iTunesU, are welcome to request assistance through our help desk and our engineers will assist you remotely.
  • Schools that currently use Microsoft Office 365 and would like to set up and get started with Microsoft Teams for Remote Learning can contact us for assistance.
  • We have discounted our robotics and coding kits and online courses.

For Business;

  • We are waiving the requirement for onboarding “Jumpstart” Services to all new businesses who would like to manage and support their Apple users remotely using Jamf.
  • Businesses can send employees a link to enroll their Apple Devices at home so that companies can provide them with Software, VPN Access and security in the comfort of their own homes.
  • Our Support Teams are available to assist you remotely set up a work from home program for your Apple Users, we can get you up and running within 4 hours to support your users.

For Families;

  • To keep families entertained during this time, we have discounted our robotics and coding starter kit by 40% and are including the Level Up course free of charge. Deliveries will be made as far as possible.
  • Existing Starter Kit customers will receive the Level Up Course added to their subscription free of charge from this Friday.
  • We are in the process of launching our new online training platform – which will go live by the end of this week. All existing VJ Robotics customers will be migrated automatically to this platform.
  • Families who would like to take control of their Children’s Apple Devices during this time to limit things like social media can sign up for Jamf Now – your first 3 devices are free forever.

If you have additional needs other than what you see here – please don’t hesitate to reach out to us. We know that extraordinary times call for extraordinary measures and we are committed to doing everything in our power to ensure that your business, school, and family can continue to operate as smoothly as possible. Onsite is here to assist you, please reach out to your Onsite representative.

Stay safe, and we look forward to seeing you on the other side of this.

How to manage Microsoft Office 2019 for Mac - Q&A

by Bill Smith

Our webinar, How to Manage Microsoft Office 2019 for Mac, generated a lot of interest from the Jamf community and a lot of questions from those who were able to join. We couldn’t answer all of your questions fully in the short time we were together, so let’s follow up here with some of your Questions & Answers.

The main focus of the webinar was to demonstrate how to manage Office using plists and profiles, however, presenter Paul Bowden with Microsoft did have “One more thing…” Office applications are now available in the Mac App Store and attendees had many questions about that too. Those are in their own section toward the end.

If you haven’t yet watched the webinar, you’ll find it below and in our video resources section at If you’d like a copy of the presentation slides, you can download them from

For additional questions and information, visit Jamf Nation, the MacAdmins community on Slack or contact Jamf.

Preferences, plists, profiles and policies

Q: Does the OfficeAutoSignIn key in a configuration profile work with an enterprise volume license or is there an option to skip that window? Or is there a volume license package that will activate Office?­

A: Yes, the key works regardless of how Office is activated (Office 365 subscription, volume license or single license.) Volume licensing is available for organizations needing five or more seats and avoids users needing to sign in with Office 365 credentials. However, apps activated with Office 365 credentials receive more features than other types of licensing.

Q: Does the OfficeAutoSignIn key only work if you are signed in to a domain-joined Mac with an account that has an Office 365 subscription?

A: No. This key doesn’t require an Office 365 subscription, nor does it require a domain-joined Mac.

Q: Does this content also apply to Office 365 ProPlus [which includes the Teams application] or just Office 2019?­

A: Yes, the great majority of this content equally applies to both Office 2019 and Office 365. Automatic Outlook account setup using a configuration profile and Intelligent Services are specific to Office 365.

Q: What are you using to view the plist?­

A: BBEdit from Bare Bones Software is a great plain text editor that lets you view and edit plists easily. The free version is very full featured. It doesn’t suck.®

Q: Can you also use Xcode to edit a plist on the fly?

A: Yes­, this should work too. Keep in mind that some changes made in an application may not be written to its plist until the application is quit.

Q: Is there an AutoUpdate plist that is global to all users?

A: Not by default. The plist for the AutoUpdate application is per user and exists in each user’s home folder. A configuration profile will manage and enforce settings for all users. However, in Paul’s “Walkthrough – Policy or Preference” section, he describes how an administrator may want to create a new plist in the System-wide preferences at /Library/Preferences. A plist here will affect all users but will let each choose another setting if desired.

Q: I’ve experienced an issue where apps deployed on a new machine don’t register with MAU until the app is launched at least once.­

A: You can resolve this through a configuration profile that has the Applications array defined. See the example on Paul’s GitHub repository. Use a plain text editor like BBEdit to make a new file on your desktop and paste in the full plist. You can use the defaults command explained in the webinar to add more properties to the file like the settings for HowToCheck, ChannelName, etc. Or you can copy those settings from the MAU_FullyManaged.plist example and paste them at the end of the file. (See this example for what it will look like when you’re done. Be sure to use the plists from Paul’s GitHub, though.) Upload the entire plist to a Custom Settings payload in a new configuration profile.

Q: Are these managed preferences available to Office 2016 apps?­

A: Many are in Office 2016 (versions 15.9 through 16.16.x). But some are only in Office 2019 (versions 16.17 and higher). Microsoft is adding new manageable preferences almost every month. Refer to Paul’s demonstration in the webinar for how to find a plist setting using the diff command.

Q: Where can I find more plist file settings to manage?

A: A great place to start is the community-contributed list of domains, keys, values and their descriptions at If you find information that hasn’t been added to this list, please ask the page owner to update the page or request access to edit the page yourself. Also, refer to the Deploy preferences for Office for Mac section of Microsoft’s Deployment guide for Office for Mac.

Q: ­Are the preferences in the spreadsheet particular to a “minimum version” or “specific version” or just “it depends”?

A: ­New preferences are added all the time. That means you’ll need to be at newer versions of the apps to use the newer keys.­ For the most part, the spreadsheet does a good job of detailing when a new preference was introduced and the minimum application version needed to use a particular key.

Q: ­You mentioned that it’s not wise to change a plist while the app in question is running. Is it harmful to deploy a configuration profile with a plist to my users if they have Outlook, Word, etc., running? ­

A: Different apps behave in different ways. Some will immediately change settings when you deploy a profile. Others require you to restart to see the settings change. Deploying a profile while an app is running shouldn’t be harmful, but it may not take effect until the app is restarted.

Q: ­Is it best practice to deploy the profile or plist for Office prior to installing Office or after?­

A: ­It doesn’t really matter. So long as the apps and the profiles or plists are in place when the user launches an application, that’s when it all comes together. ­

Q: ­What was the URL for the one-click setup?­

A: See the Jamf Blog post “Help users activate Microsoft Office 365 and configure Outlook in one click” at

Q: ­What happens if I use a configuration profile with a Custom Settings plist to set a few of these Office First Run Experience settings, but don’t include all the other keys in the plist? Will it wipe out the plist with only the new settings or will it “merge/ add” the settings? ­

A: ­Yes, they’ll merge! (Technically, if you install a profile before the user can set the preference, the user’s own plist won’t write the setting.) For those keys/values you don’t include, the user has full control.

Q: ­If I push these settings in a profile to existing Office installations who’ve already gone through the First Run Experience, will it overwrite their choices?

A: ­If users have already gone through the first run experience, the profiles don’t affect them. Remember, configuration profiles don’t change plists. They only override the settings in plists.

Q: ­How would that “default but not locked-in preference” be applied? Script?­

A: ­Yes, use a script. Or if you’re only going to set the default for one or two settings, consider using just the Execute Command filed under the Files and Processes payload in a Jamf Pro policy. Configuration profiles enforce settings. A script will let you set the default setting but allow the user to change it later. ­

Q: ­If I skip the First Run dialog for Intelligent Services, what is the default setting? Enabled or Disabled?­

A: The kFREIntelligenceServicesConsentV2Key is not set by default. It gets set to “true” when the user sees “Use Intelligent Services” dialog. If you want to suppress the initial dialog, you need to manage the key and set it to “true”.

Q: ­Intelligent Services are specific to Office 365. Are there any negative consequences to enabling these on an Office 2019 installation, licensed with Serializer?­

A: Intelligent Services works only when the applications are activated with an Office 365 license. Attempting to apply Office 365 specific settings to applications activated using a volume license should have no impact on them.

Q: ­Any way to disable the Microsoft Store in the apps?

A: Not with configuration profiles, but your tenant administrator can do it centrally.

Q: Are the Terminal commands used in the presentation case-sensitive?

A: Yes, the commands as well as the domains, keys and values are all case-sensitive. The exception to this is Boolean (true/false) values. The defaults command is pretty forgiving with case for Booleans.

Q: ­Will you have an example of using a Choices.xml for managing installation via stand-alone package? or just recommend using MAS?

A: We didn’t cover how to use a choices XML file since it’s documented in other places. If you don’t want to use a choices file, you can install individual apps from the Mac App Store or download them from (the links all point back to Microsoft). You may find the script mentioned in Bill’s Jamf Nation post from a couple years ago useful too.

Q: If Office plists do not get generated until the user actually opens the application, how can you modify a plist before the user even logs in or before they open the Office application­?

A: If you as an administrator create the plist first with the keys and values you want to pre-set for the user, the application will use that plist and it will add any other necessary keys and values to finish creating the file. Your settings will be honored.

Q: What is best practice — Installing all the app plists into a single configuration profile or a separate profile for each app — Microsoft AutoUpdate, Word, Outlook, etc.?­

A: ­One plist per app is best practice­. It’s OK for a single app plist like to contain multiple key/value pairs (e.g., HowToCheck, ChannelName and SendAllTelemetryEnabled). Generally, you want to deploy unrelated plists in separate configuration profiles. That’s because when you “update” a profile you’re really removing the old profile from the Mac and installing a new one. For a brief moment, your management settings are lifted before they get reapplied.

Q: ­Can an administrator lock the user out of joining the Office Insider program too? ­

A: ­Yes! Set the value of the ChannelName key to “Production­” in the file.

Q: ­Can you also specify joining the Office Insider Fast or Slow programs? ­

A: Yes, through the same ChannelName key in the file. Set its value to “InsiderFast” for Insider Fast or “External” for Insider Slow.

Q: Can we block/suppress PST files in Outlook via

A: ­Yes! Keys are DisableImport and DisableExport for the domain. Set to TRUE for the value. Remember, the domain and key names are case sensitive.

Q: ­Can this feature slow the performance of the application? ­

A: ­Profiles are an Apple-designed feature. They won’t impact the performance of the apps, just the behavior of the apps. The settings from plists and profiles are applied at the time an app is launched.

Q: ­Is there any way to deploy a Custom Settings configuration profile in Jamf Now? ­

A: Currently, configuration profiles with custom settings are only supported in Jamf Pro.

Q: ­Will you cover the Microsoft AutoUpdate Caching Server? ­

A: The MAU Caching Server is more than we have time for in this webinar. But see Bill’s MacAdmins at Penn State presentation “Administering Office 2016 for Mac, Part III: Outlook and Updates” and Paul’s training video “Using the ‘msupdate’ command-line tool in Microsoft AutoUpdate”.

One more thing… Office in the Mac App Store

Q: ­What are the main benefits of moving to the Mac App Store for Office 365?­

A: You can use Apple’s volume purchasing of apps to deploy Office apps directly from the Mac App Store, which means you no longer need to maintain your own package installers. And you’ll always be installing the current version of the apps instead of possibly installing older versions. The App Store will handle your updates too. Updates through the App Store are “delta” updates, which means your Macs are only downloading the changed bits of the software rather than the entire application each time.

Q: Now that Office is in the Mac App Store, what happens to the other ways I currently deploy Office? Is the package going away?

A: Not at all! The App Store is simply a new way to get and deploy Office. It’s not replacing the package installer.

Q: Are there going to be any changes to the way we can, or will have to, manage Office now that it is in the Mac App Store?­

A: Short answer is No. Managing Office apps deployed using volume purchasing and the Mac App Store will be the same. There will be some special steps to follow for converting existing apps installed using a package to Mac App Store apps, though. OneDrive may be an exception since the App Store and package versions are different. Paul will be posting information for this at in the very near future. (This page is currently in progress. Please be patient.)

Q: ­How does Office 2019 through Office 365 licensing work in a Higher-Ed Lab/AD environment? Does this require specialized licensing? ­

A: The licensing is the same, however, Office 365 currently doesn’t support shared activation across all users on a Mac. You can use Paul’s O365SharedActivator script to assist with this for now. Any future plans for enabling shared Office 365 activation for lab machines will likely require an Azure tenant.

Q: How do I manage Microsoft AutoUpdate when deploying apps through the Mac App Store?

A: AutoUpdate isn’t compatible with the App Store. The App Store itself will handle the updates going forward. You can manage when updates are installed in Jamf Pro by editing each app under Computers > Mac App Store.

Q: Can the apps from the Mac App Store be used with a volume license?

A: No. For technical reasons, only Office 365 activation is supported. Perpetual licenses (non-subscription licenses) like volume licenses deployed using the Office 2019 Serializer or individual licenses purchased from a big box store or retailer are not compatible.

Q: If a user already has Office 2019 installed on his or her Mac from an installer package, can I deploy it via VPP and have it take over management of the currently installed apps? Also, will the Mac App Store be capable of handling the updates automatically?

A: Do not install the Mac App Store apps over existing apps.­ They are signed using Apple’s certificate whereas apps installed from a package are signed using Microsoft’s certificate. This can lead to unwanted keychain prompts to the user. Instead, follow the instructions at (This page is currently in progress. Please be patient.) Once the apps are installed from the Mac App Store, it will assume responsibility for keeping the apps updated and you’ll no longer need to manage an installer package.

Q: ­Will Teams be available in the Mac App Store (soon)?­

A: ­Unfortunately, no ETA on Teams in MAS.­

Q: Where can I find more information about deploying Office for Mac from the Mac App Store?

A: See Deploy Office for Mac from the Mac App Store on Microsoft’s website.

Still have questions? Contact us. Not already a Jamf Pro customer? Take our solution for a free spinand put these workflows to the test.


How much paper are you saving each year? Find out now

It goes without saying that PaperCut MF and NG are handy dandy at reducing the amount of paper you use in your workplace. (Ok, I said it anyway, but I had to start this post somewhere.)

After all, life without print management software like PaperCut MF means recycle bins full of abandoned print jobs cluttering the space around multifunction devices. And that sucks.

Stopping those abandoned print jobs has been huge. Our stats guy Jeremy reckons we’ve saved over 750,000,000 sheets of paper because of features like secure print release. That’s like 80,000 trees. Cool hey?

BUT … did you know there’s a handy dandy way to work out exactly how much paper you’ve saved from not printing abandoned print jobs?

There is!

First, let me set the scene for you …

The enviro impact of unreleased print jobs

There was I, casually perusing the support queue in my role as a person responsible for perusing the support queue when suddenly a question came through from a friendly PaperCut user (I knew they were friendly because of the smiley emoji – best start to a support ticket ever!).

“Is there a report in PaperCut that shows the number of pages not collected? It’d be great to report on the environmental impact of unreleased print jobs.”

Aha, thought I! This friendly PaperCut user is looking for one of the best-kept secrets in PaperCut’s report library!

The “Unreleased Jobs Paper Saving” report is full of really cool insights into the environmental impact of not releasing abandoned print jobs. The report shows the:

  • Number of trees you’ve saved
  • Amount of CO2 you’ve saved
  • Manufacturing energy saved (conveniently expressed as light bulb hours)

Cool hey!?

Ok, enough showing off – let’s find the report.

Get to know the environmental savings you’ve made using PaperCut

How to find your paper savings report

In the PaperCut MF or NG admin console, go to reports.

Select the Environment tab up the top.

The last option is “unreleased jobs paper saving“. Run that report and the number of pages you’ve saved from not printing abandoned jobs is revealed.

And if you’re wondering about the impact that NOT printing those jobs has on the world’s tree population, remember that a tree produces 8,000+ sheets of paper.

Interested in PaperCut for your organisation?

Top 10 Reasons to use PaperCut MF

PaperCut MF is the easy way to automatically monitor and manage copying and printing in your organization, giving you control over your costs and environmental impact. PaperCut MF checks print jobs on the print server and analyzes them, applying rules to enforce your print policies.

1 Cut Waste and Your Carbon Footprint
Encourage responsible printing with PaperCut MF quotas and print policies, cutting paper and toner costs and power usage. At-a-glance reporting on CO2 and carbon emissions – by CO2 volume or by tree – shows the impact.

2 Apply Print Policies Enterprise-Wide
With PaperCut MF, printing requests are intercepted at the print server to control jobs according to policies that encourage or enforce good behaviour. Use job filtering to advanced scripting (JavaScript) to implement policies and improve device utilization. For example, you might route large jobs to dedicated high-speed printers, display popups to ask end users to confirm single-sided output, automatically delete print jobs with incorrect paper sizes or suggest an alternative printer when a device is offline.

3 Solve mobile and BYOD Printing
Allow users to print from whatever BYOD or mobile device at their disposal. No matter the operating system, their location, the fi le format or the brand of printer, PaperCut MF has simple solutions to solve all these. All solutions integrate into PaperCut’s standard print charging/ accounting/quota process.

4 Enable Find-Me/Secure Print Release
PaperCut MF protects confidential documents and slashes the volume of unclaimed printouts by ensuring users to release print jobs at the point of printing. With Find-Me printing, users queue print jobs to a virtual queue and then release them for printing on a specific device. Secure Print Release requires user authentication before printing, ensuring that only authorized users can print and collect sensitive documents. PaperCut MF can also be configured to require print approval, ensuring managers, teachers or SysAdmins authorize the printing of any job.

5 Monitor and Report on Usage

Real-time monitoring and reports address all areas of print/copy/fax/ scan management, ranging from detailed page logs to summaries by the user, department, device or environmental impact. PaperCut MF offers more than 50 reports out of the box, in PDF, HTML or Microsoft Excel (.csv) format. Access reports from any web browser, or schedule them to be automatically generated and emailed. You can set up reports to use your own header, and create reports with custom data by specifying date ranges, filtering and sorting by the data available.

6 Deploy Simply

An installation wizard installs server software and then proceeds to automatically detect printers and multi-function devices on your network. Create users and groups automatically from directory services including Active Directory, Open Directory, Novell eDirectory of LDAP, Install wizards help you define user access rights, page costs and quotas. Client software is optional and can be run directly off a server share avoiding the need to install/deploy locally. PaperCut MF integrates with printers and multi-function devices from all major vendors.

7 Administer Centrally, Manage Easily

PaperCut MF provides browser-based administration access from any network location, providing advanced administration and configuration options in an intuitive user interface. End users have access to a set of web tools to track their own activity in real-time, query their account balances, view transactions, and transfer credit to other users.

8 Integrate with Your Intranet and Other Systems

A customizable web interface ensures you can easily integrate with your intranet site, and a fully documented API and scripting interface let you integrate PaperCut MF with other IT systems.

9 Scale Up Effortlessly

Modern software design and architecture provides scalability for networks of all sizes, from five to 500,000 users. Regardless of the number of servers and end users on your network, PaperCut MF will meet your needs.

10 Maximize Uptime and Availability

PaperCut MF delivers a robust approach to maintaining service by clustering at the print spooler, application server and database (for cluster-aware databases), as well as automatic fail-over protection against single points of failure.


More benefits of PaperCut

Control costs

with a simple account, bill or charge for every copy, print, scan and fax

Report usage

and costs per page, by user, device and function

Access devices

via login, account code or ID/access card


responsible use using rules, limits and auto notifications

PaperCut is used by more than 50,000 organizations in 100+ countries to cut costs and environmental impact. “PaperCut’s ease of use, mixed with its powerful scripting and filtering services – and combined with its many varied reports – make it our ideal print management solution. We can safely just leave it to do its job and not have to worry about running up massive printing bills.”
Tony Ayre, IT Manager, Minehead Middle School

Get in touch

Eliminate the challenges of binding: Jamf Connect now integrates with Azure Active Directory

Coffee shops, airports, working from home — in today’s environment, more and more employees are working in locations other than the office. While many companies are putting a focus on accommodating a more mobile workforce, this shift also brings heightened awareness about keeping company data secure.

For years, organizations have been binding Mac computers to Active Directory to maintain a certain level of security. However, in an age where not all employees are on-site but are still required to log into a corporate network to access resources, security assurances don’t come so easily.

What is Active Directory?

Microsoft Active Directory has been the gold standard for on-premises identity and account management. A vast majority of organizations have been using Active Directory in order to solve authentication issues; in other words, making sure that company data and applications are protected from anyone outside of the directory that is not an employee.

How can organizations overcome Active Directory challenges?

But binding to Active Directory is not without its downsides. Because employees are no longer stationary, the way organizations approach identity and security must adapt by moving from an on-premises identity provider to one in the cloud. Data security breaches are more of a threat than ever and organizations are laser-focused on protecting their information. Just logging in with a username and password is not enough anymore. Enter top cloud identity providers, such as Microsoft Azure and Okta, which allow IT admins to remotely manage users, passwords and access to corporate applications.

Can I use Azure with my Apple devices?

Yes! With the acquisition of NoMAD, now Jamf Connect, organizations have the ability to provide a simple, unified authentication and account synchronization process while ensuring end users have the best possible Apple experience. Simply put, IT admins gain peace of mind knowing they can manage accounts and secure each device all while their employees are unboxing their Macs, powering them on, and accessing all of their company applications with one username and password — without being connected to a corporate network, such as VPN.

This is all made possible with Jamf Connect’s new integration with Microsoft Azure. So, as we see the growing migration from Active Directory to the cloud, IT admins are assured that their bases are covered when it comes to identity and security, while still giving employees the best experience with their Mac. It’s a win-win.

Details on how Jamf Connect integrates with Azure

Download our Jamf Connect overview and learn the what, why and how of the Microsoft Azure integration and discover how to put it to use in your environment.

Download now

And when you’re ready, see the incredible benefits of Jamf Connect for yourself.

Get started with Jamf Connect

Welcome to the new world of digital signage

Apple TV has been creeping into the spotlight for the past few years — have you noticed? Newer models brought the App Store with streaming services, 4K support, HomeKit capabilities, Siri integration, and of course AirPlay. This new feature set paired with Jamf management enables Apple TV to find new homes in conference rooms, classroom, hotels and hospitals worldwide. A device that was previously reserved for the home theater has found a global stage with one use case in particular: digital signage.

What is digital signage?

Using a combination of multimedia and dynamic data, digital signage is a fantastic way to showcase information or advertising in an attractive way. Do you want to make students and parents aware of extra-curricular activities and clubs? Do you want store visitors to see your products or promotions featured in beautiful 4K? How about making your corporate lobby more welcoming or replacing the Apple TV screensaver in your conference room with something purposeful and valuable? Digital signage could be the cost-efficient and scalable solution you need.

A digital signage system is made up of a few parts. You have your display (flat panel or projector), media player and a content management system. Historically the media player has been expensive hardware that was difficult to setup and manage. Content management was either done over the network or manually distributed to the media players using physical media like SD cards. All of this special hardware and manual labour added up quickly, making early digital signage projects unattainable for many.

Enter the 4th Generation Apple TV

October of 2015 saw Apple’s release of the 4th Generation Apple TV which included the Apple TV App Store. Developers finally had the ability to write software targeted towards Apple’s lowest cost device, attached to the largest possible screen. tvOS 12 was released in September of 2018 and it brought automated device enrollment and Apps and Books to Apple TV. This series of fortunate events brings us to a world where tvOS has certain management capabilities that mirror other Apple platforms:

  1. Automated enrollment enables zero-touch device configuration
  2. App management makes it easy to get software where you need it — without an Apple ID
  3. Configuration profiles allow you to set apps in ‘Single App Mode’ and apply additional security settings
  4. Apps and operating systems stay up to date through Jamf’s management solution

Carousel Signage

Carousel Signage is a company that saw an immense opportunity with an Apple TV-based digital signage player because it solves virtually every problem associated with traditional deployments. From many considerations (cost, graphics performance, management of the platform), Apple TV is superior to purpose-built devices. Located just blocks from Jamf headquarters, Carousel found a partner in Jamf to offer advanced integrations that make initial deployment and ongoing management of the deployment simple.

Carousel offers granular levels of access to content contributors — this means you can empower an individual to update just a portion of the digital signage message while ensuring brand integrity. Content approval workflows allow staff or even students the ability to submit content that won’t go live until it is approved. Their ability to display dynamic data make it effortless to provide valuable information to your students, employees or customers. And finally, integrations with CAP-enabled alerting systems extends emergency notifications to Apple TV as well.

Apple TV + Jamf + Carousel

Innovation by Apple, Jamf and Carousel have led to a perfect storm of opportunity. A fantastic media player, paired with a robust management framework, and given purpose with software like Carousel Signage, will revolutionize how digital signage is deployed and maintained. If your organization has something to say, make sure it’s both heard and seen with the powerful combination of Apple TV, Jamf Pro and Carousel Signage.

Why the device management solution you choose matters

When searching for a device management solution for the first time or evaluating your current tool for a potential upgrade, you often get pulled in multiple directions with vendors shouting:

  • “Look over here! We can manage ALL of your platforms with one solution.”
  • “But we’re the cheapest and our tool is good enough to get the job done.”
  • “Wait! Don’t go with them! Why? Well, just because.”

It can be hard to wade through the noise and nonsense to determine which management solution is best for your unique needs.

At Jamf, we want you to succeed with the ecosystem you choose — be it Apple, Microsoft or Google — with the management solution you ultimately select (even if it’s not us). While we obviously want you to choose Jamf, we most importantly want you to be fully informed prior to making any decision. So begins our tutorial on device management philosophies…

Unified endpoint management (UEM) 101

When all of your ecosystems are managed with one tool, this is often referred to as unified endpoint management or UEM. On the surface, the idea of having one solution to tackle any device that hits your network can be appealing.

The problem, and what UEM providers won’t tell you, is that there is such a lack of commonalities in how Apple, Microsoft and Google are intended to be managed that the end result is a lackluster experience for IT and their users.

If the chart is hard to understand, it can’t be easy to manage.

With each ecosystem having its own method of deployment, operating system release cycle, security features and overall device management style — just to name a few — a UEM approach prohibits IT from delivering a seamless and timely technology experience that modern users demand.

Less is not always more

The old adage that “you get what you pay for” tends to hold true in the realm of device management solutions. With a seemingly new vendor popping up daily to undercut the price of the last flavor of the week, it can be difficult to look at the long-term as opposed to an enticing upfront cost.

When considering going this route, ask yourself:

  • Does this vendor have a proven record of support operating system releases and features when they become available?
  • If something goes wrong, do they have a reliable support staff who can assist?
  • Can this company and its solution scale as our needs and environment change?
  • Will this company be around in one, two, five years and there when I need them?

Purchasing software to help you get the most out of your hardware is a big decision and one that shouldn’t be done hastily.

But you already knew that. And now you’re asking yourself, “I’m reading the Jamf blog, where does the best-of-breed argument come in?”

Very perceptive. Yes, we’ve arrived at the point where we discuss the best-of-breed management model and the one Jamf is known for.

Best-of-breed management solutions

Where UEM and dime store tools fall short, best-of-breed solutions reign supreme. By providing full lifecycle management, Jamf’s best-of-breed Apple management solutions are the only way to maximize, streamline and automate:

Deployment and provisioning to build the perfect device for users through a zero-touch, hands-free enrollment process.

Configuration management by leveraging configuration profiles, policies and scripts to customize and personalize each device.

App management to purchase apps in bulk and distribute them directly to a device or make readily available in an on-demand app store.

Inventory so you can collect hardware, software and security configuration details, and take immediate management action as a result.

Security by leveraging native Apple features to restrict malicious software and patch out-of-date devices.

For a much more thorough dive on how best-of-breed solutions differentiate themselves from others and what specific features Jamf offers, download the best-of-breed guide of your choosing.


What about Microsoft best-of-breed?

Ah, of course. The other major player in the modern landscape. While Apple has gained significant traction in the enterprise, many organizations will still need to support Windows PCs. To accommodate these organizations, Jamf Pro integrates with Microsoft’s best-of-breed Windows management solution, Intune, to deliver the answer to the challenge of cross-platform management.

This integration provides an automated compliance management solution for Macs accessing applications set up with Azure Active Directory. Through the industry’s only proxy-free conditional access, this partnership ensures that only trusted users, from compliant Mac computers using approved apps are accessing Office 365 and other cloud and on-premises resources.

Microsoft enables Jamf to report Mac information to Intune and provide a simple process to remediate non-compliant devices.

For traditional environments, Jamf offers a plug-in for Microsoft’s Systems Center Configuration Manager (SCCM) — providing a seamless path to work with modern and traditional Microsoft tools.

The management decision is yours

Hopefully this provides insight into the management model that makes the most sense for your organization, staff and users — in the short and long-term.

I’ll leave you with one additional thought. Jamf has been around for over 15 years and been exclusively focused on helping organizations succeed with Apple. This isn’t just a hobby or way to make a quick buck — this is what we pride ourselves on.

With more than 16,000 customers managing over 10 million devices, our best-of-breed model has worked to the tune of a 95 percent customer retention rate. Long story short: when customers choose Jamf, they join a rapidly growing community of Apple experts — and don’t leave.

If you’re interested, we offer a free, no strings attached trial of our best-of-breed solution so you can put our features to the test. Ready?

What is Apple Business Manager?

Whether you are an IT professional or have the task of maintaining your office’s technology, you know that having the ability to enroll devices and purchase applications in volume can feel like a life saver. Chances are, if you have found yourself here, you’re working with Apple devices in your business and may have heard about Apple Business Manager. Let’s take a look at what Apple Business Manager is, a little bit about the change and why you should strongly consider using it to help make your everyday device management tasks easier, faster and more simplified.

What is Apple Business Manager and why was it made?

Apple Business Manager is Apple’s newest way for IT teams and businesses to automate their device deployment, app deployment and purchasing, and content distribution while working seamlessly with a mobile device management (MDM) solution. At this point, some of you may be thinking, “Doesn’t Apple already have a Volume Purchasing Program (VPP) and a Device Enrollment Program (DEP)?” Yes, they do! Apple Business Manager combines the power of DEP and VPP in one consolidated service to allow you to automatically deploy Mac, iPad, iPhone and Apple TV devices directly to users — configured with settings, security controls, apps and books. For a deeper dive, check out our blog on why DEP and VPP gave way to Apple business Manager.

As mentioned, Apple Business Manager helps you quickly and easily deploy your Apple devices to employees, automatically enroll them within Jamf without physically touching or prepping each device, simplify your setup and onboarding process, as well as get more out of your MDM. Apple Business Manager also allows you to create Managed Apple IDs, a special account type that allows you to share your Apple Business Manager account with others in your organization.

What does that mean for you, the user?

You have a few options as you consider how to approach Apple Business Manager. First, if your organization is already enrolled in Apple’s deployment programs (formerly called VPP and DEP), you are able to use your existing tokens until they expire.

Apple has made it clear that Apple Business Manager is the best platform for businesses using their products going forward. The migration to Apple Business Manager is free, fast and easy. Head to to begin your migration. Once complete, your new Apple Business Manager account will show your server tokens and other associated content.

Note: Once you make the upgrade to Apple Business Manager, you will no longer have access to the Apple deployment program website.

If you are starting from scratch, enrolling into Apple Business Manager program is also relatively quick and easy. Any business is eligible to enroll in Apple Business Manager at To get started, you will need to complete the online enrollment process by providing information including name, phone number and a valid D-U-N-S number for your company.

Once you are a part of the program and have downloaded your Apple Business Manager tokens, you are able to upload these tokens into your Jamf account by simply following the onscreen instructions.

Having the ability to enroll devices and manage the content that you have bought in volume all from the same portal location is going to streamline the amount of time you spend enabling your employees to perform at their best.

Depending on your needs, Jamf offers two solutions to help you integrate with Apple Business Manager and start managing your fleet of Apple devices today.


Jamf Now or Jamf Pro: Which is right for you?

by Daniel Weber

You may know Jamf as the standard for Apple device management. If not, very nice to meet you.

With Mac, iPad, iPhone and Apple TV devices becoming commonplace in organizations, hospitals and schools around the globe, many are discovering that a purpose-built Apple management solution is necessary to accomplish their goals with Apple.

Any of this sound familiar?

  • We purchased Macs, now how do we get the right stuff on them for our employees?
  • How can I turn my iPad into a point-of-sale terminal?
  • How do I ensure students’ privacy is protected when using education technology?
  • Can my staff get the resources they need without bugging IT every time?

Yeah, you need management.

Since expertise, goals, requirements and scenarios vary, we didn’t want to shoehorn you in to one management solution. So, we created two distinct tools — both of which will always support Apple releases and features on day one — to address your unique needs: Jamf Now and Jamf Pro.

Who is Jamf Now for?

Most commonly used by small to mid-sized businesses, Jamf Now is streamlined Apple device management; no IT required. When IT is not your day job, or you have a more simplified environment, Jamf Now is for you.

What do the “basics” get you?

For starters, here’s what you won’t get: a sales pitch, software training or product documentation. There’s no need! We’ve designed Jamf Now so that you can, well, start now. Jamf Now walks you through every stage of your account creation to ensure you have all the necessary pieces in place to start managing devices. Tailor-made for small to medium-sized organizations, Jamf Now helps you:

Setup: Enroll devices into Jamf Now via user-initiated enrollment or zero-touch through Apple’s Device Enrollment Program (DEP) — now part of Apple Business Manager. Once enrolled, configure Wi-Fi, email, calendar and contacts, and set basic iOS restrictions on your devices. You can enjoy ongoing device customization by leveraging a Jamf Now Blueprint. Create multiple Blueprints to define settings and apps, then deploy a Blueprint to a device or set of devices. For example, XYZ organizations can use the XYZ blueprint to automatically apply settings 1, 2 and 3, along with the most commonly used apps.

Inventory: Keep track of device settings and details by viewing inventory status within Jamf Now or by exporting inventory reports to spreadsheets to demonstrate compliance.

Manage: Jamf Now can help you purchase Volume Purchase Program (VPP) apps and centrally deploy them to the appropriate devices. VPP is now part of Apple Business Manager, as well. Single App Mode through Jamf Now allows you to lock your iOS device to a single app, turning it into a point-of-sale or kiosk in retail locations.

Protect: Require that a passcode be on all Jamf Now enrolled devices and enforce native Apple security features such as FileVault 2 for Mac. If a device is lost or missing, disable and locate and/or remotely lock and wipe to ensure the device, user and data remain secure.

Who is Jamf Pro for?

Organizations that have scaled beyond basic Apple device management, and need a more robust tool to help manage employee or student devices turn to Jamf Pro. When you have a dedicated IT admin or team, you require enterprise-level features and functionality. Jamf Pro offers everything Jamf Now does and so much more in the form of:

Deployment: Aside from offering zero-touch deployment to provision the perfect Apple device right out of the box, Jamf Pro also integrates with Apple School Manager or Apple Configurator — allowing you to truly choose the manner in which you enroll Apple devices. If you already have Macs on your network (or think you do), Jamf Pro provides a network scan to identify any unmanaged Macs. Once located, quickly enroll the devices into management. For traditional environments that are not yet leveraging zero-touch enrollment, macOS imaging tools are available to help these organizations meet their deployment needs.

Inventory: When default inventory collection is not enough, Jamf Pro empowers you to build Smart Groups based on inventory criteria without using complex query language. Smart Groups update every time a device checks into Jamf Pro, so they’re always up to date. Group membership can trigger policies for automated management actions or be used in reports. Reports can be run on any inventory category (and even make a dashboard view for instant report visibility) to make informed business decisions and demonstrate compliance. If a device falls out of compliance, get an alert so you can take swift action.

Device management: Go beyond basic configuration profiles and use policies and scripts to truly customize your devices. Want to modify account permissions? No problem! Need to have a custom script run every time a user logs in? Easy! No macOS or iOS restriction is off limits. Run custom scripts and advanced configuration profiles to open the door for infinite device management capabilities. Plus, Jamf Pro provides full Apple TV support, so you can manage them just like an iPhone or iPad.

App management: Looking to develop your own in-house apps or leverage apps outside of Apple’s App Store, such as Adobe Creative Suite? Jamf Pro is for you. With Jamf Pro, you can purchase App Store apps in bulk using Apple’s deployment programs, pre-configure App Store, third-party or In-house apps, and distribute them in the manner of your choosing.

Self Service: Create your own custom app catalog and offer tier-zero self-help tools to users — all without them ever submitting a help ticket. You load Jamf Self Service with resources, content and trusted apps, and users access them on demand. To encourage adoption, brand Self Service with your banner, logo or dock icon.

Security: Beyond enforcing native Apple security settings to restrict malicious software and protect personal and corporate data, Jamf Pro gives you the tools to secure VPN configuration, manage local macOS accounts and administer management privileges at a granular level. Manage FileVault and Gatekeeper settings, block specific software from running, enforce restrictions – like disabling the camera or iCloud — and even manage kernel extensions all with Jamf Pro.

Patch management: Software and data breaches often start by attacking out-of-date software. To combat this vulnerability, Jamf Pro offers patch management functionality to identify and automatically deploy software and OS patches to eligible computers and bring them into compliance. You define user interactions and set deadlines to update. Jamf Pro is the only solution with automated patch alerts for third-party apps built right into the platform. No other tool allows you to identify, package, distribute and report on patches the way Jamf Pro does.

Integrations: Leverage your existing tools and seamlessly integrate Jamf Pro with the management tools, network access controllers, and other IT services and technologies you already have. If you utilize Apple deployment programs, Active Directory, Single Sign-on, Microsoft System Center Configuration Manager (SCCM), Microsoft Intune, Cisco ISE (and many more), Jamf Pro can pair with it. From cross-industry integrations to specific solutions, visit the Jamf Marketplace to see the 200+ providers Jamf Pro integrates with.

Services: To ensure success, all sales of Jamf Pro include new customer primer sessions and a personal training and implementation engagement. Through remote and on-site sessions, you’re equipped with the tools necessary to immediately begin implementing solutions to the challenges you face in the ever-evolving Apple ecosystem. Following your initial engagement, Premium Services are available to focus on your priorities in the form of enhanced workflow design, implementation strategies, security management and much more.

Support: When you purchase Jamf Pro, you join a customer community and have access to a team of experts versed in Jamf and Apple technology. Support is available via chat, email or phone during business hours, and there’s no max number of support cases you can create. Premium Support is also available should you desire round-the-clock support, priority escalation, product issue reports and a dedicated Jamf expert.

Training: Basic, intermediate and expert level training courses are offered to provide Jamf Pro customers with hands-on experience and in-person access to Jamf and Apple experts.

Still not sure which is right for you?

Don’t worry, with 96 percent of Jamf Pro customers renewing their contracts every year, you can’t go wrong. And you’ve really got nothing to lose by trying our solutions, because hey, they’re free to test drive. As an added bonus, the first three devices with Jamf Now are always free.

Let us help you get the most out of your Apple devices. It’s what we do best.


CYOD: Users choose, IT Wins

Clayton Campbell | Director, Onsite Group

When it comes to attracting and retaining top talent in the enterprise, the landscape is more competitive than ever. With the highest global talent shortage in 10 years, it’s no wonder that the next major priority for organisations is creating the ultimate employee experience. The best place to start is with the devices employees use to do their jobs everyday.

‘Bring Your Own Device’ was considered a great solution: employees used their own devices, plugged into the company systems, and everyone wins. The workforce is happy with the devices and the company gets a boost in productivity. But this didn’t last, because the administration and security concerns around those devices could not be ignored.

BYOD has been a disaster to many, but it would not benefit anyone to regress to the old way of doing things. So instead businesses are applying a new way of thinking: ‘Choose Your Own Device’. In CYOD, the company procures the devices, but the employees have a say in what they prefer to work with.

“Traditional BYOD gave limited access to corporate infrastructure,” explains Clayton Campbell, Director of the Onsite Group. “Employees could connect to company networks over Wifi or the internet, but the company couldn’t really lock down those interactions because they didn’t own the device. The user had power over what they could and couldn’t do. With CYOD, the company owns the device and has full control to handle security and restrictions. But employees have the freedom to choose the device.”

This is complemented by a parallel trend: the growing popularity of Apple devices in enterprises. Apple was once not so closely associated with the business world. Back in 2010, the late Steve Jobs complained about the enterprise market, saying it didn’t take user choice into account under the yoke of IT departments controlling all aspects of device allocation.

The rise of Apple in the enterprise

But much has changed. Smartphones led a revolution that switched gears, through BYOD and full circle - except user choice is now ingrained in the process. Apple has become a very sought-after brand by enterprise warriors.

“It’s been a Microsoft environment because IT made the decision. But more users are pushing back. They want Apple devices. So corporations are looking to give users more choice and a lot are choosing Apple.”

Research concurs: Good Technology's Mobility Index Report declared that iPhones accounted for 72% of all enterprise smartphone activations during Q1 of 2017, a number that has grown since. Jamf, a device deployment and management platform that specialises in Apple products, claimed that 99% of large organisations now have iPhone and iPad presences and of organisations with choice programmes 72% of employees choose Mac and 28% choose PC.

Yet managing these devices has its own challenges. Too many organisations are trying to shoehorn all of its device management into a single platform that tries to appease them all: Apple, Windows and Android. The results are lacking, to say the least, and as a result, many IT departments are not seeing the benefit of bringing non-Windows devices into play.

Users do it themselves

But this is an entirely different story when using a specialised management suite. Suites such as Jamf are creating authentic ‘unpacking’ experiences for workforces. A new MacBook can be taken fresh out of its wrapper, logged onto the company Wifi network, and a short enrollment process begins. Fifteen minutes later an employee is ready, secured and fitted with all the required apps and policies (and none of the unwanted stuff) - all without the intervention of IT personnel.

IT departments used to focus on horizontal device segmentation - a laptop is a laptop, a phone is a phone, etc. - for the sake of easier management. Now modern specialised management suites let them open the gates and not be bound to just one track, says Campbell:

“IT doesn’t need to commit to one ecosystem. We’re saying the users should be provided with a choice. Users can choose what they like - it’s the way we manage those devices that’s different. Employees can blend devices and only IT sees the difference.”

The truth is that users are already getting their way. Numerous South African enterprises, especially among the supposedly-stoic banks, are investing in thousands of Apple devices for their employees. Resistance is futile. But IT doesn’t need to fight the tide. Enrollment and management become hands-off yet simple when deploying a specialised management suite that focuses on specific ecosystems. Lego, the manufacturer of those famous plastic toys, owns tens of thousands of Apple devices, all managed by one administrator.

“The old horizontal way is the wrong way to do it. Look at it with an ecosystem perspective. Manage Apple with Apple, Android with Android, Windows with Windows. Then you can start unlocking tools to let users have an overall better experience while the business remains protected.”

If your business is looking at deploying Apple devices in the enterprise or starting a user choice programme, we would love to talk to you. Visit for more information.