The Apple difference

For some,

it is manna from heaven, to others a curse from the bowels of the earth. Bring Your Own Device (BYOD) has been a huge boon for employees and companies, but a nightmare for technology administrators. As devices become more popular, fracture along more versions and brands, and grow as the main bridge between the personal and professional lives of employees, they have become both irreplaceable and difficult to administer.

This has driven a wave of Mobile Device Management (MDM) suites, application layers that handle such devices. Though the market has seen many attempts at a ‘one-stop' management approach of devices, this has not been effective. Instead, the rise of specialised MDM systems or Enterprise Mobility Suites (EMS) such as Jamf, Intune and Knox have been setting the standard, says Clayton Campbell, Director at Onsite Group:

"One EMS system to manage them all is a unicorn approach to management, each eco-system be it Apple, Microsoft, and Google are fundamentally different at the core, it would then be a mistake to think that a universal approach to managing these diverse systems would provide you with the best tools. Instead, it's important that the EMS you have can integrate into key systems. For example, a lot of organisations use Microsoft SCCM to manage their Windows environments and inventories, it's important for EMS solutions to integrate with those services and provide data that can be used for decision-making."

Deploying, enrolling and managing different mobile devices on a company network is the challenge, which is why integration of specialised layers is key. A good MDM approach will focus on specific devices and enforce the policies of the greater

Clayton Campbell, Director, Onsite Group.

infrastructure. So a well-integrated MDM is not the security application, but it can liaise with that application and enforce the right actions. If a device arrives without the right software or perhaps contaminated with malware, it can be immediately isolated or pushed to make updates before being allowed into the company's domain.

This sounds fantastic and you'd expect the leaders of this approach to be one of the renowned business technology vendors. Yet the tip of this spear is a different company, though one whose presence has become very universal in corporate offices.

The iconic bitten fruit of the Apple logo is immediately recognisable. It is seen as a mark of quality and assurance, of reliability and power. Indeed, companies are increasingly favouring Apple products in the office for their value proposition, says Campbell:

"It's becoming a lot cheaper to own an Apple device than traditional corporate devices, because the device lasts so long and has a very good resale value. That's driving a lot of Mac deployments. IBM recently released a study and proved that the TCO on Apple is between $260 and $520 cheaper over a three-year period."

And, he adds, management is a lot easier. Really? Managing an Apple device in what is likely a Windows environment is easier? Absolutely.

There are several reasons for this, such as the recent integration between Jamf and Microsoft's InTune. But the impact is perhaps best encapsulated in this case study from Onsite: the South African company recently deployed hundreds of iPads for a top UK airline. Each iPad was to be locked to very specific applications, a situation that normally meant a lot of manual work loading them. But Onsite never even left the country. They ordered the iPads in the UK, then used the Jamf MDM suite to format and deploy the correct specifications remotely to all the iPads.

The company also recently used Jamf to take over Apple device management at a major local bank. Here's the kicker: all employees had to do to enrol was to enter their Active Directory login credentials. Once identified, Jamf could load the devices right down to the specific necessity of the employee. If you ever wasted hours prepping different machines for different departments, this style of auto-deployment is a game changer.

In both cases, Jamf worked in collaboration with the Apple Device Enrolment Programme, which verifies the serials and then liaises with the MDM to proceed. The MDM in turn integrates with the company systems, be they for inventory, security, data management or whatever IT aims to provide. Yet MDMs don't dig into data or processes:

"MDM is the device face. We don't touch the user data at all. We don't pull or hold any information, we don't intercept traffic. All we do is make sure that whatever is on the device and how the device is set up, is in compliance."

Even the nuisance of isolated profiles on devices – a common employee complaint – are a thing of the past. Modern MDM suites such as Jamf are far more nuanced, giving users the best of both their personal and professional worlds.

Not all MDM suites are as capable, nor are all device brands able of delivering on such promises. Apple has been leading the MDM market through ease, innovation and automation, setting the bar alongside suits such as Jamf. Those operational BYOD headaches can be a thing of the past, at least for enterprises who adopt Apple devices.


Technology and education: Why outsourcing IT makes sense

Technology holds a lot of promise for education. Learners can access information faster, teachers can interact more easily with their pupils and a world of new educational tools and sources have become available for classes of all levels.

"IT in modern schools have really migrated from old servers and static PC labs to a more cloud-based mobile environment," says

Lulu Burger, Director of Education, Onsite Group.

Lulu Burger, Director of Education at the Onsite Group. "Google Classroom is a perfect example of a very effective workflow between teachers and students. It leads to students being able to access information at any time and teachers being able to provide students with immediate feedback and curated resources. There are fantastic online assessment tools and of course educational video content that enhances learning. If the internet speeds are not fast enough, students miss out on 21st-century learning."

These ideas are a far cry from the staid computer science classrooms with rows of antiquated machines. Yet many schools don't believe they are capable of affording new technologies, despite the many advantages. Some also feel burned by the march of technology - for example, digital textbooks on tablets have not been popular for a variety of reasons. More common is the grudge against technology's delays: slow speeds and unresponsive services drain valuable teaching time and add to the frustrations of keeping the attention of today's pupils.

The need for technology in education

Burger agrees that these problems are valid, serious, and need to be addressed, but noted that not participating in the technology revolution is not really a choice:

"Information Technology has become the driver of a lot of learning that happens in schools. The skill of navigating the internet, creative content creation, spotting fake news and just doing research on-line has become a critical part of learning and teaching."

This has been adding to the pressure for change: "The move towards students bringing their own tablets have forced schools to relook their internet, firewalls and the workflow between teachers and students. IT Infrastructure and internet speed is blamed often for the loss of teaching time because of the slowness or it not working at all."

Managing technology costs

Technology in schools often falls short because there isn't enough focus on it, usually because of lack of training for teachers and budget concerns. But these problems can be addressed organically by using the norms of managed technology services, a very popular choice among small and medium businesses. Even simple steps in modernisation can help open budgets around technology, said Burger:

"Yes, technology is expensive, but if a school cut down on their printing, for example, those funds could be used to get proper IT infrastructure installed and managed. Schools spend between R200 000 – R700 000 per year on printing. Once your workflow is working, printing will become less and the maintenance of the printers and ink will also be reduced. Think about your budget and allocate enough funds towards IT infrastructure and training prior to even considering rolling out student owned mobile devices."

Local schools that have matured their digital pedigree are taking full advantage of this, running everything from administration to class lists and timetables through a central digital platform. This is made possible with modern software platforms, which do not require the same type of up-front cost ownership as traditional software, and the expertise of managed service providers.

In the managed service models, schools don't keep a permanent IT department on staff. Instead this responsibility goes to an IT provider such as Onsite, which then works within the budgets and service requirements of the school. Other than being a boon for cost savings, it also gives the school access to the insights and skills of the service provider. So a school no longer has to ask why its network is slow - it can simply expect it to work and hold the managed services provider to account if it does not.

Managed Services vs Outsourcing

Managed services is not outsourcing. It takes care of the operational burdens but leaves the school firmly in charge and able to benefit deeply from the relationship. An external service provider of this sort should consult with the school first, map out a phased plan and then implement. Training your teachers is the most important part of any technology roll-out, Burger explains:

"I believe that there is not enough emphasis on teacher training. The teachers are the ‘gatekeepers' to technology innovation in schools and if they are not supported, very little will change. The importance of phasing technology and innovation into a school will fail if there is no effective professional development for the teaching staff."

Unfortunately schools miss sight of all these other advantages and drive IT purely as a cost centre. The result is often paying the cheapest price for an under-qualified reseller that simply installs equipment - and often does so badly. When there are problems, the reseller simply charges more.

Managed services is entirely different. It does not simply sell technology, but instead looks at the school's requirements, then designs a way forward that the school and provider walk together. The absolute value of this reflects in lower costs. Managed service providers are also always on call, ready to act, and don't simply swing by once a week for a mandatory site visit.

It's an approach that can be scaled based on the institution, public and private, regardless of where their current IT level is. Schools can start small, gain quick wins and build their technology pedigree.

"It is really important to get educational experts in to plan, structure and install your IT infrastructure," Burger concluded. "Information Technology is used extensively to speed up administrative processes and in making communication more effective between all parties involved. All of these need to be managed and maintained properly and continuously as a lot of what the school is about is now driven by technology. But it shouldn't cost a fortune. Once schools realise they can think beyond cost paradigms, all kinds of doors open up both for them and the future of their students."

Jamf Now or Jamf Pro: Which is right for you?

by Daniel Weber

You may know Jamf as the standard for Apple device management. If not, very nice to meet you.

With Mac, iPad, iPhone and Apple TV devices becoming commonplace in organizations, hospitals and schools around the globe, many are discovering that a purpose-built Apple management solution is necessary to accomplish their goals with Apple.

Any of this sound familiar?

  • We purchased Macs, now how do we get the right stuff on them for our employees?
  • How can I turn my iPad into a point-of-sale terminal?
  • How do I ensure students’ privacy is protected when using education technology?
  • Can my staff get the resources they need without bugging IT every time?

Yeah, you need management.

Since expertise, goals, requirements and scenarios vary, we didn’t want to shoehorn you in to one management solution. So, we created two distinct tools — both of which will always support Apple releases and features on day one — to address your unique needs: Jamf Now and Jamf Pro.

Who is Jamf Now for?

Most commonly used by small to mid-sized businesses, Jamf Now is streamlined Apple device management; no IT required. When IT is not your day job, or you have a more simplified environment, Jamf Now is for you.

What do the “basics” get you?

For starters, here’s what you won’t get: a sales pitch, software training or product documentation. There’s no need! We’ve designed Jamf Now so that you can, well, start now. Jamf Now walks you through every stage of your account creation to ensure you have all the necessary pieces in place to start managing devices. Tailor-made for small to medium-sized organizations, Jamf Now helps you:

Setup: Enroll devices into Jamf Now via user-initiated enrollment or zero-touch through Apple’s Device Enrollment Program (DEP) — now part of Apple Business Manager. Once enrolled, configure Wi-Fi, email, calendar and contacts, and set basic iOS restrictions on your devices. You can enjoy ongoing device customization by leveraging a Jamf Now Blueprint. Create multiple Blueprints to define settings and apps, then deploy a Blueprint to a device or set of devices. For example, XYZ organizations can use the XYZ blueprint to automatically apply settings 1, 2 and 3, along with the most commonly used apps.

Inventory: Keep track of device settings and details by viewing inventory status within Jamf Now or by exporting inventory reports to spreadsheets to demonstrate compliance.

Manage: Jamf Now can help you purchase Volume Purchase Program (VPP) apps and centrally deploy them to the appropriate devices. VPP is now part of Apple Business Manager, as well. Single App Mode through Jamf Now allows you to lock your iOS device to a single app, turning it into a point-of-sale or kiosk in retail locations.

Protect: Require that a passcode be on all Jamf Now enrolled devices and enforce native Apple security features such as FileVault 2 for Mac. If a device is lost or missing, disable and locate and/or remotely lock and wipe to ensure the device, user and data remain secure.

Who is Jamf Pro for?

Organizations that have scaled beyond basic Apple device management, and need a more robust tool to help manage employee or student devices turn to Jamf Pro. When you have a dedicated IT admin or team, you require enterprise-level features and functionality. Jamf Pro offers everything Jamf Now does and so much more in the form of:

Deployment: Aside from offering zero-touch deployment to provision the perfect Apple device right out of the box, Jamf Pro also integrates with Apple School Manager or Apple Configurator — allowing you to truly choose the manner in which you enroll Apple devices. If you already have Macs on your network (or think you do), Jamf Pro provides a network scan to identify any unmanaged Macs. Once located, quickly enroll the devices into management. For traditional environments that are not yet leveraging zero-touch enrollment, macOS imaging tools are available to help these organizations meet their deployment needs.

Inventory: When default inventory collection is not enough, Jamf Pro empowers you to build Smart Groups based on inventory criteria without using complex query language. Smart Groups update every time a device checks into Jamf Pro, so they’re always up to date. Group membership can trigger policies for automated management actions or be used in reports. Reports can be run on any inventory category (and even make a dashboard view for instant report visibility) to make informed business decisions and demonstrate compliance. If a device falls out of compliance, get an alert so you can take swift action.

Device management: Go beyond basic configuration profiles and use policies and scripts to truly customize your devices. Want to modify account permissions? No problem! Need to have a custom script run every time a user logs in? Easy! No macOS or iOS restriction is off limits. Run custom scripts and advanced configuration profiles to open the door for infinite device management capabilities. Plus, Jamf Pro provides full Apple TV support, so you can manage them just like an iPhone or iPad.

App management: Looking to develop your own in-house apps or leverage apps outside of Apple’s App Store, such as Adobe Creative Suite? Jamf Pro is for you. With Jamf Pro, you can purchase App Store apps in bulk using Apple’s deployment programs, pre-configure App Store, third-party or In-house apps, and distribute them in the manner of your choosing.

Self Service: Create your own custom app catalog and offer tier-zero self-help tools to users — all without them ever submitting a help ticket. You load Jamf Self Service with resources, content and trusted apps, and users access them on demand. To encourage adoption, brand Self Service with your banner, logo or dock icon.

Security: Beyond enforcing native Apple security settings to restrict malicious software and protect personal and corporate data, Jamf Pro gives you the tools to secure VPN configuration, manage local macOS accounts and administer management privileges at a granular level. Manage FileVault and Gatekeeper settings, block specific software from running, enforce restrictions – like disabling the camera or iCloud — and even manage kernel extensions all with Jamf Pro.

Patch management: Software and data breaches often start by attacking out-of-date software. To combat this vulnerability, Jamf Pro offers patch management functionality to identify and automatically deploy software and OS patches to eligible computers and bring them into compliance. You define user interactions and set deadlines to update. Jamf Pro is the only solution with automated patch alerts for third-party apps built right into the platform. No other tool allows you to identify, package, distribute and report on patches the way Jamf Pro does.

Integrations: Leverage your existing tools and seamlessly integrate Jamf Pro with the management tools, network access controllers, and other IT services and technologies you already have. If you utilize Apple deployment programs, Active Directory, Single Sign-on, Microsoft System Center Configuration Manager (SCCM), Microsoft Intune, Cisco ISE (and many more), Jamf Pro can pair with it. From cross-industry integrations to specific solutions, visit the Jamf Marketplace to see the 200+ providers Jamf Pro integrates with.

Services: To ensure success, all sales of Jamf Pro include new customer primer sessions and a personal training and implementation engagement. Through remote and on-site sessions, you’re equipped with the tools necessary to immediately begin implementing solutions to the challenges you face in the ever-evolving Apple ecosystem. Following your initial engagement, Premium Services are available to focus on your priorities in the form of enhanced workflow design, implementation strategies, security management and much more.

Support: When you purchase Jamf Pro, you join a customer community and have access to a team of experts versed in Jamf and Apple technology. Support is available via chat, email or phone during business hours, and there’s no max number of support cases you can create. Premium Support is also available should you desire round-the-clock support, priority escalation, product issue reports and a dedicated Jamf expert.

Training: Basic, intermediate and expert level training courses are offered to provide Jamf Pro customers with hands-on experience and in-person access to Jamf and Apple experts.

Still not sure which is right for you?

Don’t worry, with 96 percent of Jamf Pro customers renewing their contracts every year, you can’t go wrong. And you’ve really got nothing to lose by trying our solutions, because hey, they’re free to test drive. As an added bonus, the first three devices with Jamf Now are always free.

Let us help you get the most out of your Apple devices. It’s what we do best.


Privacy Preference Center