This week, I’m attending the 2018 Jamf Nation User Conference (JNUC) in Minneapolis. Read on for updates covering the Tuesday and Wednesday keynotes.
macOS devices have really been growing in the enterprise over the last few years, and Jamf, which provides management for all things Apple, has been growing accordingly.
At the 2016 JNUC, Jamf showed off a huge case study with IBM, which by that point had internally rolled out 90,000 Macs. In 2017, Jamf detailed their partnership with Microsoft Enterprise Mobility & Security, which had been announced at Ignite 2017.
Like Windows, macOS is transitioning to MDM-based management, and while there are a lot of upsides, it’s not always easy and smooth. In addition, there are plenty of other vendors that want a piece of this action, including VMware, Fleetsmith, and Addigy.
With all this going on, I jumped at the chance to come to the show. There are two keynotes, as well as plenty of sessions, briefings, and customers. I’ll be here through Thursday, and I plan to post several updates. Keep an eye on this article and follow me on Twitter for the latest, and if you’re at the show and want to talk, come say hello or send me a message!
Day 1 keynote
The JNUC keynote started with someone walking on stage, unboxing an Apple TV, and plugging it in. It then went through a standard DEP process, enrolling in MDM, getting configurations and apps (including managed app configs), and launching an app to start the keynote, all hands free. We’ve all seen this demo before, but it was a fun way to start off the show, and people are seriously excited about modern provisioning across all devices.
Jamf CEO Dean Hager was up next, with a welcome and a bunch of stats on Jamf progress. They’re at 18,000 customers, with 5,000 added in the last year. For context, they were at just under 6000 customer at JNUC 2015, and the company was founded in 2002.
On the product side, Jamf updates arrive fairly often. Jamf 10.8 is out now, and the 10.9 beta is coming next week. Many of the updates are the refinements that you would expect from a mature software organization, like nuanced support for all the latest Apple MDM APIs, and admin-facing improvements, like new ways to run reports. Here’s the main press release, and here are a few product highlights from today:
- Jamf is launching a new online training program, with videos, and a simulated console to practice in. (I’m assuming they spin up a demo tenant, but I’ll have to wait until later meetings to find out. Update: It turns out they’re actually using a simulator, as spinning up a Jamf Pro cloud instance just for a training session would be a pretty big lift.)
- Jamf has already rolled out basic support for macOS Privacy Protection Policy Control payloads, and when 10.9 comes, they’ll be better integrated.
- Jamf can now install macOS apps before the setup process finishes, which is important for enrollment scenarios.
The first customer segment in the keynote featured IBM CIO fletcher Previn. IBM (and Fletcher) made a big splash back in 2016 with their Mac and Jamf case study, and if you’re not familiar, you should look watch it here. His segment felt more like a breakout session than a keynote (which I really liked), and he shared that they’re up to 134,000 Macs (the IT org supports about 400,000 users), and that the process informed how they’re doing Windows 10 management now, too. IBM is also open-sourcing their Mac enrollment app, which plugs into Jamf and lets users customize their machine and choose apps.
A few weeks ago, Jamf acquired NoMAD, which helps integrate macOS devices with modern directory services. (NoMAD’s open-source version is still available, and the commercial version is now Jamf Connect.)
The big news today was integration between Jamf Connect and Azure Active Directory; Microsoft’s Brad Anderson was on stage to speak and help with the demo. I’m planning to spend some more time learning about the solution, but essentially, Jamf can provision the Mac, and then when it powers on for the first time, the user first logs in by authentication to Azure AD (with whatever MFA and conditional access policies you want), and then the local account is created. (Here’s a picture on Twitter.) Subsequent administrative actions within macOS can be protected by Azure AD, as well. This is really cool stuff, and the audience was super excited.
The next customer segment featured SAP, which is using Jamf for 17,000 Macs, as well as 83,000 iOS devices and 170 Apple TVs. The fun highlight hear was an augmented reality app store, integrating an iOS ARKit app with the Jamf app catalogue APIs.
Dean Hager wrapped up the morning by talking about Jamf’s various community efforts. I have to say that after just half a day at JNUC, it has a friendly and nerdy (that’s a compliment!) feel. There are about 2000 people here, and they’re all enthusiastic about Macs. Now, I’m off to some afternoon sessions.
Day 2 keynote
The second keynote was dedicated to five customer case studies, showing off frontline and consumer-facing deployments. All of the presentations went into a decent amount of technical detail, so I got a lot out of it compared to typical keynote customer segments.
There was a product announcement, too: Jamf Setup and Jamf Reset are two new apps for shared device use cases.
Setup lets users chose the role of the device—for example, in a retail environment an iPhone could be used either as a point of sale or to do inventory in the back of house—and then MDM commands are sent to configure apps and the wallpaper. Instead of actually installing and removing apps, which could take a while, Jamf uses MDM to show and hide them as needed. I know that some other products use this technique, and it reminds me of what FSLogix does for desktop apps.
Jamf Reset simply tells the Jamf service to send an MDM remote wipe command down to the device, and when it turns back on, it will be re-enrolled using DEP.
Now, on the the five case studies. I won’t repost every detail here, but there were a few things that I found interesting.
- One K-12 education customer, Sewanhaka Central High School District in New York, talked about deploying iPads 1:1 to students, including high schoolers. The conventional knowledge is that high school students need keyboards, so I asked them about this. As it turns out, they have keyboards available for students to sign out, but almost all students these days are comfortable with the on-screen keyboard. (This made me feel old!) They also worked with the state to approve their process to lock down iPads, so that students could use graphing calculator apps on standardized tests.
- The Ohio State University is deploying iPads to every single freshman now, and they chose iPad Pros so that they could use the official Apple keyboard, as well as the Apple Pencil. (Again, this made me feel old, since 90% of my work in college was on paper!) They went into a lot of detail about all the integrations they did to make this happen, and how they managed to roll out 11,000 iPads in three months, so I’ll post a link to the presentation when I can find it.
- Next up was UCSD Health Sciences, a hospital. They were a big Jamf reference a few years ago when they outfitted all their patient rooms with iPads and Apple TVs (made possible in part by the introduction of better MDM APIs for tvOS). What’s interesting here is that this is all integrated with their EMR environment, and they automatically wipe and re-enroll the devices between patients.
- Red Lion Hotels talked about using Apple TVs in guest rooms, too. They want to let guests sign into apps on the TV, but again, the challenge is wiping the device. In this case, they have to figure out how to reassure the user that none of their data will be left behind. (Personally, I would love an Apple TV over the clunky TV systems that most hotels use, so bring it on.)
- Last up was Rituals, a retail chain based in the Netherlands. In a meeting, I learned that they were able to go from using laser barcode scanners to using the iOS camera directly—this is came up a few weeks ago on our podcast with Aaron and Russ.