(Now updated with the Day 2 keynote.)
This week, I’m at the 2019 Jamf Nation User Conference. Check out my earlier post for all the context and questions I’m asking, and then read on for a summary of the Day 1 keynote and announcements, as well as the Day 2 keynote. Think of this like a live blog, except with just a bit of a time delay to clean everything up and add a few links!
Day 1 keynote and news
The keynote started out with a pre-roll video about JNUC planning, recast as a parody of the Fyre Festival. JNUC and the Mac community are at the size where everyone gets the same inside jokes, and they can still be creative and not corporate—in other words, it was actually funny!
CEO Dean Hager took the stage for the intro and read off the stats: This is the 10th JNUC; there are now 100,000 members in Jamf Nation (their user group); Jamf is at 35,000 customers; and they manage 15 million devices. (That’s an average of just under 429 devices per customer, in case you were going to do the math at home. This includes all Apple devices.)
One of the first orders of business was recognizing some of the top Jamf Nation members. I’ve said it before, but this community is really strong, and Jamf does a good job of recognizing it.
Next, Dean brought up Jeremy Butcher, a product marketer at Apple who works on enterprise management features. Jeremy spoke about Apple’s enterprise strategy. We’re all pretty familiar with this (User Enrollment and identity management improvements being the most significant recent updates), but the fact that he was here speaking is a great continuation of the trend of Apple being more open and participatory in the EMM community. Jeremy also revealed that Apple uses Jamf internally. His parting words were that Apple is listening to enterprise feedback, and to keep it coming. He requested that customers keep testing the betas (something that I’ve written about before).
When Dean came back on stage, he acknowledged that there are two different groups in the audience. First, there are the education customers. This led into a segment about the role of tech in education, etcetera, and then another segment on recent education features. Jamf Pro has long been common in education, but they also acquired ZuluDesk, back in February. They started reselling it in the U.S. as Jamf School earlier this year, and now it’s going to be called Jamf School globally.
What is Jamf School? Demo time. The dashboard looks like a pretty standard MDM product, but all the groups are all classes and schools. ZuluDesk had its own MDM platform, so I was curious if they had any plans to bring these together—Jamf has three MDM products now. (After the keynote, Dean told me that their strategy is to keep separate products aimed at some of the different market segments.)
Next up was a Jamf Pro demo of device enrollment with macOS Catalina, including the new enrollment customization options. They demoed a login flow with Google secure LDAP; unfortunately the demo failed, so they went over to a video. (The Wi-Fi tripped up a few other demos later on.)
Jamf next announced Jamf Connect for mobile devices, one of the net-new announcements for today. In a demo, they showed devices were enrolled in MDM without any user personalization, in a sort of staging mode where all of the apps are pre-installed but hidden via a restriction. Then later on, students can log in via the Jamf Connect mobile app, and then the apps are unhidden. This avoids the need for all these apps to be installed at once on the first day of school.
Next up was a demo of Jamf Teacher. This is a little bit different from Apple’s Classroom app; it is essentially providing a teacher-friendly admin role to use MDM to reconfigure student iPads as needed for a lesson. For example: which websites and apps should students access? Do they need the camera? Is it okay for spell check to be on? There’s also in interface for choosing and deploying VPP apps. My question, though, is what happens if there’s a lag in the MDM commands, or if they don’t complete? (Later, I learned that teachers can always manually remove the restrictions profiles as a fallback.) Jamf Teacher was originally part of ZuluDesk (now Jamf School), but it will also work with Jamf Pro next year.
Then there’s Jamf Parent. This is an app that essentially exposes an administrator role specifically for parents. It’s pretty brilliant, giving access to all sorts of restrictions when a student takes a device home. This was also part of ZuluDesk, and is available for Jamf School and Jamf Pro.
Of course, the other half of the Jamf audience is the enterprise side. Dean came back up and talked about how organizations are now enabling device choice—i.e., letting users pick Macs and officially supporting them. As we’ve heard over the last few years, organizations are finding that supporting Macs is cheaper than supporting Windows, and this has been confirmed several times over by various enterprises and analyst firms.
IBM’s CIO, Fletcher Previn, came back again to talk about their now well-known Mac deployment, which launched back in 2015. Currently, IBM manages about 500,000 laptops, and 30% (or 150,000) of them are Macs. Today, Fletcher shared a bunch of new stats. IBM’s Mac program has a net promoter score of 47.5, while their Windows 10 program had a net promoter score of 15. 22% of their users upgraded to Catalina in the first week, and usually 90% of devices get updated in 60 days. They even find that the macOS users do better in employee evaluation, do better in sales, and are less likely to leave the company. Correlation doesn’t mean causation, but still, this is impressive.
Then is was demo time again. We started off with a look at User Enrollment, and then looked at the admin side of Jamf Pro. Today’s news was that Self Service was fully enabled for User Enrollment. We also got a demo of enrollment customization for Automated Device Enrollments; managing Jamf Connect through Jamf Pro; and managing Office 365 apps.
On the user side, we saw a demo of Automatic Device Enrollment customization. While this can handle user authentication during the enrollment process, Jamf Connect is still involved in managing the password for the local account, as well as other access and authentication workflows.
The next big segment was on Security. Jamf acquired Digita Security back in July, and today it was relaunched as Jamf Protect. The big selling point here is that it was built as a native Mac product, using the most recent best practices (Apple’s EndpointSecurity framework instead of kernel extensions.) Jamf has started integrating this into Jamf Pro, so that devices flagged by Protect can be quarantined.
For the last segment, Jamf’s Joel Rennich came up to preview features currently under development in Jamf Connect for mobile. The app can act as a virtual smartcard, and connect to Jamf Connect on the Mac, which can be used for a bunch of other workflows. The app can also be used as a FIDO2 authenticator, as well. (They were going to demo this on a Windows laptop, but it just wasn’t a good day for demos.)
And that was a wrap for the keynote and Day 1 news. Tomorrow’s keynote is split into two rooms, one for education and one for enterprise, plus there are plenty of sessions to go to, so check back in for more.
Day 2 keynote and news
The Jamf at Work keynote started off with a video of an employee’s first day, of course showing off the out-of-the-box experience with Automated Device Enrollment. We’ve been talking about this for a long time, but most of the world isn’t doing this yet, or even aware of it, so it’s good to spread the word.
Jamf’s CMO, Dave Alampi, started the day by talking about Jamf’s fundamental strategy of doing everything in the Apple-native way, and then moved onto some of their survey data about employee choice.
The results: 72% of workers would choose Macs when given the choice; 77% of workers would choose to work at or stay at a company that offered device choice; and 71% of college students use or would prefer to use a Mac.
Dave said that they’re seeing “tremendous” growth of Mac in the enterprise, and growth of device choice programs. But one of the things holding companies back is getting buy-in from information security teams. This set us up for a segment on Jamf Protect.
They brought up a reference customer that had been using Protect since earlier this year, back when it was Digita Security. The customer, Build America Mutual, has to deal with New York state financial regulations. They've been running Mac-only with Jamf for about eight years, and have about 100 employees. It was great to have a segment on this, but I’ll also be curious to hear from larger, traditionally Windows-oriented customers.
Next up was the Microsoft segment with Brad Anderson. Brad gave a summary of the Ignite news from last week, and then an explanation of how conditional access with Jamf and Azure AD works.
Intune (now Microsoft Endpoint Manager) can see inventory data on macOS devices (here’s a full list); what’s new is that Microsoft Endpoint Manager will be able to see inventory data from iOS and tvOS devices, too. This is using the device compliance API that’s open to all other management vendors. Also shown today, Jamf is creating a Jamf Pro Connector for Microsoft Power BI.
At this point, Jamf’s Joel Rennich came up to demo using the upcoming Jamf Connect for mobile as a Bluetooth FIDO key to log into Windows Hello and Azure AD—this was one of the demos that they didn’t get to show yesterday. Joel also shared that Jamf Pro will be able to scope to Azure AD Groups. We also learned that Microsoft is working on an Azure AD SSO redirect extension for Catalina. (Apparently, none of the IDaaS vendors quite have an SSO redirect extension out yet.)
From here, Brad went into a demo of the latest AI-based features in the Office clients for macOS. (Actually, they’re in all the Office clients, since the code bases were merged almost two years ago.) This sort of felt like a departure from the main flow of the show, but it certainly attracted a lot of attention.
The last 40 minutes or so of the keynote were dedicated to customer and partner reference segments.
SAP talked about their growing Jamf deployment. One cool thing they did was make their own mobile app that IT admins can use to control Jamf. (It’s surprising that more EMM platforms don’t have mobile apps for admins.)
Okta came up for a segment, and talked about how, in the future, they would like to be able to ingest data from endpoint protection products, such as Jamf Connect.
There were a couple more customer segments after that. The end of the keynote felt a little long, but I did appreciate having a whole two-hour session dedicated to the enterprise.
I’ve been attending sessions, chatting with attendees, and meeting with Jamf executives, as well as a couple of exhibitors, and I have a couple more articles to write about the show.
For now, I want to reiterate what I said about last year’s show: This really is a quality event with a great group of attendees. JNUC 2020 will be in San Diego, California, from September 29 to October 1, and I hope to attend again.