Q: What is Jamf Pro?
Jamf Pro is a management platform for macOS computers and iOS/iPadOS devices providing inventory, software distribution, operating system deployment, settings and security management.
Jamf Pro allows IT administrators to proactively manage equipment lifecycles, efficiently deploy software and policies in a consistent method, and provides data for troubleshooting computer issues.
More information regarding Jamf Pro can be found at Jamf's web site.
Q: What information does Jamf Pro collect as inventory?
The MIT Jamf Pro implementation has been customized in consultation with the IS&T Security team to only collect necessary data to assist in the central management of Macs. Information collected includes:
- Hardware specifications
- Applications installed
- Services running
- Available software updates
- List of local user accounts
- Firewall status (enabled/disabled)
- SSHd status (enabled/disabled)
- Kerberos ID based on the MIT personal certificate installed on the computer
Note: Jamf Pro is NOT configured to collect Application Usage, User login/logout timestamps, contents or names of personal files (documents, email, etc) or any browsing history.
Q: How does Jamf Pro work?
Jamf Pro consists of a management server and a client on each managed computer.
The Jamf Pro client checks with the JSS at computer startup and roughly every 30 minutes. In addition, computer inventory is uploaded to the server once per day.
Q: How is the Jamf Pro client installed on the computer?
Computers enrolled in Apple's Automated Device Enrollment program (formerly) DEP will be automatically enrolled. In addition, IT consultants can manually install the Jamf Pro client on computers.
Q: What changes will I see once the Jamf Pro client is installed on the computer?
- A hidden local service account named 'casper' is created. This account has a randomized 12 digit password (the client and server know it, but it is not human readable). The management account is hidden from the logon window. However, if 'Display Logon Window' is set to 'List of users', you will see a new entry named 'Other', which provides a username and password box for login.
- Installs the Jamf Pro Self Service Applications under /Applications/Self Service.app. This application requires logon with kerberos credentials. See the question "What is the Self Service App" below.
- Adds Mobile Device Management (MDM) profiles, Apple's technology to provide configuration profiles (XML files that load settings and authorization information) onto macOS using Apple Push Notification Services.
Q: Will you be installing software on the computer?
Since Jamf Pro is a tool to assist in managing macOS clients, certain policies and software can be centrally deployed.
Clients will be informed in conjunction with their IT consultant before any changes are applied.
Q: What is the Self Service App?
The Self Service application is an MIT-specific portal similar to the Apple App Store that provides access to software, links, and the end-user flexibility of choosing what to install and when to install it.
Some contents of Self Service are centrally maintained but can be fully customized. IT technicians can add any policies they choose to self service.
Q: What if I have other questions?
Please send an e-mail to End User Computing