Jamf FAQ

What is Jamf?

Jamf, developed by Jamf, is a comprehensive management system for Dartmouth-owned Apple macOS computers and iOS devices. With Jamf, ITC Technicians proactively manage the entire lifecycle of all Apple devices. This includes deploying and maintaining software, responding to security threats, distributing settings, and analyzing inventory data.

If you would like to learn more about Jamf, please visit jamf.com

What benefits does a client receive from Jamf?

  • Reliability: Your device will quickly receive software updates and patches with little to no interaction on your part.
  • Time Efficiency: You will stay more productive as deployment and updating processes run in the background, freeing up more time for teaching and research.
  • Flexibility: You can choose when and where to install new software or run maintenance on your device through Self-service portals.
  • Security: IT Technicians will manage the security of your machine so you don't have to. You can rest assured that software patches, antivirus protection, and firewalls are well maintained.
  • Confidentiality: Your data and files will remain confidential; no personal data is scanned, indexed, or transmitted off your device. ITC servers also keep full audit logs of any actions performed by technicians.
  • Compliance: Your device will always be in compliance with federal laws governing requirements for research or student data on University computers.

How does Jamf work?

Jamf consists of a management server cluster, known as the JAMF Software Server (JSS), a small software utility known as an "agent" on enrolled macOS computers, and a Mobile Device Management (MDM) profile on enrolled macOS and iOS devices.

The agent on a  client checks in with the JSS at computer start up and every 15 minutes thereafter, consuming 2KB of network traffic, 4MB Real Memory, and 0.10% CPU. In addition, computer inventory is uploaded to the JSS once a day, causing less than 200KB of network traffic, 8MB Real Memory, and 3.74% CPU. On average the inventory process takes 30 seconds to complete.

An iOS client checks in with the JSS once a day.

All client/server communication is encrypted by a certificate pair configured when the agent/profile is installed.

What information does Jamf collect?

The Dartmouth implementation of the Jamf has been customized to collect only the data needed to support macOS computers and iOS devices. This information includes:

  • Hardware Specifications
  • Installed Applications & Usage
  • Services Running
  • Available Software Updates
  • Local User Accounts and Login/Logout Timestamps
  • Security Status (Firewall, SSH, etc)
  • Connected Peripheral Devices

No personal information is collected, such as the contents or names of personal files (documents, email, etc) or any browsing history.

How is the Jamf agent installed?

Your ITC support group can enroll your Dartmouth-issued device remotely or by sending you an invitation by email.

How do I uninstall Jamf from my device?

Clients who wish to remove their device from Jamf should contact their ITC support group for assistance.

What devices does Jamf support?

Generally, Jamf can support macOS 10.10.X or later and iOS 8.X or later. For more information, please see Jamf Compatibility.

Is my device enrolled in Jamf?

To find out if your Dartmouth-issued device is enrolled, look for the Self Service application, which is automatically installed when your device is enrolled. On macOS, Self Service is located in the Applications folder or on the Dock. On iOS, the Self Service app is located on the home screen. See below for examples.

        

What is Self Service?

The Self Service application is similar to the Apple App Store, but it provides customized content for University devices. This content includes access to software, printers, maintenance tasks, links, and other documentation. The Self Service app gives clients the flexibility of choosing what to install and when to install it.

The Self Service app is managed and maintained by Dartmouth ITC. If you would like to see something added, please submit a service request.

Can I connect to Self Service when I am off-campus?

Yes, Self Service will function when you are off of the Dartmouth network. Depending on the speed of your network connection it may take longer for tasks to complete.

What changes does Jamf make to a Mac?

  • Jamf installs the Self Service application in the Applications folder of a Mac. Content such as software, printers, maintenance tasks, links, and other documentation are provided within Self Service.
  • A service account will be created on the Mac with administrative privileges to carry out tasks from the JSS as well as a backdoor option for ITC consultants to be able to access the computer if a failure has occurred and the end user is unable to login. This account is not hidden from the general user interface and no human knows the password to this account. The service account password is maintained and randomized by the JSS at regular intervals. SSH will be turned on and access will be restricted to the service account.
  • For OS X 10.7 and later, a Mobile Device Management (MDM) profile will be installed. This profile allows Jamf administrators to remotely configure settings on the Mac. Basic security settings will be set at enrollment to ensure compliance with Dartmouth policies. Please see Dartmouth Security Policies for more information.
  • For the full list of software components that are installed by the Jamf agent, please refer to Jamf's knowledge base article: Jamf Components Installed on a Managed Workstation.

What changes does Jamf make to an iOS device?

  • Jamf installs the Self Service app on the home screen of your Dartmouth-issued iOS device. Access to content such as apps, configurations, links, and other documentation is provided within Self Service.
  • A Mobile Device Management (MDM) profile will be installed at enrollment. This profile allows ITC Technicians to remotely configure settings. Basic security settings will be set at enrollment to ensure compliance with UNL policies. Please see Dartmouth Security Policies for more information.

How will software be installed on my computer?

Most software installations will be initiated by clients through the Self Service application. Your ITC support group may also push software as needed/requested. 

Who has access to my computer?

Select members of your ITC support group have the ability to update your Dartmouth-issued Apple device with Jamf. All administrative access to this service is logged and monitored.

Will I still have Administrative access to my Mac?

There will be no automatic changes to the privileges of your user account by enrolling in Jamf. 

What policies are enforced?

Dartmouth ITC does provide a catalog of software, maintenance tasks, and other links in Self Service. 

What if I have other questions?

For more information please contact the ITC Service Desk.

 

Details

Article ID: 63361
Created
Tue 10/2/18 4:38 PM
Modified
Tue 11/12/19 9:30 AM