Apple Mobile Device Management Made Easy With Jamf Now

Mobile Device Management (MDM) software secures, manages and supports mobile devices deployed across a business or enterprise. MDM enables over-the-air distribution of apps, data and configuration settings across both macOS and iOS devices.

The objective of MDM is to optimise the functionality and security of a device while minimising cost and downtime. The advantages of MDM are:

• Streamlines deployment of devices through a centralised location
• Painlessly configure email and Wi-Fi security settings
• Manage users' devices remotely; lock and/or wipe lost or stolen devices
• Enable employees to bring their own devices (BYOD) to remain productive
• Manage and maintain device inventory centrally

In this tutorial I’ll show you how to set up and manage multiple Apple devices, in businesses, with Jamf Now.

Mobile Device Management Simplified

Apple device management can be time-consuming work for people not versed with technology, especially if IT is not their main job. 

Jamf Now, formerly Bushel, is a simple, intuitive way for non-technical people to manage Apple devices. It is a cloud-based MDM solution for deploying multiple Apple devices in any workplace.

Device management through Jamf Now is fast, accessible, and affordable which is ideal for small businesses that may not have an IT department and large organisations that do. 

To successfully deploy devices, you'll need

1. A company email address for creating a Jamf Now account
2. This same email address for creating an APNS, or Apple Push Notification Service, certificate
3. Separate Apple ID for enrolment in Volume Purchase Program (VPP) and Device Enrolment Program (DEP).

Setting Up Jamf Now

It's really straightforward:

1. Go to Jamf Now website to create a free account
2. Check your inbox for and activation email, click on the link in the email and click Let’s Go to begin the setup procedure

For Jamf Now to work, you have to link your Jamf Now account with your Apple account to manage the devices.

Download the Certificate Signing Request.plist file and click Go to Step 2

Click on the Go to the Apple Push Certification Portal link and login with the company Apple ID. 

Note: The certificate you create does not renew automatically. You should manually renew it every year using the same Apple ID.

Click on the blue Create a Certificate button and accept the Apple Terms and Conditions.

Click on Browse and upload the Certificate Signing Request.plist file downloaded earlier.

You’ll now see the confirmation page. Click the blue Download button to download the certificate from Apple. 

Log out from the Apple Certification Portal and go back to the Jamf Now setup page.

In the last step, click on the Upload the Push Certificate and upload the Apple certificate file. The certificate file is generally named as MDM_JAMF Software, LLC_Certificate.pem

Once you upload the file click Start Using Jamf Now. You have to do this setup only once. Next time when you login, you’ll see the Jamf Now dashboard.

Enrol in Apple Deployment Programs

Apple Deployment Programs is a suite of programs that help you do the following:

Volume Purchase Program (VPP) lets you purchase apps, books and other content in bulk and distribute them to your organisation’s devices. This requires mobile devices using iOS 9 or later and macOS 10.11 or later on the desktop. 

It also works for users without an Apple ID. An Apple ID is necessary for deploying apps to devices running iOS 8 or macOS 10.10.

Device Enrolment Program (DEP) allows you to automatically enrol organisation-owned devices in MDM without having to physically touch or prepare the devices before distributing them to users. When the user turns on the device, they complete a few basic settings and connect the device to a network.

The device contacts the MDM server—and based on the DEP configuration—it enrols and receives assigned settings, apps and content. The devices enrolled must meet the basic criteria as stated in this Apple support document.

Sign up for the Apple Deployment Program and fulfil all the requirements necessary for enrolment.

Once enrolled, authenticate Jamf Now as the default MDM solution for managing deployment through Device Enrollment Program and Volume Purchase Program.

Setting Up the Blueprint

Blueprints in Jamf Now lets you easily customise and deploy apps and settings for groups of devices, all through the web-based portal. 

The Jamf Now account starts with a default Blueprint.

Each Blueprint represents a different device configuration. Those configurations are—Security Settings, Email Configuration Settings, Wi-Fi Security Settings, Restrictions, Single App Mode and Wallpaper.

Login to the Jamf Now Dashboard and click Blueprints from the sidebar. 

Under My Blueprints you’ll see the default Blueprint. Click the default Blueprint to configure different device configuration settings.

Security Settings

Jamf Now gives you the ability to set specific settings for device passcodes. 

Go to the Security tab under My Blueprint and click the check box to the right of the Require Passcode. Click the check box for each setting and click Sync.

Passcode policy settings are assigned to all the devices without doing any manual work. Some of the passcode policies available include:

• Require complex passcode with the support of alphanumeric characters and symbol
• Minimum Passcode Length
• Maximum Passcode Age
• Maximum Failed Attempts
• Auto-lock on iOS, and more

Email Server Settings

Jamf Now lets you set email server settings. 

Go to the Email tab under My Blueprint and choose the type of email account:

• Gmail
• Yahoo
• Exchange
• IMAP/POP

After selecting the mail option, click on the green Save Email Settings button.

Jamf Now assigns this email account information to all the devices, the user just has to enter their password. Note: If you’re using Gmail, then you have to enable Access for less secure apps in the Gmail settings.

Wi-Fi Security Settings

Jamf Now allows you to deploy settings for Wi-Fi networks to all the enrolled users. 

Jamf Now supports WEP, WPA, and WPA2 (recommended). Go to the Wi-Fi tab under My Blueprint and click Add a Wi-Fi Network.

Enter the Name, choose WPA2 from the Security dropdown list, enter the Password and click Save Changes. The network now shows up in the Wi-Fi Networks list. The user only has to choose that network; no need to type-in a password.

Restrictions

Jamf Now supports a number of restrictions for iOS devices that helps you keep your organisation's data secure and keep users productive. 

Some restrictions require supervision. It’s a mode that allows Jamf Now to provide a higher level of device management capabilities over the air. 

When you supervise an iOS device, you can apply additional restrictions with Jamf Now. 

Go to the Restrictions tab under My Blueprint and you’ll see a sub-section Supervised Devices Only. Check the box you want to apply and click Save Restrictions. Jamf Now lets you configure Restrictions over the air and in bulk.

To setup supervision you have to enrol in Apple DEP. To learn more about supervision, visit this Apple support document. 

Jamf Now features that require supervision are:

• Wallpaper—You can set a custom wallpaper of your organisation
• iOS Restriction—for instance you can disable AirDrop, Apple Store, iTunes Store, Camera, iMessage, ability to take screenshots and more
• Lost Mode—Disable and locate a lost iOS device
• Activation Lock Bypass

Manage Device Inventory

Jamf Now is a cloud-based solution. You can access the product from anywhere and whenever you need to manage any of the devices. 

Click the Devices tab from the sidebar and it shows you in-depth inventory information about each enrolled device.

Search, sort, list and filter devices from the top of the screen. View all the Apple devices in a single place and export the data (in .CSV format) for auditing purpose.

Click the device and in the Summary tab for comprehensive details, including:

• Serial numbers
• Device assignment
• Settings configuration
• Installed apps
• Device model
• Date added
• Supervision status
• Activation status
• Blueprint Applied
• Asset Tag, and 
• Single App Mode

Pricing

Jamf Now is free for the first three devices and then $2.00 per month, per additional device thereafter. There are no contracts or commitments so you cancel at any time. It really is a flexible pricing model that ensures the best value for your business.

Conclusion

In business and educational institutions, IT responsibilities are split between employees to save money. If there's a large number of devices, managing them is not a trivial task. Jamf Now saves time and money.

It is a cloud-based solution so you can manage the device inventory even from home. Jamf Now web-based dashboard does a good job to simplify complex tasks such as assigning email accounts, setting up secured Wi-Fi, rolling out apps, locking and even wiping data remotely.

In summary, Jamf Now is an easy, intuitive MDM solution for managing Apple devices. Visit their website for more information on services they offer, training, webinars, documentation, and more.