Mobile Device Management (MDM) software secures, manages and supports mobile devices deployed across a business or enterprise. MDM enables over-the-air distribution of apps, data and configuration settings across bothmacOS and iOS devices.
Apple Mobile Device Management Made Easy With Jamf Now
The objective of MDM is to optimise the functionality and security of a device while minimising cost and downtime. The advantages of MDM are:
- Streamlines deployment of devices through a centralised location
- Painlessly configure email and Wi-Fi security settings
- Manage users’ devices remotely; lock and/or wipe lost or stolen devices
- Enable employees to bring their own devices (BYOD) to remain productive
- Manage and maintain device inventory centrally
In this tutorial I’ll show you how to set up and manage multiple Apple devices, in businesses, with Jamf Now.
Mobile Device Management Simplified
Apple device management can be time-consuming work for people not versed with technology, especially if IT is not their main job.
Jamf Now, formerly Bushel, is a simple, intuitive way for non-technical people to manage Apple devices. It is a cloud-based MDM solution for deploying multiple Apple devices in any workplace.
Device management throughJamf Nowis fast, accessible, and affordable which is ideal for small businesses that may not have an IT department and large organisations that do.
To successfully deploy devices, you’ll need
- A company email address for creating a Jamf Now account
- This same email address for creating an APNS, orApple Push Notification Service,certificate
- Separate Apple ID for enrolment in Volume Purchase Program (VPP) and Device Enrolment Program (DEP).
Setting Up Jamf Now
It’s really straightforward:
- Go toJamf Nowwebsite to create a free account
- Check your inbox for and activation email, click on the link in the email and clickLet’s Goto begin the setup procedure
For Jamf Now to work, you have to link yourJamf Now account with your Apple account to manage the devices.
Download theCertificate Signing Request.plistfile and clickGo to Step 2
Click on theGo to the Apple Push Certification Portallink and login with the company Apple ID.
Note: The certificate you create does not renew automatically. You should manually renew it every year using the same Apple ID.
Click on the blueCreate a Certificatebutton and accept the Apple Terms and Conditions.
Click onBrowseand upload theCertificate Signing Request.plistfile downloaded earlier.
You’ll now see the confirmation page. Click the blueDownloadbutton to download the certificate from Apple.
Log out from the Apple Certification Portal and go back to the Jamf Now setup page.
In the last step, click on theUpload the Push Certificateand upload the Apple certificate file. The certificate file is generally named asMDM_JAMF Software, LLC_Certificate.pem
Once you upload the file clickStart Using Jamf Now. You have to do this setup only once. Next time when you login, you’ll see the Jamf Now dashboard.
Enrol in Apple Deployment Programs
Apple Deployment Programs is a suite of programs that help you do the following:
Volume Purchase Program(VPP) lets you purchase apps, books and other content in bulk and distribute them to your organisation’s devices. This requires mobile devices using iOS 9 or later and macOS 10.11 or later on the desktop.
It also works for users without an Apple ID. An Apple ID is necessary for deploying apps to devices running iOS 8 or macOS 10.10.
Device Enrolment Program(DEP) allows you to automatically enrol organisation-owned devices in MDM without having to physically touch or prepare the devices before distributing them to users. When the user turns on the device, they complete a few basic settings and connect the device to a network.
The device contacts the MDM server—and based on the DEP configuration—it enrols and receives assigned settings, apps and content. The devices enrolled must meet the basic criteria as stated in thisApple support document.
Sign up for the Apple Deployment Program and fulfil all therequirementsnecessary for enrolment.
Setting Up the Blueprint
Blueprints in Jamf Now lets you easily customise and deploy apps and settings for groups of devices, all through the web-based portal.
TheJamf Now account starts with adefaultBlueprint.
Each Blueprint represents a different device configuration. Those configurations are—Security Settings, Email Configuration Settings, Wi-Fi Security Settings, Restrictions, Single App Modeand Wallpaper.
Login to the Jamf Now Dashboard and clickBlueprintsfrom the sidebar.
UnderMy Blueprintsyou’ll see thedefaultBlueprint. Click thedefaultBlueprint to configure different device configuration settings.
Jamf Now gives you the ability to set specific settings for device passcodes.
Go to theSecuritytab underMy Blueprintand click the check box to the right of theRequire Passcode. Click the check box for each setting and clickSync.
Passcode policy settings are assigned to all the devices without doing any manual work. Some of the passcode policies available include:
- Require complex passcode with the support of alphanumeric characters and symbol
- Minimum Passcode Length
- Maximum Passcode Age
- Maximum Failed Attempts
- Auto-lock on iOS, and more
Email Server Settings
Jamf Now lets you set email server settings.
Go to theEmailtab underMy Blueprintand choose the type of email account:
After selecting the mail option, click on the greenSave Email Settingsbutton.
Jamf Nowassigns this email account information to all the devices, the user just has to enter their password. Note: If you’re using Gmail, then you have to enableAccess for less secure appsin the Gmail settings.
Wi-Fi Security Settings
Jamf Now allows you to deploy settings for Wi-Fi networks to all the enrolled users.
Jamf Now supports WEP, WPA, and WPA2 (recommended). Go to theWi-Fitab underMy Blueprintand clickAdd a Wi-Fi Network.
Enter theName, choose WPA2 from theSecuritydropdown list, enter thePasswordand clickSave Changes. The network now shows up in the Wi-Fi Networks list. The user only has to choose that network; no need to type-in a password.
Jamf Now supports a number of restrictions for iOS devices that helps you keep your organisation’s data secure and keep users productive.
Some restrictions require supervision. It’s a mode that allows Jamf Now to provide a higher level of device management capabilities over the air.
When you supervise an iOS device, you can applyadditional restrictions withJamf Now.
Go to theRestrictionstab underMy Blueprintand you’ll see a sub-sectionSupervised Devices Only. Check the box you want to apply and clickSave Restrictions. Jamf Now lets you configureRestrictionsover the air and in bulk.
To setup supervision you have to enrol in Apple DEP. To learn more about supervision, visit thisApple support document.
Jamf Now features that require supervision are:
- Wallpaper—You can set a custom wallpaper of your organisation
- iOS Restriction—for instance you can disable AirDrop, Apple Store, iTunes Store, Camera, iMessage, ability to take screenshots and more
- Lost Mode—Disable and locate a lost iOS device
- Activation Lock Bypass
Manage Device Inventory
Jamf Now is a cloud-based solution. You can access the product from anywhere and whenever you need to manage any of the devices.
Click theDevicestab from the sidebar and it shows you in-depth inventory information about each enrolled device.
Search, sort, list and filter devices from the top of the screen. View all the Apple devices in a single place and export the data (in .CSV format) for auditing purpose.
Click the device and in theSummarytab for comprehensive details, including:
- Serial numbers
- Device assignment
- Settings configuration
- Installed apps
- Device model
- Date added
- Supervision status
- Activation status
- Blueprint Applied
- Asset Tag, and
- Single App Mode
Jamf Now is free for the first three devices and then $2.00 per month, per additional device thereafter. There are no contracts or commitments so you cancel at any time. It really is a flexible pricing model that ensures the best value for your business.
In business and educational institutions, IT responsibilities are split between employees to save money. If there’s a large number of devices, managing them is not a trivial task. Jamf Now saves time and money.
It is a cloud-based solution so you can manage the device inventory even from home. Jamf Now web-based dashboard does a good job to simplify complex tasks such as assigning email accounts, setting up secured Wi-Fi, rolling out apps, locking and even wiping data remotely.
In summary, Jamf Now is an easy, intuitive MDM solution for managing Apple devices. Visit their website for more information on services they offer, training, webinars, documentation, and more.