Jamf
What is Jamf?
Jamf is a management system for Apple macOS computers. With Jamf, ITS can deploy and maintain software, respond to security threats, distribute settings, and analyze inventory data. Jamf also allows users to install licensed software from a self-service portal (Mac Software Center).
Only University-owned devices will be enrolled in Jamf. Personal devices cannot be enrolled in Jamf.
What benefits does a user receive from Jamf?
- Reliability: Your device will quickly receive software updates and patches with little to no interaction on your part.
- Time Efficiency: You will stay more productive as deployment and updating processes run in the background, freeing up more time for teaching and research.
- Flexibility: You can choose when and where to install new software or run maintenance on your device through the self-service portal.
- Security: IT technicians will manage the security of your machine so you don't have to. You can rest assured that software patches, antivirus protection, and firewalls are well maintained.
- Confidentiality: Your data and files will remain confidential; no personal data is scanned, indexed, or transmitted off your device.
- Compliance: Your device will always be in compliance with federal laws governing requirements for research or student data on University computers.
How does Jamf work?
Jamf consists of a management server cluster known as the Jamf Software Server (JSS), a small software utility known as an "agent" on enrolled macOS computers, and a Mobile Device Management (MDM) profile on enrolled macOS and iOS devices.
The agent on a macOS client checks in with the JSS at computer start up and every 15 minutes thereafter, consuming 2KB of network traffic, 4MB Real Memory, and 0.10% CPU. In addition, computer inventory is uploaded to the JSS once a day, causing less than 200KB of network traffic, 8MB Real Memory, and 3.74% CPU. On average the inventory process takes 30 seconds to complete.
An iOS client checks in with the JSS once a day, or on request by a Jamf Technician.
All client/server communication is encrypted by a certificate pair configured when the agent/profile is installed.
What information does Jamf collect?
The LUC implementation of the Jamf has been customized to collect only the data needed to support macOS computers. This information includes:
- Hardware Specifications
- Installed Applications & Usage
- Services Running
- Available Software Updates
- Local User Accounts and Login/Logout Timestamps
- Security Status (Firewall, SSH, etc)
- Connected Peripheral Devices
No personal information is collected, such as the contents or names of personal files (documents, email, etc) or any browsing history.
How is the Jamf agent installed?
A member of the Desktop Services team will need to schedule an appointment with you to install the agent and enroll your device in Jamf. Please contact the ITS Service Desk (773-508-4487) or use the ITS self-service portal to submit a request to enroll your University-owned macOS device in Jamf.
What devices does Jamf support?
Generally, Jamf can support OS X 10.12 or later and iOS 10 or later. For more information, please see Jamf Compatibility.
Is my device enrolled in Jamf?
To find out if your University-owned device is enrolled, look for the Mac Software Center (self-service software portal), which is automatically installed when your device is enrolled. The Mac Software Center is located in the Applications folder and on the Dock. The application icon is the LUC Shield Logo. See below for the application icon.
What is the Mac Software Center?
The Mac Software Center is a self-service software portal managed by LUC ITS. It is similar to the Apple App Store, but it provides customized content for University devices. This content can include University-licensed software, printers, maintenance tasks, links, and other documentation. The Mac Software Center gives users the flexibility of choosing what to install and when to install it.
Can I use the Mac Software Center when I am off-campus?
Yes, the Mac Software Center will still function when you are off the Loyola University Chicago network, however you still need an Internet connection. Depending on the speed of your network connection it may take longer for tasks to complete.
What changes does Jamf make to a Mac?
- Jamf installs the Mac Software Center in the Applications folder of a Mac. Content such as software, printers, maintenance tasks, links, and other documentation can be delivered through the Mac Software Center.
- A service account will be created on the Mac with administrative privileges to carry out tasks from the JSS. This account is hidden from the general user interface and no human knows the password to this account. The service account password is maintained and randomized by the JSS at regular intervals. SSH will be turned on and access will be restricted to the service account.
- A Mobile Device Management (MDM) profile will be installed. This profile allows Jamf administrators to remotely configure settings on the Mac. Basic security settings will be set at enrollment to ensure compliance with LUC policies. Please see LUC ITS Policies & Guidelines for more information.
- For the full list of software components that are installed by the Jamf agent, please refer to Jamf's knowledge base article: Jamf Components Installed on a Managed Workstation.
How will software be installed on my computer?
Most software installations will be initiated by clients through the self-service Mac Software Center. ITS may also install software as needed/requested.
Who has access to my computer?
Only LUC Jamf administrators have the ability to manage your LUC-issued Apple device with Jamf . Select members of ITS may have the ability to sign into your computer with a local administrator account.
Will I still have Administrative access to my Mac?
There will be no automatic changes to the privileges of your user account by enrolling in Jamf . Any existing administrator access on your Mac will be retained.
What policies are enforced?
- Your Mac will be given a barcode sticker and renamed to meet our standard naming policy: LU”BARCODE”-MAC.
- Your Mac will regularly check for and install system updates. This may require a reboot. Enforced system updates primarily target, but are not limited to, security updates. Your OS will not be changed or upgraded.
- Your Mac will have Avira (antivirus software) installed.
- Your Mac will have UISO Spirion (PII-compliance software) installed.
- Your Mac will receive “Inside Loyola” on Mondays and Thursdays.
- Your Mac will adhere to our Screen Lock Policy—it will lock after 15 minutes of inactivity and you will need to reenter to password to unlock the computer.
As the system continues to evolve, this list may expand. We encourage you to provide feedback so that we may continue to make improvements.
Where can I provide feedback?
Feedback can be provided to the ITS Service Desk, who will forward your feedback to the LUC Jamf administrators.
What is Jamf?
Jamf is a management system for Apple macOS computers. With Jamf, ITS can deploy and maintain software, respond to security threats, distribute settings, and analyze inventory data. Jamf also allows users to install licensed software from a self-service portal (Mac Software Center).
Only University-owned devices will be enrolled in Jamf. Personal devices cannot be enrolled in Jamf.
What benefits does a user receive from Jamf?
- Reliability: Your device will quickly receive software updates and patches with little to no interaction on your part.
- Time Efficiency: You will stay more productive as deployment and updating processes run in the background, freeing up more time for teaching and research.
- Flexibility: You can choose when and where to install new software or run maintenance on your device through the self-service portal.
- Security: IT technicians will manage the security of your machine so you don't have to. You can rest assured that software patches, antivirus protection, and firewalls are well maintained.
- Confidentiality: Your data and files will remain confidential; no personal data is scanned, indexed, or transmitted off your device.
- Compliance: Your device will always be in compliance with federal laws governing requirements for research or student data on University computers.
How does Jamf work?
Jamf consists of a management server cluster known as the Jamf Software Server (JSS), a small software utility known as an "agent" on enrolled macOS computers, and a Mobile Device Management (MDM) profile on enrolled macOS and iOS devices.
The agent on a macOS client checks in with the JSS at computer start up and every 15 minutes thereafter, consuming 2KB of network traffic, 4MB Real Memory, and 0.10% CPU. In addition, computer inventory is uploaded to the JSS once a day, causing less than 200KB of network traffic, 8MB Real Memory, and 3.74% CPU. On average the inventory process takes 30 seconds to complete.
An iOS client checks in with the JSS once a day, or on request by a Jamf Technician.
All client/server communication is encrypted by a certificate pair configured when the agent/profile is installed.
What information does Jamf collect?
The LUC implementation of the Jamf has been customized to collect only the data needed to support macOS computers. This information includes:
- Hardware Specifications
- Installed Applications & Usage
- Services Running
- Available Software Updates
- Local User Accounts and Login/Logout Timestamps
- Security Status (Firewall, SSH, etc)
- Connected Peripheral Devices
No personal information is collected, such as the contents or names of personal files (documents, email, etc) or any browsing history.
How is the Jamf agent installed?
A member of the Desktop Services team will need to schedule an appointment with you to install the agent and enroll your device in Jamf. Please contact the ITS Service Desk (773-508-4487) or use the ITS self-service portal to submit a request to enroll your University-owned macOS device in Jamf.
What devices does Jamf support?
Generally, Jamf can support OS X 10.12 or later and iOS 10 or later. For more information, please see Jamf Compatibility.
Is my device enrolled in Jamf?
To find out if your University-owned device is enrolled, look for the Mac Software Center (self-service software portal), which is automatically installed when your device is enrolled. The Mac Software Center is located in the Applications folder and on the Dock. The application icon is the LUC Shield Logo. See below for the application icon.
What is the Mac Software Center?
The Mac Software Center is a self-service software portal managed by LUC ITS. It is similar to the Apple App Store, but it provides customized content for University devices. This content can include University-licensed software, printers, maintenance tasks, links, and other documentation. The Mac Software Center gives users the flexibility of choosing what to install and when to install it.
Can I use the Mac Software Center when I am off-campus?
Yes, the Mac Software Center will still function when you are off the Loyola University Chicago network, however you still need an Internet connection. Depending on the speed of your network connection it may take longer for tasks to complete.
What changes does Jamf make to a Mac?
- Jamf installs the Mac Software Center in the Applications folder of a Mac. Content such as software, printers, maintenance tasks, links, and other documentation can be delivered through the Mac Software Center.
- A service account will be created on the Mac with administrative privileges to carry out tasks from the JSS. This account is hidden from the general user interface and no human knows the password to this account. The service account password is maintained and randomized by the JSS at regular intervals. SSH will be turned on and access will be restricted to the service account.
- A Mobile Device Management (MDM) profile will be installed. This profile allows Jamf administrators to remotely configure settings on the Mac. Basic security settings will be set at enrollment to ensure compliance with LUC policies. Please see LUC ITS Policies & Guidelines for more information.
- For the full list of software components that are installed by the Jamf agent, please refer to Jamf's knowledge base article: Jamf Components Installed on a Managed Workstation.
How will software be installed on my computer?
Most software installations will be initiated by clients through the self-service Mac Software Center. ITS may also install software as needed/requested.
Who has access to my computer?
Only LUC Jamf administrators have the ability to manage your LUC-issued Apple device with Jamf . Select members of ITS may have the ability to sign into your computer with a local administrator account.
Will I still have Administrative access to my Mac?
There will be no automatic changes to the privileges of your user account by enrolling in Jamf . Any existing administrator access on your Mac will be retained.
What policies are enforced?
- Your Mac will be given a barcode sticker and renamed to meet our standard naming policy: LU”BARCODE”-MAC.
- Your Mac will regularly check for and install system updates. This may require a reboot. Enforced system updates primarily target, but are not limited to, security updates. Your OS will not be changed or upgraded.
- Your Mac will have Avira (antivirus software) installed.
- Your Mac will have UISO Spirion (PII-compliance software) installed.
- Your Mac will receive “Inside Loyola” on Mondays and Thursdays.
- Your Mac will adhere to our Screen Lock Policy—it will lock after 15 minutes of inactivity and you will need to reenter to password to unlock the computer.
As the system continues to evolve, this list may expand. We encourage you to provide feedback so that we may continue to make improvements.
Where can I provide feedback?
Feedback can be provided to the ITS Service Desk, who will forward your feedback to the LUC Jamf administrators.