Valencia College JAMF Managed Apple Devices

Summary

Changes are coming to the way MacBooks and iPads are managed at Valencia. Faculty/staff members who utilize MacBooks for their daily workflow whose devices are refreshed after July 2024 will have their new refreshed Mac enrolled in a management platform (MDM) called JAMF.

Enrolling Macs and iPads in JAMF allows OIT to provide improved support to the Apple community at Valencia in these areas:

  • Self-service distribution of software and applications directly to Macs without needing technician assistance.
  • Scheduled OS and application patch management.
  • Ability to set consistent default application and system preferences to allow a more uniform experience.
  • Improved endpoint security including full disk encryption, malware detection and response via onboarding to Microsoft Defender for Endpoint, client firewall enablement, tighter controls on unauthorized/unlicensed software, and security policy enforcement.
  • Mac login passwords synced automatically with Atlas network passwords, and device logins are now protected using MFA prompts via Microsoft Entra ID.
  • Hardware inventory reporting allowing appropriate OIT support teams to provide proactive device support.

These management improvements allow OIT to provide the same level of support for Apple devices as for existing Windows PCs which has been missing until now.

What to Expect

Software Center

macOS applications are now delivered using the JAMF Software Center, similar to how they are currently distributed for Windows PCs. When your Mac is enrolled in JAMF, you will automatically have access to Software Center and the applications available through it.

To open Software Center, click the Valencia logo in the Dock, open from Launchpad, or open from the Applications folder.

Uploaded Image (Thumbnail)

Uploaded Image (Thumbnail)

Uploaded Image (Thumbnail)

After launching Software Center, you can access common Bookmarks or click Browse to view the list of apps available.

Uploaded Image (Thumbnail)

Uploaded Image (Thumbnail)

Simply click the Install button under an app’s icon to install that app. When the app is finished installing, it can be opened from the Applications folder or from Launchpad, just like any other installed app.

Scheduled Software Updates

macOS system updates will now be scheduled at regular intervals, typically once per month to conincide with software updates that are typically deployed for Windows PCs. This is to ensure that macOS is kept up-to-date with the latest security patches.

You will see a notification pop up when a managed update is available and scheduled for your Mac.

Likewise, when updates are scheduled for specific applications (e.g., Google Chrome, Adobe Acrobat, Firefox, Microsoft Edge, etc.), you will see pop up notifications for these as well.

Uploaded Image (Thumbnail)

Uploaded Image (Thumbnail)

Endpoint Security Experience

Information security policies that have been enacted at the College apply to all endpoint devices that are issued by the College, however until now it was not possible to enforce many of these policies on Apple devices. These policies are currently enforced on Windows PCs.

When your Mac is enrolled in JAMF, these security-centered policies will apply:

  • User accounts will not have local administrator rights by default. This is to ensure that devices cannot be tampered with lessening the security of the device. Almost all of the functionality of macOS does not require local admin rights and configuration profiles are applied by the JAMF MDM that allows approved system changes, including Privacy & Security settings and application installs via Software Center.
    • In circumstances where local admin rights are required for daily workflows, this can be requested by submitting a Request for Local Administrator Rights. Each case will be reviewed and approved on a case-by-case basis.
  • FileVault disk encryption will be enabled by default. You may be prompted to enable FileVault the first time you login to your new Mac—if prompted, you will not be able to proceed until FileVault is enabled. FileVault encryption helps prevent data breaches in the event the device becomes lost or stolen. Recovery keys are backed up automatically to JAMF and can be provided by OIT where necessary.  Uploaded Image (Thumbnail)
     
  • Macs enrolled in JAMF are automatically onboarded to Microsoft Defender for Endpoint (MDE), which is Valencia’s unified platform for endpoint malware detection and response and vulnerability management.Uploaded Image (Thumbnail)
     
  • The macOS client firewall is enabled by default and cannot be disabled. This layer of protection prevents unauthorized individuals and programs from connecting to your Mac remotely.Uploaded Image (Thumbnail)
     

User Logins

User logins on Macs enrolled in JAMF will now utilize single sign on using Microsoft Entra ID. This enables the following benefits:

  • Any user can login to any Mac using their own account credentials without requiring assistance from an OIT technician.
  • Mac login passwords are automatically synced with Atlas login credentials.
  • MFA prompts prevent impersonating logins at the device level.

Logins on Macs will follow this procedure:

  1. Enter your full @valenciacollege.edu email address on the Sign In window.Uploaded Image (Thumbnail)
     
  2. Enter your password if prompted, and complete the MFA prompt.Uploaded Image (Thumbnail)
     
  3. Enter your password again to sync the password to your local Mac account.Uploaded Image (Thumbnail)
     

Conclusion

The changes mentioned are intended to improve the security stature and user experience of Apple devices at the College. Should you have any questions, please do not hesitate to contact the OIT Service Desk at (407) 582-5555, or by submitting a ticket at valenciacollege.edu/ithelp.

Print Article