Apple OS Deployment Guide for the Enterprise

Similar documents
A COMPREHENSIVE GUIDE. Mac Management FOR BEGINNERS

What s New for Enterprise and Education ios 11, macos High Sierra 10.13, tvos 11, and deployment tools and services

Apple Device Management

QuickStart Guide for Managing Computers. Version

Managing Devices and Corporate Data on ios

Apple Device Management

VMware AirWatch tvos Platform Guide Deploying and managing tvos devices

VMware Workspace ONE UEM Apple tvos Device Management. VMware Workspace ONE UEM 1811 VMware AirWatch

QuickStart Guide for Managing Computers. Version

Deploying ipad to Patients Setup Guide

VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes

VMware Workspace ONE UEM Integration with Apple School Manager

VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes

Simplifying Device Enrollment and Content Distribution Using the Device Enrollment Program, the Volume Purchase Program, and the Casper Suite

Apple TV Management. Moving education forward

Deploying ios Devices with the Casper Suite and Apple Configurator. Technical Paper June 2012

Deploying. Mac. Five best practices

Apple TV Management. Moving higher education forward

ios Deployment Overview for Enterprise

Security Considerations for Apple in the Enterprise

Apple Deployment Programs Volume Purchase Program for Education Guide

macos Security Checklist:

macos Security Checklist:

VMware AirWatch Integration with Apple Configurator 2 Guide Using Apple Configurator 2 and AirWatch to simplify mass deployments

jamf Nation - London Roadshow

Deploying ipad to Patients

Integration with Apple Configurator 2. VMware Workspace ONE UEM 1902

Casper Suite Release Notes. Version 9.0

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Vodafone Secure Device Manager Administration User Guide

Apple Deployment Program Volume Purchase Program for Education Guide

QuickStart Guide for Mobile Device Management. Version 8.7

ipad in Business Mobile Device Management

QuickStart Guide for Managing Computers. Version 9.73

Apple Business Manager Beta Help v1.0

Security Challenges: Integrating Apple Computers into Windows Environments

QuickStart Guide for Managing Computers. Version 9.32

ios Supervised Devices

FileWave 10 Webinar Q&A

Managing Windows 8.1 Devices with XenMobile

Integrating with Microsoft Intune to Enforce Compliance on Macs Managed by Jamf Pro. Technical Paper Jamf Pro or Later 14 December 2017

VMware AirWatch Express Documentation. VMware Workspace ONE UEM 1810

AirWatch Express. VMware Workspace ONE UEM 1902

Telenor MDM. Note Apple VPP ( )

3CX Mobile Device Manager

Integrating with Microsoft Intune to Enforce Compliance on Mac Computers Managed by Jamf Pro

Integrating with Microsoft Intune to Enforce Compliance on Macs Managed by Jamf Pro. Technical Paper Jamf Pro or Later 16 July 2018

Casper Suite Release Notes. Version 9.6

ZuluDesk Management System is a powerful Mobile Device Management (MDM) solution designed for schools to manage their Apple devices over WiFi.

Systems Manager Cloud-Based Enterprise Mobility Management

QuickStart Guide for Managing Mobile Devices. Version

Mobile Device Management 101. Get more out of ipad in Education

Casper Suite Release Notes. Version

VMware AirWatch ios Platform Guide Deploying and managing ios devices. Workspace ONE UEM v9.4

Casper Suite Release Notes. Version 8.5

ForeScout Extended Module for VMware AirWatch MDM

What s New in Device Configuration, Deployment, and Management

Mac Five reasons to offer OS X now

Mobile Device Management. Get more out of ipad and iphone in higher education

Parallels Mac Management for Microsoft SCCM. Deployment Guide and Pre-Install Checklist. v6.1

VMware AirWatch Express Guide Managing your organization's mobile devices

Mobile Device Support. Jeff Dove February

If we provide the device, it is managed through Citrix XenMobile Enterprise. If you want access to our internal sites, then you have to be managed

Verizon MDM UEM Unified Endpoint Management

School District of Milton of Milton

BRING MAC TO THE ENTERPRISE WITH A MODERN APPROACH TO MANAGEMENT

JAMF Nation Roadshow. Sachin Parmar End User Toolset Manager

ipad in Business Security Overview

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

2016 Survey MANAGING APPLE DEVICES IN HIGHER EDUCATION

VMware AirWatch ios Platform Guide Deploying and managing ios devices

Phil Schwan Technical

VMware AirWatch Android Platform Guide

Building a BYOD Program Using Jamf Pro. Technical Paper Jamf Pro or Later 2 February 2018

IPHONE DEP REGISTRATION... 4 IPHONE DEP REGISTRATION... 3

GlobalSign Enterprise Solutions

Use Jamf Self Service to upgrade to macos Mojave

AirWatch Container. VMware Workspace ONE UEM

ForeScout Extended Module for MobileIron

Jamf Pro Release Notes. Version

Casper Suite Release Notes. Version

VMware AirWatch Express Guide Managing your organization's mobile devices

ios 9.3 ipads & iphones What you need to know! Jere Minich, APCUG Advisor, Region 5 Program Chair, Lake-Sumter Computer Society

AXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure

ios Deployment Reference

VMware AirWatch Tizen Guide

VMware AirWatch ios Platform Guide Deploying and managing ios devices

Dell Management Portal. Apple Device Enrollment Program

PrinterOn Mobile App MDM/MAM. Basic Integration Guide

AirWatch for ios Devices

Systems Manager. Endpoint Management

Six steps to control the uncontrollable

IBM MaaS360 with Watson Evaluator s Guide. Version 2.2

!!! ipad Support Training Student Workbook

SIMPLIFY MULTI-PLATFORM ENTERPRISE MOBILITY MANAGEMENT

macos Sierra Technical Training

GUIDANCE ON ELECTRONIC VOTING SYSTEM PREPARATION AND SECURITY

Administering Adobe Photoshop Touch with the Casper Suite. Technical Paper April 2012

VMware AirWatch - Mobile Application Management and Developer Tools

VMware AirWatch ios Platform Guide Deploying and managing ios devices

Transcription:

Apple OS Deployment Guide for the Enterprise So your organization is about to deploy Mac, iphone, ipad and/or Apple TV to your users and you re not sure where to start? That s where the Apple management experts can help. Since 00, Jamf has helped organizations across the globe ensure their Apple programs are a success. This guide highlights the steps needed to deploy your entire Apple ecosystem successfully across your organization using Jamf Pro and Apple Business Manager. Follow these 5 steps for success 4 5 PREPARE CONFIGURE DEPLOY PURCHASE APPS AND BOOKS MANAGE

Prepare. Sign up for Apple Business Manager Enroll your organization at https://business.apple.com. Get your Apple Customer Number or DEP Reseller ID this is required for Apple Business Manager. The first Managed Apple ID created will be your Apple Business Manager Administrator account. Your organization can have up to five Administrators in Apple Business Manager. Create additional Managed Apple ID accounts to delegate access for other roles, such as People Manager, Device Manager, Content Manager and Staff. Each user s Managed Apple ID can hold one or more of these roles.. Consider your Apple ID strategy With macos 0., ios 9 and tvos and later, you can choose to deploy apps to either users Apple IDs or directly to a device. Choose whether or not to use Apple IDs based on your app deployment preference. Device-based assignments are strongly recommended for all deployments. This removes all prompts for end users and streamlines app deployments. Additionally, employees may use personal Apple IDs for icloud, imessage, FaceTime and more. Apps will be assigned directly to devices and are not linked to the employee s Apple ID. User-based assignments require that end users accept app assignments by providing their Apple ID and password. User-based assignments allow apps to be re-downloaded on multiple devices owned by an employee and is required for the assignment of books.. Ensure stable Wi-Fi and networking Strong Wi-Fi and modern networking are critical for a successful deployment. Make sure your organization has enough bandwidth and wireless routers to handle all of your new devices. Ensure that your devices can properly access the sites and ports required for mobile device management (MDM) and app deployment. See https://support.apple.com/en-us/ht0944 for detailed requirements. Apple + Cisco Apple and Cisco have partnered together to make an optimal wireless network experience while using Apple devices. To find out more about this partnership, click here. You will need to select how you plan to host Jamf Pro on your network. The vast majority of customers choose Jamf Cloud because of its ease of use and seamless scalability, though your organization may have unique requirements for alternate hosting methods. To learn more about infrastructure planning, click here.

Prepare 4. Link Jamf Pro to Apple Business Manager Create one or more MDM sververs within the Devices section of Apple Business Manager. You will need to download a public key from Jamf Pro to create this MDM server. You will then be able to download a server token from the Apple Business Manager to add to Jamf Pro. Once linked, you can assign new devices to be managed by Jamf Pro with serial numbers, order numbers, or even platform type within Apple Business Manager. What is Jamf Pro? Jamf Pro is a comprehensive management system for Apple macos computers, ios and tvos devices. With Jamf Pro, IT admins proactively manage the entire lifecycle of all Apple devices.

Configure. Build your configuration profiles Configuration profiles are XML files that act like a recipe for your device settings and are deployed via Jamf Pro. Build your profile ingredients in Jamf Pro with settings such as: Wi-Fi, email and VPN. Consider building different profiles for different groups of users in your organization. Policies for macos Supervision for ios Policies are a more advanced method to configure macos by talking directly to the operating system (OS) and executive commands such as: Managing software updates, setting up printers, and enabling FileVault disk encryption. Both profiles and policies are built and deployed within Jamf Pro. Supervision allows for a higher level of management, including locking the MDM profile and managing Activation Lock. Supervision can be done automatically via Apple Business Manager and configured in Jamf Pro (see next step). Alternatively, you can manually supervise an ipad via Apple Configurator over USB.. Configure Jamf Pro for initial set up options The PreStage Enrollment settings in Jamf Pro lets you define how the Apple device behaves out of the box. From here, select options to customize the enrollment experience and define device configurations. For additional security and customization, you can require end users to authenticate using a directory services account (like Active Directory). Alternatively, you can assign users to devices after enrollment using Jamf Pro.

Configure. Choose the best method for provisioning Jamf Pro has the ability to prepare Macs, iphones, ipads and Apple TVs just like other tools for PCs. Zero-Touch Provisioning With zero-touch, user-driven provisioning, organizations can leverage Apple Business Manager to automatically enroll Apple devices to Jamf Pro, which triggers profiles, policies and management commands to install apps and configure settings. User-driven provisioning is the ideal method to prepare Apple devices. IT-Assisted Provisioning If your organization doesn t have access to Apple Business Manager, you can leverage IT-assisted provisioning to build smaller modules on top of an existing macos instance. Additional settings and apps are then added via profiles or policies (macos only). What about existing Mac computers on your network? Recon is an app that is included with Jamf Pro, designed to scan your network for Mac computers that are not managed by Jamf Pro. The network scanner in Recon allows you to remotely enroll multiple macos computers. It scans specified IP ranges and enrolls any computers that it can connect to over SSH (Remote Login). What is Activation Lock? Activation Lock is a feature of ios designed to prevent someone from using a device if it s lost or stolen even if the device is erased. Customize your Activation Lock behavior as part of PreStage Enrollment settings with Jamf Pro 0.7 and later. Allow users to enable Activation Lock when turning on Find My iphone, linking that device to the individual s Apple ID. Activation Lock can often cause problems for IT if they are reassigning devices to new users. Jamf Pro can solve this by allowing IT to bypass Activation Lock on a supervised device. Enable Activation Lock on devices at time of enrollment to enforce Activation Lock without any need for end users to sign in with an Apple ID (Apple Business Manager required). Note: Some organizations choose to disable Activation Lock and utilize Lost Mode when dealing with lost or stolen devices. Instead of disabling a lost or stolen device, Lost Mode would allow an IT admin to temporarily disable a device, display a Lost Device message and collect the approximate GPS location of the missing device. Lost Mode is not available if a device is restored while in Activation Lock.

Deploy Devices For Mac Building a plan for handing out new Mac computers is crucial for a successful deployment.. Consider two different levels of IT involvement when building your plan:. IT-Assisted IT builds policies and profiles in Jamf Pro. IT receives a new Mac, unboxes, sets up local account. Enrollment package is added on top of the standard macos install. 4 Additional policies and profiles are applied over the air for settings and software. 5 New Mac is handed to the end user.. Zero-Touch IT builds policies and profiles in Jamf Pro. New Mac computers are sent directly to end users. End users unbox and set up the local account. 4 Enrollment package is automatically applied over the air via automated MDM enrollment through Apple Business Manager. 5 Policies and profiles are applied over the air for settings and software.

Deploy Devices For iphone, ipad and Apple TV Make a plan for distributing your devices to users.. Consider different levels of IT involvement for handling new devices:. IT-Driven IT unboxes devices. IT walks through the Setup Assistant. IT enrolls the device. 4 IT downloads apps for the user.. IT-Assisted IT helps the user set up and enroll the device. User downloads apps via Self Service.. User-Driven User unboxes devices. Sets up, and auto enrolls device via Apple Business Manager. IT enrolls the device. User downloads apps via Self Service.

Deploy Devices. Enroll your devices Device management begins with enrolling a device. Choose from one of these methods: Automated MDM enrollment with Apple Business Manager (recommended). User-initiated enrollment via web page or email invitation. Apple Configurator enrollment via USB.. Turn on devices ipads and iphones in Apple Business Manager will automatically enroll with Jamf Pro. Configuration profiles, apps and books will automatically install from Jamf Pro. Self Service will appear. Integrate with Directory Services Jamf Pro integrates with common directory services like Active Directory for user data and group memberships. Users can authenticate to Self Service using directory service credentials. You can also scope profiles, apps and books to directory user groups. Use the set up assistant in Jamf Pro to configure your directory services automatically.

4 Purchase Apps and Books. Purchase Apps and Books in volume with Apple Business Manager Buy licenses (recommended): License the content to your users. Your organization retains ownership of apps (but not books), allowing you to revoke and reassign them as needed.. Assign Apps and Books There are two ways to assign apps. The following steps outline both device-based Apps and Books (recommended) and user-based (Apple ID required) Apps and Books app deployment. Assign to devices (device-based app assignment) Apps will be deployed directly to devices. No invitations necessary. Device-based apps require macos 0. or higher devices for Mac and ios 9 or later for iphone and ipad. Scope apps and other content directly to devices within Jamf Pro. Assigned content will automatically download to the device. Or your content can be available through Self Service. Assign to users (user-based app assignment) Apps will be deployed to and owned by end users. User-based Apps and Books requires macos 0.9 or higher devices for Mac and ios 7 or later for iphone and ipad. Create an Apps and Books invitation email within Jamf Pro and scope to desired users. Users receive an email with a registration link and are guided through the process of downloading their content. Or via a push notification or prompt with Self Service.

4 Purchase Apps and Books. Build packages for additional apps (Mac Only) 4. Many other apps are available as packages outside of the App Store. Jamf also created Composer to simplify package creation for any application. Composer is part of Jamf Pro and lets you create custom packages (.pkg/.dmg). Since Composer uses a snapshot method for package building, you can deploy apps with customizations. For example, the default homepage on Chrome, or the default font on Word. Consider your app deployment strategy Use the Jamf Pro Self Service app for user-initiated app install. Silently push apps to your users or devices. What is Self Service? Self Service is an app that acts like an internal App Store for your organization. Self Service can contain App Store apps, packaged apps, ebooks, printer settings (macos only), configuration profiles, and custom policies (macos only). If you disable the App Store for users, Self Service can serve as a curated App Store for approved apps.

5 Manage. Enable your end users, give control to IT Regularly update Self Service with new content to encourage usage. Leverage Push Notifications to push important messages directly to devices. Customize Jamf Pro with Smart Groups and advanced reporting.. Manage the lifecycle of your devices with reporting With an Apple Self-Servicing Account you can integrate your Global Service Exchange (GSX) Account with Jamf Pro to retrieve warranty and purchasing data directly from Apple s global inventory database. View and sort your entire fleet s warranty status in a single location. Use this data to determine when you should upgrade or replace your hardware.. Maintain the Mac by managing software patches Keep your Mac computers up to date with OS and application patches. Build custom software packages with a simple point-and-click interface. Sign packages for frictionless deployment without security warnings. With automated patch management software notifications in Jamf Pro, you ll always know when third-party software patches are available so you can take action. Use dynamic inventory data in Jamf Pro to determine which Mac needs patches. 4. Join Jamf Nation for ideas on how to improve your deployment Jamf Nation is a knowledgeable community of Jamf Pro users helping each other. This is a free service, open to all, whether you are a Jamf customer or not. Learn from other organizations about their Mac deployment and share best practices. To learn more about how Jamf Pro can make an impact on your macos, ios and tvos management, visit jamf.com/products/jamf-pro. www.jamf.com 08 JAMF Software, LLC. All rights reserved.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback