As Apple deprecates, JAMF integrates.
That's the feeling I got from the keynote at JAMF's annual JAMF Nation User Conference (JNUC). Apple has been moving to deprecate and decommission many components of its macOS Server platform this year as if it decided to take a back seat to managing its products in enterprise and education.
One of the big take aways from JNUC this week is that JAMF is positioning itself in the driver's seat and doing a phenomenal job of integrating all of Apple's platforms into enterprise environments. In addition to taking the lead for deploying Apple products, JAMF has also made its user conference one of the most significant for enterprise IT in general.
The playing field, 2018
Since it launched support for enterprise device management in 2010 (alongside the iPad, iPhone 4, and iOS 4), Apple has remained generally on the sidelines of the mobile device management (MDM) and enterprise mobility management (EMM) game it gave birth to with MDM support on the iPhone and iPad. Rather than creating a first-party proprietary management console, Apple created an open MDM framework that third parties could access across a level playing field of capabilities.
That approach has allowed a number of candidates to put their own spin on managing Apple devices and integrating them with other enterprise tools. In the near decade since, several companies have taken up the challenge and the market has solidified around a handful of vendors. The vast majority integrate mobile management with their other enterprise products and solution stacks - Microsoft, VMWare and Citrix are prime examples. JAMF and MobileIron, in contrast, see EMM as a solution to be approached on its own, aiming to be the best options in their respective categories without trying to sell companies everything but the proverbial EMM kitchen sink.
JAMF's mandate is specific to Apple and uses Apple's tools. Unlike MobileIron and other EMM vendors, it has a consolidated focus on the devices, OS platforms, and capabilities that come out of Cupertino, allowing it to better serve enterprise users and make any part of the management process virtually invisible to those users.
'There's no step three'
One of JAMF's marketing messages, and indeed the entire theme (and name) of this week's keynote is "there's no step three." Longtime Mac users will recognize the phrase from Apple's launch of the original iMac in 1998. In messaging and commercials for the iMac, a new user would plug in the computer and a network cable, and be ready to connect to the internet right out of the box - the only two steps needed to be up and running.
JAMF has taken this message and applied it to Apple devices in the enterprise. CEO Dean Hager recounted his first day at JAMF in which he found Apple solutions in his office with a post-it note from IT instructing him to open the box and power on each device; there was no step three, only a heart, signed "IT." JAMF eventually rolled that post-it note tack into its marketing message. It speaks to the vision of enterprise IT as properly being "invisible" to users when they are onboarded into a company or need Apple device deployment. Put another way, the company wants users to have an Apple-like experience where everything magically happens behind the scenes and users have everything "just work."
Hager and various enterprise tech luminaries - IBM CIO Fletcher Previn, Microsoft exec Brad Anderson and SAP's vice president of mobility, Martin Lang - highlighted this out-of-the box-experience, while pointing out the Apple and JAMF technologies underlying the process. In many ways, the event felt very much like an Apple product launch, which fits with the Apple experience JAMF is in effect offering.
IBM open sources its Mac@IBM model
The keynote wasn't just noteworthy by itself. IBM's Previn shared some monster stats about how large its Mac@IBM program has become.
Macs now account for a quarter of all IBM laptops deployed worldwide, numbering 135,000. (That's in addition to 40,000 iPads and 90,000 iPhones.) IBM also provisions 150,000 laptops a year, which means this is an ongoing and expanding deployment that can only be called massive. In addition, IBM has a program allowing users to purchase their computer when the next refresh cycle gives them a new one (typically every three years).
The biggest news is that IBM is open sourcing its Mac@IBM program and putting all of its key components on github for anyone to look at, modify and share. This means that everything that IBM has learned about properly deploying, managing and supporting Apple devices in the workplace has an seriosuly useful reference to start with and refer back to as needed.
Microsoft Intune, authentication and JAMF
In some respects, JAMF and Microsoft are competitors. Microsoft's Intune system management solution can be used as an EMM platform in its own right and it supports managing both Apple and Android devices in the enterprise. But sometimes competition takes a back seat to collaboration. Anderson and Hager demonstrated some of the capabilities of Intune, in particular the conditional access features that rely on a trio of trusted conditions - trusted user, trusted device and trusted app - to secure access to business content across an enterprise.
Anderson and Hager showed both the IT setup and user experience of this layered, but largely invisible, process and included Microsoft's passwordless Microsoft Authenticator feature and Azure Active Directory. They also showed the self-service capabilities in allowing a user to understand and resolve situations like being denied access to a file without needing to call on the help desk.
This self-service capability is a JAMF hallmark. And the newest JAMF releases have indicators visible for new features in JAMF's management console along with interactive tutorials that can be viewed inline for specific functionality without leaving the console.
A big part of these new capabilities is a streamlined integration with Azure Active Directory that allows a user to sign into a Mac with their Azure AD credentials. Account setup and synchronization with Azure Active Directory will happen automatically behind the scene thanks to JAMF Connect. (It's based on NoMAD, which JAMF acquired last month.)
SAP opts for JAMF despite extra costs
SAP represent another large Apple deployment - 17,000 Macs, 83,000 iOS devices and 170 Apple TVs - that's managed by JAMF while also using Microsoft's enterprise mobility solutions. Computerworld blogger Jonny Evans has more details on SAP's deployment, but there is one major point that Lang made on stage worth exploring: SAP chose JAMF over competing EMM options even though those alternatives could also manage non-Apple devices.
This is an important point about JAMF. As I noted, most EMM products are made by enterprise vendors that offer one-stop shopping for an entire IT stack and the simplified management - often with reduced costs because features are bundled together - they offer. IT admins often look to so-called "single pane of glass" options, meaning a single solution, a single management console and an integrated toolset for managing everything. This is the premise of unified endpoint management (UEM), one of the latest IT trends.
As I noted earlier, JAMF is an outlier in the UEM universe because the company focuses only on Macs and iOS devices. That means it has to be able to offer features or an experience that is superior to the competition to get companies to choose the added expense and learning curve involved in adding another IT vendor to the corporate mix. Based on the number of attendees at JNUC - and the growing size of JAMF's customer base - that many companies see enough value to justify this.
At JNUC, peer networking is a boon
Although I didn't attend JNUC this year, I have done so in the past and there is a different energy than at user conferences of other larger enterprise customers. There is a more colligeate feel to the entire event and the same sense of excitement that accompanies an Apple event.
The networking opportunity at this event is important because admins and techs that manage Apple devices are often outliers in their own IT organizations; Apple's technologies still have a whiff of consumer air attached to them and have historically been outside mainstream IT environments. Having a week to network, time to discuss Apple-related issues with peers, and access to ideas about how to make a Mac or iOS deployment more effective is a rare opportunity. That makes JNUC a powerful experience, whether you're managing a corporate fleet of devices, a small school district deployment, or offering consulting services. Even Apple-focused IT pros not using JAMF's products can gain a lot.
In the end, JNUC provides a platform to showcase Apple in real-world enterprise environments and it reinforces the message that Apple is an enterprise vendor - even if it seems to be focused mainly on consumers.