How Jamf fits into the enterprise device management landscape

Should you consider Jamf to manage your company’s Apple devices? Here’s what you need to know.

mobile computing / devices / connectivity / mobile management / BYOD
PeopleImages / Getty Images

Earlier this summer, Jamf — a Minneapolis company devoted to bridging the gap between Apple devices and the enterprise/education market — launched a successful IPO despite the pandemic. Once a niche player, the company has emerged as the go-to provider of management solutions that take over where Apple leaves off when it comes to Macs, iPads and iPhones in business (and education). As I noted two years ago, Jamf has become a de facto replacement for Apple’s enterprise support team, placing a strong emphasis on engaging with its customers.

For IT leaders, Jamf is a bit of an outlier. The company mostly resembles other enterprise mobility management (EMM) and unified endpoint management (UEM) firms, but with a catch. While EMM/UEM vendors typically support a wide swath of clients — anything from iOS and Android to Windows 10 and Chromebooks — Jamf has remained true to its roots in supporting only Apple devices. That contrasts sharply with platforms like VMware Workspace ONE, MobileIron, and Microsoft Endpoint Manager.

To some, Jamf is a confusing prospect and easily overlooked when evaluating EMM and UEM providers and platforms. Others see the company with a stigma lingering from the days when Macs weren't really enterprise friendly, requiring a mess of  management tools that weren’t needed for Windows PCs; Jamf was one of several companies making those management and deployment tools.

While some of its compatriots have fallen by the wayside or expanded well beyond device management, Jamf has stayed in the same lane.

That strategy has paid off. The company has grown in recent years, both in headcount and in the functionality of its services, through internal product creation and via  acquisitions. Given the success of its IPO, it’s reasonable to presume it will continue to do so.

At the same time, Jamf has been developing strong relationships with major enterprise technology vendors like SAP and IBM — both of which offer Apple devices (managed using Jamf tools) to their employees and provide customers Apple-specific solutions, including standalone apps, APIs, services, workflows and best-practice guidance. If you doubt Jamf’s relationships and partnerships, check out the agenda for the company’s virtual Jamf Nation User Conference (JNUC) taking place this week.

With all the buzz about Jamf, it makes sense to learn more about it and whether its services are a good fit for your company. Here’s what you need to know.

Is Jamf an EMM service?

Yes and no. Like other enterprise mobility vendors, Jamf hooks into Apple’s mobile device management (MDM) framework for iPhones, iPads, Macs, and even Apple TVs. It also provides a comprehensive stable of products and services for connecting, managing, and protecting Apple devices in various business and education environments. That means, for the sake of a point-to-point comparison, yes, Jamf is both a mobility and endpoint management company.

But where most enterprise mobility companies want to service the broadest possible selection of devices across multiple platforms, and endpoint managers focus on managing every possible type of device (hence the term universal endpoint management), Jamf is focused on expanding its relationship with Apple and gaining a deeper understanding of its customers and their needs — particularly in key verticals like education and healthcare. This makes the company more like a service provider or integration specialist than an EMM or UEM vendor.

Can Jamf be my only EMM provider?

This question gets to the heart of Jamf’s place in the broader enterprise ecosystem. The answer, in theory, is yes — but requires a specific set of conditions. The first and most obvious: you need to be an Apple-centric or all-Apple company. While that isn’t the most common of environments, many such organizations exist. Schools and small businesses are particularly likely to be Apple-only, while in larger enterprises, whole divisions, subsidiaries, and international offices may also present Apple-only environments — even if the overall organization predominantly uses Windows.

What about companies that are Windows-only on the desktop but want to securely manage a fleet of iPhones? This scenario also fits well in Jamf’s wheelhouse. Typically, Active Directory is used to manage the Windows PCs and services, and the iPhones can be managed for their entire lifecycle using tools from Jamf.

One of the biggest pieces of news for Jamf this month is that it has leveraged its relationship with Microsoft to amplify this existing ability. The result is a system where Microsoft Endpoint Manager handles secure authentication and compliance for iPhones, while all other configuration, management, and device security is handled by Jamf. This allows customers to apply key cloud-based security and functionality like Microsoft’s conditional access platform in a consistent way while also managing deployment and services from Jamf.

This relationship is remarkable in that it doesn’t require a one-size-fits-all approach. About a decade ago, it looked as though the variety of devices might not deliver on their unique characteristics because of a drive to manage them all as if they were PCs. Instead, enterprise computing has become incredibly robust, with not just iOS but also Android, Windows 10, Samsung Knox and Chrome OS in the mix — and with each platform able to make full use of its unique attributes.

That means most companies cannot rely on Jamf alone, because they have a heterogenous amalgam of endpoints that need to be secured, managed, and maintained. In addition to Macs, iPhones and iPads, that collection of devices might include everything from Windows PCs, Chromebooks, traditional workstations, and virtual DaaS desktops to Android devices across an ever-growing sea of manufacturers and versions, and even IoT and edge computing devices.

Boiled down, this means a mix of technologies from Microsoft, Google, Apple, and others needs to be considered. The challenge becomes more daunting if you are trying to battle shadow IT — users and managers building out their own mix of devices, cloud providers, and apps, typically without IT’s immediate awareness or control.

Can Jamf coexist with other enterprise tools?

Yes. Most IT leaders can remember “the Mac crew” in creative departments who essentially got their own mini IT departments that remained a complete island in a sea of Windows PCs. Virtually everything from app selection to deployment to help desk for Apple products was its own entity. In many cases, there was no option for running traditional enterprise tools like CRM and ERP systems on those Macs. Even where there was, it wasn’t uncommon to see the Mac users working with a completely different product from the Windows users. There was no real sense of integration with other members of the corporate team.

This can certainly still be the case, but as organizations become multi-platform, each device or OS becomes less important. The IT value today is in enabling business transformation and supporting digital initiatives. The real “platform” becomes the cloud solutions and collaboration products that enable business to move forward as quickly as possible. This requires a change in thinking: the device itself is irrelevant as long as  access to data, apps, and services is transparently available across platforms.

Jamf can integrate with other enterprise systems to make that possible.

Can’t I manage Apple devices using other EMM products?

Absolutely. Apple’s open MDM framework and related tools such as Apple Business Manager are available to all enterprise management companies; several have implemented those core features, most with support for additional platforms beyond Apple’s. Jamf’s capabilities continue beyond the core ability to configure, manage, and secure devices.

Jamf can be seen as a strong value-add that goes well beyond core requirements. This means if you already implement Apple device management via another EMM provider and rely on it for devices beyond Apple, such as Android devices, the two can coexist, and you can deploy them in parallel, allowing the most appropriate tool for each device or situation.

One significant way in which Jamf goes further than typical EMM providers is in its purpose-built solutions for specific types of organizations. During his JNUC keynote Tuesday morning, CEO Dean Hager offered several powerful testimonials from the healthcare frontlines and from school districts that have had to shift to distance learning. In education, he noted that Jamf took its existing classroom management tools and built out features for parents who now must facilitate learning at home.

Similarly, one of Jamf’s strongest benefits is that a Jamf deployment can be malleable to what's needed by each organization. The company takes an active hand in understanding how its customers use its products and sharing that information. This allowed the company to help customers pivot very quickly at the beginning of the pandemic. Jamf’s user community is also one of the most active and invested out there; by itself, it's almost a feature.

Competing with an entire IT stack

One of the challenges in the EMM landscape is that the major products come from companies that offer one-stop shopping for your entire IT stack. Microsoft, VMware, and Citrix, for example, all focus on being a complete solution, thus simplifying procurement decisions. Although you can implement them individually (VMware’s Workspace ONE without vSphere, its server virtualization platform, for example), the greatest overall IT value is often that coordinated product mix.

This presents both a problem and opportunity for standalone options, including Jamf (and MobileIron, another leading EMM vendor). The problem is that it’s just easier and cheaper to go with the full-stack approach. The opportunity lies in being able to perform specific operations better and to deliver measurable value.

That is where Jamf ultimately sits — as an add-on or part within a greater ecosystem. In that role, it can provide greater connective tissue with both integrations and how devices are used (as well as managed). Jamf doesn’t tick most of the EMM boxes, but those it does tick it does incredibly well. This often means that Jamf is seen as going head-to-head with your primary infrastructure provider, which often checks all the boxes to one degree or another, particularly where cost comes into question.

Is that value enough?

Ultimately, Jamf’s place within an IT deployment environment can be seen as a want, not a need, because other products look better on paper. The question then becomes whether or not that value is worth the cost — a decision that will vary profoundly from one organization to another.

The one piece of guidance I’d give on that question is to trial Jamf and determine via a center of excellence or pilot project what value it offers and whether or not it makes sense to build the case for expanding Jamf to a larger group or company-wide.

Copyright © 2020 IDG Communications, Inc.

Bing’s AI chatbot came to work for me. I had to fire it.
Shop Tech Products at Amazon