FAQ: Jamf Apple Device Management
Brief description of the service and overview of purpose
What is Jamf?
Jamf is a software system for managing Macs, iPhones, iPads, and other Apple devices owned by the University. It includes a cloud service, a small agent program that runs in the background on each device, and a self-service client application. Jamf leverages infrastructure provided by Apple for Mobile Device Management (MDM.)
Why is Lehigh using Jamf?
Primarily, Lehigh is using Jamf to improve the security of University information stored on Macs and iOS devices. The system also offers the potential of making software distribution simpler and easier, and assisting LTS in gathering data for planning the efficient management and support of Lehigh-owned Apple devices on campus.
How does Jamf affect my device?
The device management software allows LTS to enforce key security policies by configuring requirements for passwords, maintaining important information about disk encryption, mitigating security vulnerabilities, and keeping application software up-to-date. As well, it records details about the system's hardware and operating system in an inventory for LTS personnel. No personal information is collected.
What is the Lehigh Jamf Self-Service app?
Once a device is enrolled, an app is automatically installed that allows for user self-service for additional software or settings. On Macs, it appears in the 'Applications' folder, and is called simply 'Jamf Self-Service'. Additional items will be added to Self-Service in the future.
Do I still have administrative control of my Mac?
Yes. By default, Jamf enforces a few specific ACIS computing policies, such as retaining a backup of your FileVault2 encryption key in case your system needs to be decrypted for support. The software notifies users of any changes Jamf makes to the system. Existing Administrators will retain all other rights and privileges.
How does Jamf get installed?
Jamf calls the process 'enrollment'. Since March 2019, all new purchases made through Lehigh's Apple account (Macs, and iOS) get automatically enrolled, so that they 'check in' with Lehigh Jamf as soon as they're first powered on and connected to the Internet. Computing Consultants can assist with enrolling existing devices, or to discuss the merits of a full erasure and redeployment with automated enrollment.
Does Jamf back up my Mac?
No. Jamf does not automatically provide any backup of user data on Apple devices. LTS recommends that Macs are backed up via Lehigh CrashPlan and/or the built-in Time Machine feature. iPhones and iPads can be backed up to iCloud.
Can I opt out or unenroll?
Exceptions to Jamf administration will need to be approved by LTS Security on a case-by-case basis. Generally, enrolled devices should remain enrolled until they're no longer university property.
If my system didn’t check in with Jamf, what should I do?
Try to run these commands in the terminal:
- jamf checkJSSConnection. → This command will check the connection and usually the result will be:
issaawwad@dyn237233 ~ % jamf checkJSSConnection
Checking availability of https://lehigh.jamfcloud.com/...
The JSS is available. - sudo profiles renew -type enrollment
- sudo jamf recon
- sudo jamf policy
For immediate help, contact the LTS Help Desk (Hours)
EWFM Library | Call: 610-758-4357 (8-HELP) | Text: 610-616-5910 | Chat | helpdesk@lehigh.edu
Submit a help request (login required)