Securing Macs in your organisation: The basics

Securing Macs in your organisation: The basics

If you’re managing security across a large Mac estate in your organisation and finding it both intimidating and confusing, we’re here to tell you that it doesn’t have to be this way. With a little help from Apple’s built-in security features, as well as a few recommendations from Apple device management experts, your IT team can tackle common security issues with ease.

Security can be a tough nut to crack. The reality is, when you’re responsible for your business’ Mac estate, you want to ensure that you’re getting the job done properly, and that the devices can be used safely and securely. Of course, you need your Mac security to comply with existing network security measures, too.

How can macOS help?

If you’ve made the jump to macOS Sierra (which we recommend), there’s a plethora of ways it can help your Mac estate stay secure.

Regular software updates from Apple ensure that your machines always have access to the latest and safest version of macOS, while Gatekeeper protects you from any malicious apps. The safest place to download apps from is the Mac App Store, but if you’re downloading from the internet, developers can receive a Developer ID from Apple that helps Gatekeeper identify unscrupulous software and block installation from unapproved developers.

FileVault 2 keeps your data safe and secure by encrypting the entire drive on your Mac – and it’s fast and unobtrusive to boot. Users can even encrypt removable drives, which makes it ideal for securing Time Machine backups or external devices. And if you want a clean start or to give your Mac to someone else, you have access to instant wipe functionality that removes encryption keys, rendering data inaccessible, then performs a complete wipe of every last scrap of data on the disk. Best of all, it’s relatively easy to set up and initial encryption won’t take long so you can get right back to work once it’s done.

The upcoming Apple File System (APFS) looks set to revolutionise everything, including imaging, backup, OS upgrades and security. Fortunately, this is a good thing as APFS is optimised for Flash/SSD storage and features strong encryption, copy-on-write metadata, space sharing, cloning for files and directories, snapshots, fast directory sizing, atomic safe-save primitives, and improved file system fundamentals. You can read more about it here.

What do the experts recommend?

The Center for Internet Security (CIS) is an organisation specialising in cyber security. As internationally recognised specialists, they set the standard for macOS security. Making their security recommendations a part of your day-to-day practices will ensure you’ve got all bases covered.

Click here to check out a few of their benchmark recommendations for macOS security – they even provide terminal level suggestions for enabling and disabling certain features.

How can you meet security benchmarks like this for large scale Mac estates?

MDM (mobile device management) solutions like Jamf Pro allow users to control the settings, security, permissions and applications on any mobile device in your organisation, whether that be tablets, smartphones, laptops and even things like POS kiosks or mobile printers. It provides a single, centralised overview of your organisations mobile estate, no matter how many locations or platforms it covers. Such solutions also bolster device security and offer superior protection for your company data.

MDM tools should provide FileVault 2 controls so IT administrators can administer encryption and recovery keys, and can also help your organisation manage system preferences for your devices. This includes enabling FileVault 2 across your company to ensure data security, as well as iCloud preferences relating to file backup. Similarly, passwords and keys can be escrowed in Jamf Pro’s Server Inventory so you can rest easy knowing they’re stored securely in a central location.

Similarly, device management platforms are also great for handling system access, authentication and authorisation processes. This includes things like certificate distribution, with any good management tool utilising computer-level certificates to protect a company’s assets in a variety of ways. Typically, this includes certificate authentication for machines being integrated into an organisation’s network. Likewise, most management solutions should permit admins to configure a server that will act as a certificate authority, which will then be used to manage certificate services across an organisation’s computer network.

MDM tools can even help with log management, which is ideal for ensuring system and network security, and regulatory compliance. Logs are created on almost all devices, and if you’re running a large Mac estate you’re likely having to handle a large volume of them. They’re essential for analysing and solving bug issues, and testing new features during early development stages. So having a device management solution that can organise logs will save you time and money in the long run, and help you tackle future problems before they arise.

MDM solutions also support patch management, which allows admins to monitor the latest software updates for devices and applications, ensuring they’re up to date and secure – take a look at our mini guide to patch management.

Want to know more about getting started with Mac security, and how MDM solutions such as Jamf Pro can help your business keep on top of everyday IT tasks and meet security benchmarks? Give us a call on 03332 409 366, email enterprisesupport@Jigsaw24.com head to Jigsaw24.com/enterprise-support or pop your details in the form below. For all the latest news and reviews, follow us on Twitter @WeAreJigsaw24 and ‘like’ us on Facebook.

Scripting: Your need to know basics

Scripting: Your need to know basics

If you’re looking to take a more hands-off approach to your device management processes, scripting is a great way to automate day-to-day tasks such as update rollouts, security policy deployments, remote wipes, troubleshooting and everything in between.

For those that don’t know, a computer script is a list of commands that are executed by a certain programme or engine. Scripts are used to automate the execution of tasks that would normally be carried out one by one by a human operator, thus removing the tedium of repetitive processes.

There are lots of different scripting languages, but as we’re talking about device management, lets take a look at the languages a popular Mac management tool like Jamf Pro supports:

– Perl (.pl)

– Bash (.sh)

– Shell (.sh)

– Non-compiled AppleScript (.applescript)

– C Shell (.csh)

– Zsh (.zsh)

– Korn Shell (.ksh)

– Tool Command Language (.tcl)

– Hypertext Preprocessor (.php)

– Ruby (.rb)

– Python (.py)

LaunchDaemons are system processes that start up every time your device is booted. Essentially, they form part of the nuts and bolts of scripted operations, and whether you use the features they provide doesn’t matter – they’re always chugging away in the background consuming RAM. LaunchDaemons run as part of a unified framework known as launchd, which starts, stops and manages daemons, applications, processes and scripts.

Similarly, LaunchAgents are file locations that house scripts and automatically manage system processes. Unlike LaunchDaemons, they load when an individual users logs in, rather than when the device is booted. Simply put, LaunchDaemons and LaunchAgents are essential for triggering scripts and applications, as well as automating device management procedures. They can also be programmed to operate as and when you see fit – whether that’s every so often, at set intervals and so on.

With MDM (mobile device management) solutions, users can run, manage, deploy and add scripts to package sources. Package sources allow you to view and edit the attributes of a package, including files, scripts, privileges and localisations. This makes it easier to deploy devices at scale and automate processes associated with device management.

If you’re looking to effectively manage and deploy package sources, it’s essential to consider a third party solution such as Jamf Pro. Not only that, but a trusted partner (like Jigsaw24) can help you skip the steep learning curve. We can write and deploy scripts for you, and handle all the tough technical stuff to ensure your management solution and other processes are running at maximum efficiency.

If you’d like to find out more, you can download our Mac Management white paper here. Alternatively, if you need a hand with script writing give us a call on 03332 409 365 or email solutions@Jigsaw24.com. For all the latest news and reviews, follow us on Twitter @WeAreJigsaw24 and ‘like’ us on Facebook.

Your mini guide to patch management with Jamf Pro

Your mini guide to patch management with Jamf Pro

Patch management is an integral part of application security, so it should be high on your list of priorities when it comes to your Mac estate. IT admins spend hours scouring the web for software updates, but it doesn’t have to be as complex and time consuming as you might think.

Formerly a repetitive manual process, quality device management solutions like Jamf Pro have made it easy for users to ensure their software is up to date and secure. How does it do this? Well, Jamf Pro automatically notifies administrators when third party software updates are released, bypassing the rigmarole of figuring out what needs upgrading and which updates are available. This is especially handy given that so many popular third party applications churn out multiple updates a month.

Figuring out where to take action when new updates are available can also be tricky, as most organisations with thousands of machines and users are likely running different software versions. Identifying potential software vulnerabilities is a must, but thankfully Jamf Pro provides visibility into the software or app version a device is running, as well as the number of devices operating on a specific patch. All the information is compiled in an easy to understand visual, and reports can be downloaded or bookmarked so you can share your findings with colleagues. From there, you can take action as and when you need to, ensuring the security of your Mac environment.

Jamf Pro's Patch Management interface

Jamf Pro’s Patch Management interface

If you’re looking to take patch management one step further, Jamf Pro allows IT admins to automate update deployment by utilising policies and scripts. We’d recommend using a mixture of packaged scripts to guarantee a successful rollout with minimal downtime and interference.

If you’d like to find out more, you can download our Mac Management whitepaper here. Alternatively, give us a call on 03332 409 365 or email solutions@Jigsaw24.com. For all the latest news and reviews, follow us on Twitter @WeAreJigsaw24 and ‘like’ us on Facebook.

 

Jigsaw24 webinar: Deploying and managing your Apple devices

Jigsaw24 webinar: Deploying and managing your Apple devices

This webinar goes over a few of the features and technologies Apple make available to enable us to deploy and manage devices in our environments – whether it’s ten devices or 5000! We cover a few of these technologies such as Apple’s Device Enrolment Programme (DEP), why you should be using them, and how you can take advantage of them. We show how you can make the end user experience as positive as possible, how we can get devices into users’ hands, and how we can manage them in a modern environment.

Want to know more about iPad deployment and MDM? Give us a call on 03332 409 306 or email solutions@Jigsaw24.com. For all the latest news and reviews, follow @WeAreJigsaw24 on Twitter or ‘Like’ us on Facebook

Video: Zero touch MDM for iPad with Jamf Pro

Video: Zero touch MDM for iPad with Jamf Pro

We recently held a webinar all about iPad deployment and zero touch mobile device management (MDM) with the guys from Jamf. Leading the presentation, our Regional Education Manager Rob touched on the impact of iPad in the classroom with some key findings from our 1:1 iPad impact study, before handing over to Jamf Systems Engineer Dave for a demo of zero touch iPad deployment using Jamf Pro MDM and Jamf Cloud. Watch the video recap below…

Want to know more about iPad deployment and MDM? Give us a call on 03332 409 290 or at education@Jigsaw24.com. For all the latest technology in education news, reviews and articles, follow @Jigsaw24Edu on Twitter or ‘Like’ our Jigsaw24 Education Facebook page.

Apple School Manager: What you need to know to get started

Apple School Manager: What you need to know to get started

Apple School Manager is Apple’s free online management service for your iPad deployment. It hooks into your mobile device management (MDM) solution to provide exciting new functions, and replaces two Apple solutions you may already be using: the Volume Purchase Programme (VPP) and Device Enrolment Programme (DEP). Here are a few key points to help you get started with ASM… 

What does Apple School Manager do?

Currently, Apple offer the Device Enrolment Programme (DEP) to help register your devices with an MDM solution, the Volume Purchase Programme (VPP) for when you want to bulk buy apps, and iTunes U for when you want to upload and share content. Apple School Manager brings those three things under one roof, so your poor admin staff don’t have to keep track of three separate systems.

It’ll even integrate with your Student Information Systems to allow you to create bulk batches of managed Apple IDs for students and staff (these are Apple IDs that are managed by the school, but can be transferred to a pupil after they graduate, so they can still access their work).

Will our DEP and VPP accounts be converted to an Apple School Manager account automatically?

No, you will need to ask Apple to upgrade either one or both accounts for you. The process for this is different depending on whether you have a VPP account, a DEP one, neither or both. You’ll also need to do some initial setup to access the new features (we can help with this).

Is Classroom part of Apple School Manager?

Nope, that’s a separate app, although they do work together. Classroom lets you group iPad into Classes and give teachers control over all the iPad in their Class, so they can do things like launch apps when it’s time to start an activity, send and open links, lock students into apps and see what’s on pupils’ screens. Apple School Manager will let you create Classes centrally, though.

How does this interact with Shared iPad?

Shared iPad is a new feature in iOS 9.3 that lets students log into any iPad in a class set with a simple passcode and use it as if it were their own device. When they log out, all their details are hidden so that each student who uses the iPad only sees their own work. Shared iPad is not part of Apple School Manager, but for it to work your students need to be using Managed Apple IDs, which are created in Apple School Manager.

Can I get any of these features on any iPad?

iOS 9.3, the operating system that makes all this possible, will work on anything from an iPad Air, third generation iPad, iPad mini or iPad Pro up. Shared iPad is a bit more taxing, so you’ll need an iPad Air 2, iPad mini 4 or iPad Pro with 32GB or more of memory.

How do I migrate my accounts?

The process is different depending on which programmes you’re in, when you enrolled in them and whether your accounts are registered as a single institutional account or separately. It’s a bit finicky, so we’d recommend giving us a call before you make the move. However, if your IT team are confident, here’s our guide to migrating to Apple School Manager.

Want to know more about Apple School Manager? Give us a call on 03332 409 290 or at education@Jigsaw24.com. For all the latest technology in education news, reviews and articles, follow @Jigsaw24Edu on Twitter or ‘Like’ our Jigsaw24 Education Facebook page.

What’s the difference between a hosted and managed Jamf Pro deployment?

What’s the difference between a hosted and managed Jamf Pro deployment?

We’ve been helping our customers work with Jamf Pro since 2009, and have deployed more licences than any other UK provider, so there are no safer hands for your Jamf deployment. We offer Jamf Pro as a hosted service, a managed service, and a hosted, managed service – read on to find out which option is right for you. 

A hosted, managed Jamf Pro deployment (we host your server and manage all the devices)

In this scenario, you don’t have to do anything. You tell us how many devices you need managing and which permissions your various user groups will need, then we host the licences at our UK datacentre and manage the deployment and maintenance of them. If you ever want to add new licences or change settings, all you have to do is give our team a call, and we’ll arrange everything from this end.

Why choose a hosted, managed deployment? 

Predictable per device pricing. Let’s get this out of the way early. Our managed, hosted solution is billed on a per device basis, so you’re only paying for the licences you use and you don’t incur any hardware, power or cooling costs.

Focus on core skills. Maintaining another skill base in your company is a financial and logistical challenge. It takes staff away from their core tasks, which can impact the smooth running of your organisation. However, a managed solution means that our team take responsibility for the management of your licences, and your team can focus on their core capabilities.

Time savings. Don’t tie up your team managing another platform. All you have to do is tell us how you want your devices to behave. We’ll then build profiles, register devices, apply settings, monitor usage, troubleshoot and generate reports for you – just let us know your requirements and sit back while we run around on your behalf.

Secure access to a UK-based datacentre. Your licences will be hosted at our UK-based datacentre, and you’ll be given private, secure access.

A hosted Jamf Pro deployment (we host the server but you manage the devices)

All hosted Jamf Pro deployments are held in our UK datacentre, and you are given secure VPN access to the servers holding your licences. In this scenario, your team would manage the devices themselves (you can still ask us for tech support, though).

Why choose a hosted deployment? 

No onsite costs. Hosting licences in our datacentre costs you a flat, predictable fee per licence, and lets you sidestep internal hosting costs. It also means you don’t have to buy any hardware as part of your initial outlay.

You maintain ultimate control over your licences. If you’ve already got the know-how in-house, have a very delicate mixed environment that you don’t trust outsiders with, or have users whose needs and permissions will have to change frequently, you might prefer to manage your devices in-house. A hosted deployment lets you do this without having to assume responsibility for the maintenance of any new hardware.

Develop in-house expertise. Who are we to stand in the way of professional development? You may want to get members of your team trained up on Apple and Jamf Pro workflows, in which case getting the right training on managing your devices yourself is essential. Find out how we can help below.

Our expert support and training. Our accredited team offer support contracts that can include remote and onsite support, regular system health checks, access to our help desk for your end users and more, all backed up by our 25 years’ experience in mixed platform environments. We’ll even include a JSS health check as part of your service level agreement. We can also provide four levels of official Jamf Pro support, and offer training courses of our own for technical teams and end users.

A managed onsite Jamf Pro deployment (you host the server, we manage the devices)

If you want to host your own licences but don’t have the time to take on device admin or the funds to take the training that enables you to do it, choose a managed onsite deployment. Your hardware stays in your server room where you can monitor and control it, and no one has to VPN into our datacentre, but we still take care of all the behind the scenes stuff.

Why choose a managed onsite deployment? 

You can choose and check your own hardware. We’re very protective of our server room and security practices too, so we understand some people want to keep their servers where they can see them.

Obey strict storage policies without having to take on management tasks. If you don’t want to deal with Jamf Pro admin, but want or need to keep your data onsite to comply with contractual or legal obligations, a managed solution allows you to do this without taking on any additional admin tasks.

No support or training costs. Support comes under the umbrella of us managing your deployment, so there’s no extra cost for that. And with our team handling things, there’s no need to retrain your in-house team.

Already got Jamf Pro? Ask us about…

Transitioning your existing Jamf Pro deployment to the cloud. If you already have Jamf Pro onsite but would like to move to a hosted or hosted and managed setup, we can help make the move quick, seamless and cost effective.

JSS Healthchecks. If you want to keep your deployment onsite but don’t think it’s running as efficiently as it could, we also offer JSS Healthchecks. These are designed to ensure your Jamf Pro deployment and associated networking are optimised for each other, so you can improve performance without the need for costly upgrades. Find out more here

Legacy JSS If you’ve previously installed Jamf Pro (perhaps in its previous incarnation as Casper Suite) but it’s fallen into disuse or the expertise has left your organisation, call on us to give your setup the kiss of life. We’ll revitalise your hardware and policies to make sure you’re getting the most out of your investment.

Jamf Jumpstart training. This is mandatory training that Jamf insist you have if you’re going to manage your own devices (if we’re managing your devices for you, you can skip it). Depending on the size and complexity of your deployment, you could need to undertake anything between four hours of remote training and a three day onsite course that costs £3500. Ask our experts what you’ll need.

Additional training. We offer training for tech teams and end users on Apple devices, their operating systems and the solutions you can use to manage them. Get in touch with the team to arrange Jamf Pro training that’s tailored to your needs. Book your training here.

Official tech support. We offer five tiers of support for Jamf Pro deployments, all at fixed, predictable annual costs. They range from general remote support and troubleshooting packages to our Gold package, which includes eight days with an engineer onsite, six half days of dedicated remote support for ongoing issues, ongoing end user support, annual health checks of your hardware and networks, roadmaps for future system development and the packaging and deployment of up to 12 business apps.

Why choose Jigsaw24?

Scale We’ve deployed more licences of Jamf Pro and carried out more Jumpstart training than any other company in the UK.

Longevity We’ve been working with Jamf since 2009, and were one of the first companies in the UK to work with them, meaning we have the most experienced team of engineers available to you.

Apple expertise But it’s not all about Jamf. We’ve been providing Apple devices, solutions and services for 25 years. Our support team really understand your devices, their underlying architecture and how they’ll interact with Jamf Pro and your wider IT ecosystem, whether that be Windows or OS X-based.

Security As well as providing secure access to your licences, our Tier UK datacentre offers redundant power and disaster recovery in case of emergency.

Our satisfied customers include SuperGroup, Lincoln University, King’s College London, News UK, Pret-A-Manger, MTV, The AA, Jamie Oliver, Williams Lea, The Guardian, Pentland Brands and Burberry. If you’re ready to get started with Jamf Pro, or unhappy with your current provision, our team can migrate you from an onsite deployment to a hosted or hosted and managed one in order to reduce your running costs. Email our engineers to find out how.

Want to know more? Give us a call on 03332 409 306 or email solutions@Jigsaw24.com. For all the latest news and reviews, follow @WeAreJigsaw24 on Twitter or ‘Like’ us on Facebook

 

The Jigsaw24 guide to enrolling in Apple School Manager

The Jigsaw24 guide to enrolling in Apple School Manager

As you many have heard, Apple now offer an online management service for your iPad deployment. Known as Apple School Manager, it’s a free service that hooks into your mobile device management (MDM) solution to provide exciting new functions, and replaces two Apple solutions you may already be using: Volume Purchase Programme (VPP) and Device Enrolment Programme (DEP).

Depending on whether you’re using either, both or neither of these services, the route to enrol in Apple School Manager is slightly different. It’s important to be absolutely certain whether you’re using VPP, DEP, both or neither before you begin your upgrade, as any forgotten VPP and DEP accounts cannot be merged into School Manager at a later date. If you’re not sure which group you fall into, give us a call and we’ll help you work it out. If you’re certain you know which accounts you use, here’s how to upgrade.

What are the changes?

The Volume Purchase Programme (Apple’s bulk app purchasing portal – a kind of App Store for schools) and Device Enrolment Programme (a much faster way to set up iPads than the original method of using a Mac with Configurator software on it) have merged together into Apple School Manager (ASM). Using ASM, you will also be able to assign roles for students and staff members, and also create Managed Apple IDs for everyone very easily.

If you don’t have a VPP or DEP account

If you’re new to Apple’s Deployment Programmes and don’t have an account, other than perhaps a standard iTunes Apple ID, then the process is simple:

1. Go to the Apple School Manager portal.

2. Click the ‘Enrol your institution now’ link at the bottom of the log in window.

3. On the next screen, fill in all of the fields and click ‘Continue’.

4. If you are looking after this application for your school, add your own contact details in section two. If this is not your job, enter the details of the person who will be looking after the iPad deployment.

5. Section three asks for the contact details of someone who can verify that you have the authority to apply to join Apple School Manager, and who can sign the terms and conditions once the application is processed – this is typically your headteacher. If you are the headteacher, it might be best to fill out section two with someone else’s details – an office manager, business manager or IT coordinator, perhaps.

6. Submit the application and wait for Apple to contact both of you. Please be sure to check for emails regularly. If Apple email and you don’t respond, it can cause long delays.

If you already have a DEP account but not VPP

First of all, please check very carefully before doing anything. Not to labour a point, but it’s very rare indeed that a school would have DEP but not VPP (although not impossible). If you are absolutely sure you’re using DEP without VPP, then log into the Apple School Manager portal and type in your DEP login credentials. Simply follow the instructions there to upgrade.

If you already have a VPP account but not DEP

If you enrolled into VPP before February 2014, your account will need to be modified by Apple before it can be upgraded to an Apple School Manager account. If the account is newer than that, you can upgrade it immediately.

If you’re not sure how old your VPP account is:

1. Go to deploy.apple.com and see if your VPP login works there.

2. If it does work, open up VPP from there, and you should see the window asking you to go ahead and upgrade.

3. If your login doesn’t work, you need to contact Apple to perform the modification.

To contact Apple, follow the instructions listed under the ‘If your school doesn’t have an existing Apple Deployment Programmes account’ in this support document. Your old VPP account should then be added to Apple’s deployment systems.

If you already have both VPP and DEP accounts

If you have both accounts, you need to work out whether they are both registered as a single institution account at Apple, or separate accounts.

Typically, if you applied for VPP first and it was prior to February 2014, it is likely that the two accounts will be completely separate at Apple, and will need to be merged before you upgrade. If you don’t merge them, there is a risk that your VPP account will get left out when you upgrade from DEP to ASM, and you’ll never be able to merge the two.

To ensure that all existing accounts are consolidated before triggering the upgrade:

1. Firstly, write down all of the account logins which you are aware of, for both VPP and DEP. This includes all programme agents, admins, managers and facilitators. Make sure you know what they all are.

2. Next log into your DEP account at deploy.apple.com. If you are presented with an invitation to upgrade to Apple School Manager, ignore it for now by clicking the X ‘Close’ symbol.

3. Click on Admins in the top left of the window. Only the top level administrator, or ‘Agent’ for the account can see the Admin section, so if you can’t see it you are not the senior administrator.

4. Check the list very carefully. Are all of the logins you have listed there, or are some of them missing?

5. If all of them are listed, including your VPP logins, then both DEP and VPP are included in the Apple Deployment Programme, and you can proceed with the upgrade.

6. If some accounts are missing (typically these will be VPP accounts), then you will need Apple to consolidate them all before you upgrade.

– To get Apple’s assistance to merge your accounts, follow the instructions in this article.

– Head to the ‘If your school has an existing Apple Deployment Programmes account’ section and use the form here to request that Apple merge your accounts.

– On the form, use the email address for the person charged with working with Apple as the contact email, but in the ‘Please tell us more about the issue’ box, give the email address for the main DEP Programme Agent (manager or top level admin) as your DEP login, and then explain that you would like to consolidate the other account or accounts into this main one. List all of the logins which did not show up when you checked in step five above.

– Apple will send an email to the main DEP email address in order to verify that the Programme Manager approves the change, so please keep checking that inbox.

– Apple may need to contact all of the people listed in your accounts. Please remind all contacts to check for emails regularly. If Apple email and you don’t respond it can cause long delays.

7. Once Apple have verified by email that all accounts are consolidated, repeat steps two to six in the previous list to be certain all your logins are showing now.

8. Go ahead with the upgrade once all accounts are together. Log back into your DEP account at deploy.apple.com and if the Upgrade window fails to pop up, there’s an upgrade option bottom left.

During the upgrade, providing all accounts are merged in this way, Apple confirm that all VPP and DEP tokens, app licences and book licences will be ported into Apple School Manager, which should leave any MDM solution unaffected and fully operational. VPP and DEP accounts will continue to work until the upgrade is actioned by Apple, at which point all previous accounts will be active only through the School Manager portal here.

What if I’m still unsure?

We are recommending that everyone takes advantage of the new functionality offered by Apple School Manager, so if you need help to enrol or to upgrade (as well as MDM options, ways of purchasing apps without a credit card, or anything iPad-related), please do contact your Jigsaw24 Education Manager directly, or get in touch on the details below and we will advise you how to proceed.

Want to know more about Apple School Manager? Give us a call on 03332 409 290 or at education@Jigsaw24.com. For all the latest technology in education news, reviews and articles, follow @Jigsaw24Edu on Twitter or ‘Like’ our Jigsaw24 Education Facebook page.

Device-assignable apps: How to migrate managed codes

Device-assignable apps: How to migrate managed codes

Many schools are now moving from distributing apps using Apple Configurator managed codes to managed distribution in iOS 9 via their chosen mobile device management (MDM) solution. Here’s how to do it… 

One of the first steps in migrating is to check if existing apps are ‘device-assignable’ in the VPP store. If you need to check an individual app, you have to browse the VPP store (not the iTunes links). Just scroll down to the ‘Compatibility’ section of the app description and you’ll see it as in the image below:

2A8ED939-0072-4A5F-B77E-EAA5F7C05571

All the Apple iOS apps (GarageBand, iMovie, Pages, Keynote, Numbers) and the Microsoft Office apps for iOS (Word, PowerPoint, Excel) are device-assignable. We’re yet to find an app we use day to day that isn’t device-assignable, but it’s something that developers now need to bear in mind, so definitely worth checking with any apps you use. Here’s a list of some of the most common classroom apps we use that we have checked are device-assignable:

Expression of ideas
– iMovie
Collaboration and sharing
– Showbie
– Popplet
– Padlet
Rich content sharing
– Aurasma

Want to know more about apps, MDM and Apple iPad for the classroom? Get in touch with the team on 03332 409 306, email education@Jigsaw24.com, follow @Jigsaw24Edu on Twitter or ‘Like’ our Jigsaw24 Education Facebook page for all the latest technology in education news, reviews and articles.

Using JAMF Software to tame iOS and OS X devices in the workplace

Using JAMF Software to tame iOS and OS X devices in the workplace

With the rise of OS X and iOS devices in business, finding a way to manage these devices and ensure they’re in line with company policies is more important than ever – especially if you need your Mac users to work in harmony with a PC-based workforce.  Here, we talk through some of the techniques and tools you can use to make sure all your Mac and iOS devices are managed and visible, without overburdening IT admin.

While the rise of Apple devices and BYOD/mixed platform environments can be great for productivity and end user satisfaction, it can be a cause for concern among IT admins, particularly as Apple have retired their server hardware, prompting a widespread move to managing Mac computers using Windows servers.  And as the Mac user base grows, viruses are becoming increasingly targeted at the platform, making policy compliance and disk encryption incredibly important for mobile devices and desktops alike. Happily, Apple and a range of third parties are working together to make the situation manageable.

Device Enrolment Programme (DEP)

One of Apple’s latest initiatives, the DEP is designed to make it easier for you to enrol new devices on your company’s MDM system, and reduce the chance of any user accessing the network on an unsecured device. It is not an MDM solution in and of itself, but it does make a ‘zero touch’ MDM deployment possible for all new devices, drastically reducing the time and effort involved in setting up new users.

Put broadly, your create MDM profiles for different types of device and user, then share them with Apple’s servers. Apple will assign your MDM server a unique token, and when a device connects to it for the first time, DEP will push the correct MDM profile to the device as part of the initial startup process, so your end users can’t use their new devices without enrolling them in your MDM service, and no one from IT has to be on hand to oversee registration – it’s all done automatically.

You can enrol your company in DEP at deploy.apple.com.

Preparing for MDM

Before rolling out an MDM solution for Apple devices, you’ll need to make a decision about your Apple ID policy. Many apps and services, both free and paid for, rely on your end user having an Apple ID to authenticate their identity in the App Store and other areas. For this reason, we recommend you allow users to create individual Apple IDs (however, your admin team should use a shared Apple ID to access services like DEP and VPP).

Every Apple ID requires an associated email address – the degree of freedom you wish to allow users and whom ownership of the device sits with will determine whether you allow end users to use their personal emails and existing Apple IDs, or insist they create a separate Apple ID associated with their work email address.

MDM solutions: JAMF Software’s Casper Suite

JAMF Software are one of the most experienced Mac and iOS management experts out there, and their Casper Suite management solution is even used by Apple themselves. At the core of the suite is the JAMF Software Server, which acts just like a web server. It can be hosted on any existing Windows, Linux or OS X server at your premises, hosted remotely via JAMF Cloud or provided as a managed service by our accredited team.

Key features include:

Recon, an app included in the suite which scans your existing estate for Apple devices not currently enrolled in Casper Suite. Recon can then be used to enrol multiple OS X computers remotely. It will also scan IP ranges and enrol any computer it can connect to via SSH (Remote Login).

A range of imaging options, including monolithic imaging (IT builds a standard image including apps and settings, which is then deployed locally or over the network to all computers), thin imaging (IT builds a smaller, more modular image which is installed on top of a standard OS X installation, and other restrictions and apps are deployed using profiles and policies) and zero touch imaging (enrolment through DEP).

Self Service, an app which acts like an internal App Store for your organisation. It can contain apps linked to VPP, packaged apps, eBooks, printer settings, configuration profiles and custom profiles, all of which users can install on or apply to their own device without IT intervention.

JAMF software can be run completely on windows server hardware if required.

Volume Purchasing Program and Managed Distribution

Apple’s Volume Purchasing Program (VPP) is a purchasing scheme designed to save time and money for organisations who want to buy apps and books in bulk. It allows your IT admin to purchase several licences for a particular app, then centrally assign them to end users.

Traditionally, you had to buy your licences, download a spreadsheet of redeemable codes, provide a code to each user so that they can download the app without paying again, and then transfer ownership of the app or book to that user’s Apple ID permanently. Obviously, this is quite time consuming and messy, and involves you losing ownership of the app or book.

Now, if you’re using DEP, you can use Managed Distribution to license content to your end users, meaning they can use the app or book on a temporary basis but you can revoke access at any time. All you need to do is use Casper Suite to generate an invitation email for the end users who need access, and then they’ll be guided through the installation and licensing process without the need for IT admin’s involvement.

Casper Suite as a managed service

If you don’t have the resource to handle MDM in-house, or if your IT team are all PC-based and aren’t comfortable administrating Macs or iOS devices, we can provide Casper Suite as a managed service. You tell us what needs doing; our JAMF-certified team can set up and maintain your deployment. We can even help you optimise your infrastructure for Casper Suite, so you’re getting the best possible performance out of your software.

Want to know more? Give us a call on 03332 409 306 or email business@Jigsaw24.com. For all the latest news and reviews, follow @WeAreJigsaw24 on Twitter or ‘Like’ us on Facebook