Apple Device Management and Security

Think you know Jamf Connect?

  • Michael Thomson

Jamf Connect seamlessly provisions user accounts out of the box based upon the employee’s cloud identity, working with identity providers such as Microsoft Entra ID, Okta, and Google.

It also acts as a next-gen VPN that reimagines remote access as a Zero Trust Network Access (ZTNA) solution to provide fast, secure connections to services that are on-premises in the cloud.

Jamf Connect Basic

With Jamf Connect Basic, you receive two key components. Firstly the login window which enables users to login from the macOS via their cloud identity provider, and secondly a menu bar application that keeps the local password and cloud password in sync.

Key Features

  • Enable authentication to a cloud identity provider from the macOS login window.
  • Enables Just in Time (JIT) provisioning of user accounts out of the box.
  • Enforce multi factor authentication
  • Automatically enables FileVault.
  • Continuously keep local and cloud passwords in sync.
  • Provides the ability for Apple users to reset their cloud IDP passwords on the Mac itself.
So What’s New in Jamf Connect?

Jamf Connect now includes Zero Trust Network Access (ZTNA) which gives remote workers encrypted access to corporate resources, regardless of their location. The service can be deployed to iOS, iPadOS and macOS via a simple Apple configuration profile and is managed within a dedicated Jamf RADAR portal.

MacBook Pro USB settings

What is Jamf ZTNA in simple terms

We all use cloud software services like Microsoft 365 or Google, for email. Some may use DropBox or SharePoint for file sharing and others may choose to use Slack over Teams for internal communications. Whatever software you use within your business, it is usually accessible from anywhere in the world, and can be logged into via a basic username, password and MFA authentication.

What would prevent a remote employee from logging into a confidential SharePoint location on a home PC, that is used by their children’s for gaming? How confident could you be that this device does not have malware that could transfer infection to your corporate files? At the end of the day they have the credentials to login to SharePoint, and can do from any device, anywhere in the world.

Jamf Trust and Jamf Pro Management

With JAMF ZTNA, you can utilise two private cloud gateway IP addresses that you can now route your application traffic through. On your cloud infrastructure you would then configure access to these applications based on these IP addresses. To get a device on your allocated IP range, the device must be managed via Jamf Pro and have Jamf Trust ZTNA application configured and authenticated via a chosen identity provider.

Trusting Devices with User Credentials

With this technology we now must trust the device alongside the user credentials, to then provide access to corporate applications. In simple terms, if the device is not managed in your Jamf environment it will be unable to access corporate resources that are secured via ZTNA. So going back to the family PC theory, as that device will never be trusted, there is no longer a risk that it can be used to access business applications.


Want to know and see more? Contact us and get a demo of Jamf Connect in action.