![]() The users simply need to log in to any device enrolled in MDM, and regardless of serial number the device will be provisioned correctly (obviously this behaviour needs to be set up in MDM first, but you get the point).įor shared device environments, combine the above with Jamf Reset and you have yourself an auto-provisioning, auto-resetting iOS environment with a configuration that is completely contextual to the user logging in. Now… what about those dreaded hand-out days where you have to make sure the right user has the right device? Again… gone. So, the above makes your configuration much, much easier. How freaking awesome is that? Remember having to add tons of serial numbers to specific groups in Jamf Pro? The devices can now be configured on the basis of the group(s) the logged in user is a member of, as opposed to configuration having to be specific to batches of serial numbers. Firstly, it means that your iOS MDM configuration can be user-centric as opposed to device-centric. This is amazingly useful for a couple of reasons. Configuring iOS devices based on user instead of serial number. If the user is a member of multiple groups, they will be presented with a selection screen to choose the use case… just like Jamf Setup. For example, if a user is only a member of one group in Azure AD, once they’ve signed in, the iPad will automatically configure itself based on the MDM settings for membership of that group. In reality, this is extremely close to a Jamf Setup experience, just with the use-case selection screen being driven by the user’s account in Azure AD (or, again, any other supported Identity Provider but yeah, Microsoft Gold partner over here!). Jamf Connect for iOS was announced at the Jamf Nation Roadshow event in London in May – based on the above, you can probably guess where we’re going with this. Disclaimer: This was a technology preview, so the usual “subject to change” notice applies here… but this is what we saw with our own eyes at the event.Īhem – Jamf connect for iOS allows users to actually log in to an iOS device, with an actual account that does actual things! Well… this is another one of those we-neverthought-it-would-be-possible-but-now-it-is topics. “Log in” to iPads using Azure AD. Wait… what?! This window contains the well-known Microsoft sign-in screen, and the user is prompted to enter their Azure AD credentials… they sign in, enter their password again for confirmation and are then logged in to their Mac, ready for use and configured contextually to the Azure AD group(s) they are a member of. ![]() They’re taken through a couple of clicky-button steps for the Mac to enrol in MDM, depending on what has been set up, and then presented with a Jamf Connect login window. The Mac then asks for a couple of things – namely location, language and network connectivity – and following this, prompts the user that the Mac is under the management of their organisation (yes, for those of you in the know… this is the Device Enrollment process and will need a Device Enrollment-capable MDM). It’s absolutely possible for this to be set up with in-situ Macs (and actually, using any MDM) and we’ll cover this later – but for now, picture this:Ī user (based anywhere in the world) receives a brand-new Mac still in the shrink wrap. They open the Mac and turn it on for the first time. ![]() For the purposes of simplicity, we’re going to assume that the cloud-based identity provider in question is Azure AD and the user experience is with a brand new out-of-box Mac, with a Device Enrollment-capable (formerly DEP) Mobile Device Management system in play within the organisation. ![]()
0 Comments
Leave a Reply. |