Apple Device Management
iPhones, iPads and Macs have a built-in framework that supports mobile device management (MDM). You can find furter information from Apple's support web pages, introduction to mobile device management.
MDM lets you securely and wirelessly configure devices by sending profiles and commands to the device. MDM capabilities include updating software and device settings, monitoring compliance with organisational policies, and remotely wiping or locking devices. College-owned Mac devices are enrolled in MDM automatically using Apple School Manager.
Imperial College London uses Jamf Pro as their MDM provider.
You can watch our video below to show you how to setup your College Mac device and visit our JAMF frequently asked questions for further information and support.
How to set up your College-owned Mac
What is JAMF Pro?
JAMF is the leading Apple (macOS and iOS) device management platform, allowing for simple and efficient administration of all Apple devices.
JAMF offers the following functionality:
- Apple Deployment and Management
- System Security and Software Updates
- Software distribution and Application Management
- System Administration and Inventory
JAMF uses the macOS built-in MDM framework. You can find out more about this on Apple's introduction to Apple platform deployment web page.
Why is JAMF Pro being installed?
The number of attacks on organisations has grown in the past few years and ransomware attacks/virus infections now present one of the biggest risks to the university. As a result, ICT is working on reducing the likelihood that this type of attack against Imperial would succeed. A significant part of this work is improving our understanding of the risks that we face. By managing Imperial endpoints we are able to understand the risk they present to the organisation:
- Has security been installed?
- Is antivirus software running?
- Are the security definitions up to date?
Having managed machines and up-to-date security patches are also a requirement of Cyber Essentials which the College is trying to obtain. If the College does not have this certification, the University’s ability to get funding might be impacted.
What are the benefits of JAMF Pro?
Reliability: Your Mac will quickly receive software updates and patches with little to no interaction on your part.
Time Efficiency: You will stay more productive as deployment and updating processes run in the background, freeing up more time for teaching and research.
Security & Compliance: ICT will manage the security of your device so you don't have to, ensuring that software patches, antivirus protection, firewalls, and compliance with Imperial's minimum security standards are well maintained.
Confidentiality: Your data and files will remain confidential; no personal data is scanned, indexed, or transmitted off your device. ICT servers also keep full audit logs of any actions performed by technicians.
What changes does JAMF Pro make to my Mac?
A Mobile Device Management (MDM) profile is installed. This profile allows JAMF Pro administrators to remotely configure settings on the Mac. Basic security settings will be set at enrollment to ensure compliance with Imperial College London policies.
An application called Self-Service is installed. This allows for content such as software, printers, maintenance tasks, links, and other documentation to be available. If a department has software that they wish to make available through Self Service they should submit a Service Desk ticket.
An application called JAMF Connect is installed. This allows syncing of your Imperial College London account password with the password on the Mac.
Migrating from an old mac/backing up
Can I use Migration Assistant?
For usual scenarios, it is recommended to store files in OneDrive, which has the benefits of being able to be accessed from any machine.
And for Research Data it is recommended to use the Research Data Store.
For applications, it is recommended to freshly install any needed on the new mac. A number of applications can be found in the Self Service app (which can be found in the Applications folder). If your department has applications that you would like served through Self Service please contact the Service Desk.
If it is important for your work that you use Migration Assistant to transfer data from an old mac, you may do so providing the new mac has been updated to macOS Ventura (13).
Can I use Time Machine?
Time machine is a great tool for home use scenarios and although we do not restrict its use it is not supported for College work or by ICT. For files and data, it is recommended to use OneDrive or the Research Data store service. If you wish to restore data from an old mac to a new one please make sure the new mac is updated to macOS Ventura (13) ahead of restoring.
Security, upgrades and updates
How do I install unknown or unsigned applications?
Since macOS 10.15 Catalina, all software installed on macOS needs to be both signed by the developer and notarised by Apple. Read more about this on the Apple web pages.
ICT enforce these settings using MDM. If you wish to download and install any applications which are not signed and notarised by Apple you can submit a Service Desk ticket for a security exception.
Once the security exception is granted and you have accepted the risk you will be able to override gatekeeper and install any unsigned or unknown applications you wish. This is a one-time process (per machine) so there is no need to apply every time after this.
Will I still have admin rights to my Mac?
The person setting up the Mac is given admin rights. This allows installing/uninstalling of applications as well as configuration changes and macOS updates.
Can I create a local account?
The account that you use to log in is a local admin account, based on your Imperial College London credentials. If you wish to change the mac to a ‘multi-user’ device please contact the ICT Service Desk who will be able to help.
All accounts on the Mac must use Imperial College London credentials and collaborators should be given guest accounts so transparency and visibility of users on the Mac remain.
If you need to use a previously created account from an old Mac device, it's possible to transfer the account over using migration assistant if the new Mac you are using is on a minimum version of macOS Ventura.
If you require support with migrating a previously created account, please contact the ICT Service Desk.
What changes are there from an Intel Mac to an Apple Mac?
There have been a few significant changes if you are coming from an Intel mac to an Apple Silicon one, especially if you have been running an unsupported version of macOS. Some of the common changes and recommended solutions, where appropriate, are listed below.
Since macOS Big Sur, Time Machine no longer backs up system files or apps installed during macOS installation. If you are trying to restore from a Time Machine backup, only data files can be migrated to the new Mac. If you have issues with your Mac you must first reinstall macOS on your Mac before you can restore your files using your Time Machine backup. You can then run Migration Assistant after you have logged in to use the Time Machine backup.
APFS file system
Since macOS Catalina, macOS uses a new filesystem called APFS and the system volume is on a separate read-only volume from the user data.
Since macOS Mojave, 32-bit apps are no longer supported. Only 64-bit apps can be used.
In June 2019, Apple announced it was depreciating the Python 2.7 programming language. In April 2022, Apple removed Python 2.7 on macOS devices running Monterey 12.3 and above.
What are MacOS updates and upgrades?
An update is a newer version of the currently installed macOS, such as an update from macOS Monterey 12.5 to macOS Monterey 12.6. MacOS security updates should be installed within 14 days of release.
An upgrade is a major new version of macOS with a new name, such as an upgrade from macOS Monterey to macOS Ventura. For upgrades, you need to be on a supported version of macOS, which is one of the last three versions. Anything outside this is unsupported and will not receive security updates from Apple.