Overview
Jamf specializes in Apple ecosystem management, providing a suite of tools that enable organizations to deploy, manage, and secure Apple devices. The platform addresses the full device lifecycle, from initial provisioning and configuration to ongoing maintenance, security, and eventual retirement. Jamf's offerings are designed for environments heavily reliant on macOS, iOS, iPadOS, and tvOS devices, catering to both enterprise and education sectors.
Core products include Jamf Pro, an enterprise-grade solution for comprehensive Apple device management, and Jamf School, tailored for educational institutions. For identity management, Jamf Connect integrates Apple devices with cloud identity providers, streamlining user authentication and account provisioning. Security is addressed through Jamf Protect, which offers endpoint security for macOS, and Jamf Private Access, providing secure access to internal resources without a traditional VPN.
The platform supports various deployment models, including Apple Business Manager (ABM) and Apple School Manager (ASM), facilitating zero-touch deployment for new devices. This allows IT administrators to automate device enrollment and configuration, reducing manual effort and ensuring devices are ready for use upon unboxing Jamf Automated Device Enrollment guide. Jamf's focus on the Apple ecosystem means its features are often aligned with Apple's latest operating system updates and security protocols, providing timely support for new functionalities.
For developers and IT professionals requiring custom workflows, Jamf Pro offers a comprehensive API. This API allows for automation of administrative tasks, integration with existing IT systems, and the development of custom applications that interact with the Jamf platform. Detailed documentation is available on the Jamf Developer Portal, covering various API endpoints and use cases.
Key features
- Device Enrollment: Supports Automated Device Enrollment (ADE) via Apple Business Manager and Apple School Manager, as well as user-initiated enrollment for macOS, iOS, iPadOS, and tvOS devices.
- Configuration Management: Allows IT administrators to define and deploy configurations, settings, and restrictions across Apple devices, ensuring compliance and standardized environments.
- Application Management: Facilitates the deployment, updating, and removal of App Store apps, custom enterprise apps, and macOS packages.
- Inventory Management: Provides detailed hardware and software inventory of all managed Apple devices, including specifications, installed applications, and security status.
- Security Management: Offers features like patch management, encryption enforcement (FileVault), security configuration baselines, and endpoint protection for macOS through Jamf Protect.
- Identity Management: Integrates with cloud identity providers (e.g., Microsoft Entra ID, Okta) via Jamf Connect for single sign-on (SSO) and account provisioning on Apple devices.
- Remote Actions: Enables remote lock, wipe, passcode reset, and other administrative actions for managed devices.
- Self Service Portal: Provides users with a curated app catalog and resources for self-help, reducing IT support requests.
- Reporting and Analytics: Generates reports on device status, compliance, software usage, and security posture.
- API and Webhooks: Offers a REST API for automation and integration with other IT systems, along with webhooks for real-time notifications of events.
Pricing
Jamf offers various pricing models depending on the product and organizational needs. The Jamf Now product provides a free tier for up to 3 devices, with per-device pricing for additional devices. Enterprise solutions like Jamf Pro and other advanced products are typically quoted with custom pricing based on the number of devices, features required, and specific organizational context.
| Product/Tier | Description | Pricing Model |
|---|---|---|
| Jamf Now (Free) | Basic device management for small businesses | Free for up to 3 devices |
| Jamf Now (Paid) | Expanded device management for small businesses | Starts at $4/device/month (for 4-9 devices) |
| Jamf Pro | Comprehensive Apple device management for enterprise | Custom pricing (per device, volume discounts available) |
| Jamf School | Apple device management for education | Custom pricing (per device, volume discounts available) |
| Jamf Connect | Identity management for Apple devices | Custom pricing |
| Jamf Protect | Endpoint security for macOS | Custom pricing |
| Jamf Private Access | Zero Trust Network Access for Apple devices | Custom pricing |
| For detailed pricing, visit the Jamf pricing page. | ||
Common integrations
- Apple Business Manager (ABM) / Apple School Manager (ASM): Integrates for Automated Device Enrollment, Volume Purchase Program (VPP) app distribution, and managed Apple IDs Jamf ABM/ASM integration guide.
- Microsoft Entra ID (formerly Azure Active Directory): Used with Jamf Connect for cloud identity integration, single sign-on, and account provisioning on macOS devices Jamf Connect Microsoft Entra ID integration.
- Okta: Integrates with Jamf Connect for identity management and secure access to applications Jamf Connect Okta integration.
- ServiceNow: Connects for IT Service Management (ITSM) workflows, asset management, and incident response, often leveraging Jamf's API ServiceNow Jamf Pro integration documentation.
- Splunk: Integrates for security information and event management (SIEM), allowing security logs from Jamf Protect and other Jamf components to be analyzed.
- Slack: Webhooks can be configured to send notifications about device status or security events to Slack channels.
- Various HRIS/Directory Services: Can integrate through LDAP or custom API connectors for user and group synchronization.
Alternatives
- Intune (Microsoft Endpoint Manager): A cloud-based endpoint management solution from Microsoft that supports Apple, Windows, and Android devices, often chosen by organizations with a mixed device environment.
- Kandji: A modern Apple device management solution focusing on ease of use and security automation for macOS, iOS, and tvOS.
- Mosyle Business: Another Apple-centric UEM solution offering device management, security, and identity features for businesses and educational institutions.
Getting started
To begin interacting with Jamf Pro programmatically, you can use its API. The following example demonstrates how to authenticate and retrieve a list of all macOS computers using the Jamf Pro Classic API. This example assumes you have a Jamf Pro instance, an API user with appropriate permissions, and a base URL for your Jamf Pro server.
First, obtain an authentication token. Then, use this token to make subsequent API calls. This Python example uses the requests library.
import requests
import base64
# --- Configuration --- #
JAMF_PRO_URL = "https://your-jamf-pro-instance.jamfcloud.com"
USERNAME = "your_api_username"
PASSWORD = "your_api_password"
# --- Authenticate and get a token --- #
auth_string = f"{USERNAME}:{PASSWORD}"
encoded_auth_string = base64.b64encode(auth_string.encode()).decode()
headers = {
"Authorization": f"Basic {encoded_auth_string}",
"Accept": "application/json"
}
auth_url = f"{JAMF_PRO_URL}/api/v1/auth/token"
try:
auth_response = requests.post(auth_url, headers=headers)
auth_response.raise_for_status() # Raise an HTTPError for bad responses (4xx or 5xx)
token_data = auth_response.json()
jwt_token = token_data.get("token")
expires_at = token_data.get("expires")
print(f"Successfully obtained JWT token. Expires at: {expires_at}")
# --- Use the token to get computer data --- #
if jwt_token:
data_headers = {
"Authorization": f"Bearer {jwt_token}",
"Accept": "application/json"
}
computers_url = f"{JAMF_PRO_URL}/api/v1/computers"
computers_response = requests.get(computers_url, headers=data_headers)
computers_response.raise_for_status()
computers_data = computers_response.json()
print(f"\nFound {len(computers_data.get('results', []))} computers:")
for computer in computers_data.get('results', [])[:5]: # Print first 5 for brevity
print(f" ID: {computer.get('id')}, Name: {computer.get('name')}")
# --- Invalidate the token (good practice) --- #
invalidate_url = f"{JAMF_PRO_URL}/api/v1/auth/invalidate-token"
invalidate_response = requests.post(invalidate_url, headers=data_headers)
invalidate_response.raise_for_status()
print("\nSuccessfully invalidated token.")
else:
print("Error: No token received.")
except requests.exceptions.RequestException as e:
print(f"An error occurred: {e}")
if hasattr(e, 'response') and e.response is not None:
print(f"Response content: {e.response.text}")
This script first authenticates to the Jamf Pro API to retrieve a JSON Web Token (JWT). It then uses this JWT in the authorization header of a subsequent request to fetch a list of computers. Finally, it invalidates the token, which is a recommended security practice. For more advanced API interactions, including managing devices, users, and policies, refer to the Jamf Pro API documentation.