Process Overview

UT Austin provides an instance of the Jamf Cloud service to manage University owned Apple devices. IT support organizations (ITSO) on campus may request access to the Jamf Cloud instance in order to manage their Apple devices. There are some prerequisites for using the service such as having an established Austin Active Directory presence and access to the UT Austin Apple School Manager instance. Once all prerequisites are met, ITSOs may submit a request for onboarding into the University's Jamf Cloud instance. Once the request has been submitted, the Jamf Core team will process the request and follow-up with the ITSO with further details for using the service.

Glossary of Terms

• ITSO (UT) - Information Technology Support Organization. This is the organization that is responsible for managing endpoints in the endpoint management system.
• ITSO Prefix (UT) - Typically this is the University Department Code for the ITSO. This is the same as the prefix generally used in naming the ITSO's AUSTIN Active Directory objects. Any system you on-board into Jamf will require this prefix in its name. For example the College of Education's top level department code is "EDUC" and the college only has one IT support team that manages all college computing devices. The ITSO Prefix for this college is "EDUC". Department codes can be looked up in UTDirect. Click here to go to the U.T. Austin Department System page in UTDirect.
• Jamf Core Team (UT) - The administrators of the UT Jamf Cloud instance. These are the top level administrators of the service who have global administrative privileges to the service.
• Jamf Site - A "Site" in Jamf is an organizational structure that allows the various ITSOs and their managed devices to be separated out in the UT Jamf Cloud instance such that each site is only able to manage their own devices.

Service Availability and Costs

Available To

The UT Jamf Cloud instance is available to organizations on campus that manage University owned Apple devices. UT employees of ITSOs are given access to log into the UT Jamf Cloud instance in order to manage their organization's devices.

Cost

The UT Jamf Cloud instance is centrally funded and the service is provided free to units on campus. Apple devices managed by the UT Jamf Cloud instance must be University owned. Management of non-University owned devices such as an employee-owned personal iPhone is not supported at this time.

Supported Devices

All devices must be University owned. Management of non-University owned devices such as an employee-owned personal iPhone is not supported at this time.

Hardware

• macOS desktops and laptops
• iOS iPhones and iPads
• iPadOS iPads
• tvOS Apple TVs

Operating System Version

Jamf compatibility with Apple operating system (OS) releases for computer and mobile device management is generally based on an N-3 support policy. This means that Jamf will support the current major version ("N") and the three previous major versions ("-3") within either their Recommended or Minimum Supported compatibility levels. When a new Apple OS version is made available and added to the Jamf Recommended support level, the oldest release will be moved from the Minimum Supported level to Untested level.

For each release of Jamf, the corresponding support documentation lists the system requirements which can be referenced to see what exact versions of Apple operating systems are supported. As of April 21, 2023 the current version of Jamf Pro is 10.45.0 and its corresponding system requirements documentation is available at this URL: https://learn.jamf.com/bundle/jamf-pro-release-notes-current/page/System_Requirements.html. For more general information on supported OS versions for macOS please see this URL: https://endoflife.date/macos

Prerequisites

Austin Active Directory User Groups for Jamf Site Users

ITSO staff that access the UT Jamf Cloud instance are assigned permission levels based on what access/privileges they need. The permission levels are grouped into privilege sets. Each privilege set is linked to an Active Directory user group. Members of the Active Directory user group will be assigned the privileges of the corresponding Jamf privilege set. This allows for ITSOs to self-manage their staff's privileges in the UT Jamf Cloud instance.

If your organization does not already have an established presence in the Austin Active Directory (AAD), you may submit a request to be onboarded. The UT ServiceNow page for the Austin Active Directory service is available here: Click here to go to the Austin Active Directory UT ServiceNow page.

You will need to create the following user groups in your AAD organizational unit in order to provide them in your Jamf onboarding request:

• <ITSO Prefix>-EPM-Jamf-Site-Admins
  • Full rights to your site in the Jamf console, can create Configuration Profiles and Polices, make changes to computers, etc
• <ITSO Prefix>-EPM-Jamf-Site-Dev-Admins
  • Same as Site-Admins but with access to create Packages and Scripts within Jamf.
• <ITSO Prefix>-EPM-Jamf-Site-Users
  • Read only access + enrollment - these users can enroll Macs but everything else in the Jamf console is read only

Replace "<ITSO Prefix>" in the group names above with the ITSO Prefix for your organization. For example the three user groups for the College of Education whose ITSO prefix is "EDUC" are the following: EDUC-EPM-Jamf-Site-Users, EDUC-EPM-Jamf-Site-Admins, EDUC-EPM-Jamf-Site-Dev-Admins.

To be compatible with the central Jamf instance, the groups must be created with "Group scope" value "Global" and "Group type" value "Security".

UT Apple School Manager Access

You will need to have access to the UT Apple School Manager (ASM) instance. This is needed to configure Apple devices for provisioning as well as managing licenses for distributing apps from the Apple App Store. Instructions for requesting to be onboarded into the UT ASM instance are available at its UT ServiceNow page. Click here for the UT ASM ServiceNow homepage.

• More information about Apple School Manager is available in Apple's support documentation. Click here for the Apple School Manager Guide provided by Apple.

Nessus Agent Unit Code

You will need to know the appropriate unit code for your organization which is used to install the Nessus Agent onto supported devices. The Nessus Agent unit code for your organization is needed to allow for automated deployment of the Nessus Agent application onto supported devices in your Jamf site.

More information on the required Nessus Agent and installation instructions are available on the UT ISO Nessus Agent homepage. Click here to go to the UT ISO Nessus Agent homepage.

How To Submit Request for Onboarding

Requests to be onboarded into the UT Jamf Cloud instance should be emailed to epm-requests@its.utexas.edu. Sending an email to this address will automatically create a UT ServiceNow ticket.

In your email include the following information:

• Organization Name and University Department Code for the ITSO that will be managing the devices in the UT Jamf Cloud instance. The name and code must match what is in the UT Austin Department Contacts system. Click here to go to the UT Austin Department Contacts System UT Direct interface.
• Name, UT EID, Email and Phone number for ITSO contacts. Indicate who is considered the primary contact(s). These are the individuals that will be contacted about important system changes/updates or other various administrative inquiries related to the ITSO's Jamf site(s).
• The names of the Active Directory user groups for Jamf site access which was listed in the Prerequisites section of this wiki page.
• Nessus Agent unit code for the devices in your organization
• An estimated count of the number of the following devices that you plan to manage with the UT Jamf Cloud instance:
  • Desktops and laptops
  • iPhones
  • iPads
  • Apple TVs
• Indicate if you think you will need multiple Jamf sites established. You would need multiple Jamf sites if you need to limit management of a subset of your devices to specific staff. For example if you have a separate team of staff that manage just classroom computers and they should not be able to also manage faculty and staff computers, then you would need a separate Jamf site just for the classroom computers so that you can limit the classroom computer administrators to just that site and computers. A Jamf Core team member will reach out to you for further details if you indicate needing multiple sites.

How to Submit Questions or Request Help

Questions or requests for technical support may be emailed to epm-requests@its.utexas.edu. This will generate a UT ServiceNow ticket.

Onboarding FAQ

Question: I have been onboarded and have logged into the UT Jamf Cloud instance. However I cannot see many different settings that Jamf documentation refer to.

Question: I have enrolled a computer into the Jamf server. When I log into the Jamf web interface and find the computer, it is showing the computer's serial number for its name and is missing a lot of computer information. Is something wrong?

Question: Does UT provide any centrally funded Jamf training?

Question: Where can I download Jamf Composer and the other Jamf Pro Server Tools?