BeyondTrust and Jamf – Enhancing Security Across Your Apple Fleet

What is the value of a partnership between Jamf and BeyondTrust?

Link copied

At BeyondTrust, we know the value our partnerships can bring to our clients. Today, BeyondTrust has more than 20,000 customers across more than 100 countries, and Jamf has helped over 71,000 organizations manage and secure more than 30 million Apple devices. Together, we are combining Jamf’s dedicated Apple device management and security with BeyondTrust’s industry-leading intelligent identity and access security solutions to allow our customers to increase end-user productivity while enforcing IT security policies and protecting their infrastructure.

In this blog, we’re sharing the details of our exciting partnership with Jamf. Read on to learn how a partnership between Jamf and BeyondTrust can help enable our customers with easy deployment of privilege management and application control capabilities across their fleet of Apple devices, powerful least privilege management and just-in-time application control, and increased visibility and reporting on Apple endpoints.

Why securing endpoints across Apple devices is becoming a growing concern for organizations

Link copied

MacOS and Apple devices have seen increasing penetration into enterprise infrastructures. According to the IDC Vendor 2021 Assessment Report, average penetration of MacOS devices into U.S. enterprizes averaged 23%, up from 17% in 2019. In 2020, iPhones accounted for 49% of the smartphones installed in U.S. enterprises, and iPads still make up the majority of tablets used in business.

Bring-Your-Own-Device (BYOD) and Choose-Your-Own-Device (CYOD) policies that started as a result of the pandemic have acted as a major driver in the increase in MacOS and Apple device usage within enterprizes. Today, Apple platforms continue to grow in popularity, with a growing number of enterprise users declaring Apple their device of choice. One quarter of the employees at SAP now use Macs, and “Many of our developers ask for Mac specifically and feel more productive with it,” said Martin Lang, vice president for product engineering mobile experience, SAP.

Today’s enterprises need the flexibility to provision and deploy different devices to accommodate user preferences – increasingly macOS machines—but “The proliferation of Apple devices — macOS devices, as well as iPhones, iPads, and Apple TV — in business is causing many organizations to rethink their approach to overall endpoint provisioning, management, and security” (IDC).

How BeyondTrust and Jamf are enhancing deployment of Privilege Management to Mac endpoints with the Rapid Deployment Tool

Link copied

BeyondTrust’s Privilege Management for Windows and Mac combines privilege management and application control technology in a single, lightweight agent. This scalable solution allows global organizations to eliminate uncontrolled admin rights throughout their business and provide just-in-time access for users to acess the applications they need to do their jobs.

The Rapid Deployment Tool is expressly designed to enable organizations to easily onboard an estate of distributed macOS endpoints that are managed by Jamf, properly configured with BeyondTrust’s Privilege Management for Mac. The tool provides Apple PKG files ready for rapid deployment, without the need for IT, security, or other responsible teams, to manually configure each endpoint directly.

The Rapid Deployment Tool can create three immediately installable deployment packages:

• Base Platform: a package which deploys settings relevant only to Privilege Management for Mac.
• Privilege Management Console: a package that deploys configuration settings for the Privilege Management for Mac management platform. You can also optionally include Base Platform settings in the same package.
• BeyondInsight: a package that deploys configuration settings for the BeyondInsight management platform.

The Jamf integration includes connecting to a Jamf instance and creating a package record for the created settings package. A policy referencing that package can also be pushed to the endpoints. For efficiency, and consistency, you can automatically scope the newly created policy to an existing group in Jamf.

What are the benefits of providing additional security for macOS devices?

Link copied

It is not uncommon for Mac users to use an admin account to run many functions. Yet, with more Mac devices connected to the enterprise network (and threats increasingly targeting macOS), this uncontrolled access represents a growing security risk to the enterprise.

Privilege Management for Windows and Mac allows organizations to achieve and enforce least privilege by removing local admin rights from the users in their estate, while continuing to allow users the flexibility they need to remain productive. With allowlisting you can preapprove the installation and use of specific, appropriate applications for users and groups. You immediately gain greater control and improve macOS security by preventing untrusted applications from executing.

Most importantly, Privilege Management for Windows and Mac allows you to dynamically elevate privileges for applications on an as needed basis, just-in-time. You can enable users to request access by creating your own customized authorization prompts. Privilege Management for Windows and Mac lets you set up access request reasons, challenge / response codes, or password protection to add additional layers of security. You can also suppress standard, restrictive messaging and improve access prompts to smooth the end user experience and reduce helpdesk inquiries.

Users can continue to execute approved tasks, run applications and installations as established by the rules of your corporate security policy, without compromising productivity or performance. Familiar firewall-style rules based on Application Groups make set up and management of policies simple. Privilege Management for Windows and Mac allows you to seamlessly manage your entire estate across Windows and macOS operating systems through one easy to use interface.

Where to look?

Link copied

As the proliferation of MacOS and Apple devices in the workforce continues, the Rapid Deployment Tool for Privilege Management for Windows and Mac provides you the flexibility to offer Mac devices in compliance with corporate access policies. You gain visibility on your macOS endpoints, with actionable intelligence, real-time data dashboards, and reporting that aid in troubleshooting, and provide the information you need to proactively manage your policy – across your entire endpoint estate – on an ongoing basis.

If in pursuit of a Zero Trust security posture, incorporating all macOS endpoints is critical. The comprehensive elimination of uncontrolled admin rights and enforcement of least privilege across your macOS estate are “table stakes” for any effective implementation of a Zero Trust strategy.

The Rapid Deployment Tool and Privilege Management for Macs are available now on the Jamf Marketplace and from BeyondTrust. Jamf and BeyondTrust continue to work on providing Apple users with more comprehensive security and productivity solutions.

Learn More

Link copied

As you join our team onsite in Miami, FL for Go Beyond on May 2^nd – 5^th, be sure to swing by the Partner Pitstop Expo Hall to visit Jamf’s booth. Jamf is a new sponsor this year and we are excited to show our customers what we are working on together. If Miami isn’t in your plans, join us in Austin at Jamf’s JNUC 2023 in September, where we are platinum level sponsors.