Jamf - Glossary of Terms
- Katelyn Russell
- Daniel Vega
MDM
Mobile Device Management (MDM) includes the administration of mobile devices (this is any iPhone, iPod Touch, iPad or Mac). MDM solutions are third party products (such as Jamf) that have management features for mobile devices.
DEP
Device Enrollment Program (DEP) is a program from Apple that allows organizations to link Apple devices to their MDM solutions.
VPP
Volume Purchase Program (VPP) is a program from Apple that allows organizations (education organizations and organizations with a DUNS number) to purchase apps on the iOS and Mac App Store using a centrally managed account.
APNs
The Apple Push Notification Service (APNs) is a service from Apple that forwards notifications of third party applications to the Apple devices. These include badges, sounds or custom text alerts. MDM commands are sent via APNs.
ASM
Apple School Manager is a simple, web-based portal for IT administrators that provides a fast, streamlined way for you to deploy Apple devices that your organization has purchased directly from Apple or from a participating Apple Authorized Reseller or carrier. You can automatically enroll devices in your mobile device management (MDM) solution without having to physically touch or prepare the devices before users get them.
https://support.apple.com/guide/apple-school-manager/welcome/web
MDM server in Apple School Manager
In Apple School Manager, a mobile device management (MDM) server is used to enroll/assign devices (Apple devices that your organization has purchased directly from Apple or from a participating Apple Authorized Reseller or carrier) automatically into Jamf without having to physically touch or prep the devices. With Jamf integration, you can further simplify the setup process for users by removing specific steps in Setup Assistant, so users are up and running quickly.
Server Token
A Server Token (.p7m) is used to authenticate MDM servers in Apple School Manager with Automated Device Enrollment settings created in Jamf.
Automated Device Enrollment
Enrollment is the process of adding computers and mobile devices to Jamf Pro. This establishes a connection between the computers and mobile devices and the Jamf Pro server. The Automated Device Enrollment settings allow you to integrate Jamf Pro with Automated Device Enrollment (formerly DEP). This is the first step to enrolling a device with Jamf Pro using a PreStage enrollment. After Jamf Pro is integrated with Automated Device Enrollment, you can use Jamf Pro to configure enrollment and device setup settings.
PreStage Enrollments
A PreStage enrollment allows you to create enrollment configurations and sync them to Apple. This enables you to enroll new computers with Jamf Pro, reducing the amount of time and interaction it takes to prepare computers for use.
User-Initiated Enrollment
You can allow users to enroll their own computers by having them log in to an enrollment portal where they follow the onscreen instructions to complete the enrollment process.
Sites
Sites are components that Jamf Pro administrators can create to determine which objects (for example, computers, mobile devices, or apps) Jamf Pro users can view and manage. Sites and the objects within sites do not have to be organized based on physical location.
Categories
Categories are organizational components that allow you to group policies, packages, scripts, and printers in Jamf Admin and Jamf Pro. You can also use categories to group policies, configuration profiles, apps, and books in Jamf Self Service. This makes these items easier to locate.
Self Service
Jamf Self Service for macOS allows users to browse and install configuration profiles, Mac App Store apps, and books. Users can also run policies and third-party software updates via patch policies, as well as access webpages using bookmarks.
Policies
Policies allow you to remotely automate common management tasks on managed computers. Using a policy, you can run scripts, manage accounts, and distribute software. When you create a policy, you specify the tasks you want to automate, how often it should run (“execution frequency”), when the policy should run (“trigger”), and the users and computers for which it should run (“scope”). You can also make policies available in Self Service for users to run on their computers as needed.
Configuration Profiles
Configuration profiles are XML files (.mobileconfig) that provide an easy way to define settings and restrictions for devices, computers, and users.
You can use Jamf Pro to create a configuration profile or you can upload a configuration profile that was created using third-party software, for example, Apple's Profile Manager or Apple Configurator.
Restricted Software
Restricted software allows you to prevent users or groups of users from accessing certain applications.
Smart Computer Groups
Jamf Pro allows you to create smart groups for managed computers, mobile devices, or users. You can create smart groups based on one or more inventory attributes.
Static Computer Groups
Static groups give you a way to organize computers, mobile devices, or users by assigning them to a group. These groups have fixed memberships that must be changed manually.
Introduction
Developer access to UT CMP is managed through Active Directory (AD) groups. If your department does not already have groups that you can use, your department will have to set up new AD groups as a prerequisite for signing up for the service.
Identify your Active Directory (AD) Department OU Owner
In order to create the required AD groups for authorization to UT CMP, you need to identify your Active Directory (AD) Department OU owner.
Only the AD Department OU owner can create new groups using the university's Group AD Tools.
Need help finding your AD Department OU owner?
- Browse the AD tree to try to find your Department OU owner.
- If you cannot find the owner, reach out to your department's Network Technical Support Contact (TSC) or Desktop Support Team.
- If you are still unable to identify your Department OU owner, then you can reach out to the AD Service Team for help.
Browse the AD Tree
You can use a tool like ldapsearch or ApacheDirectoryStudio to browse the tree to the security group locations and find your Department OU owner.
- Reach out to your technical support or desktop support contact if you need help with these tools.
Understanding the AD Tree Structure
If you're interested in learning more, the Active Directory extends and provides variations for Lightweight Directory Access Protocol (LDAP).
| Structure Component | Definition | Example + AD Tree |
|---|---|---|
| Department OU | Departments get an OU assigned to them in Active Directory. If your department doesn't have one, the AD team can make one. OU stands for "Organization Unit," basically a folder in the Active Directory tree | e.g., OU=GRAD OU=[DEPARTMENT OU],OU=Departments,DC=austin,DC=utexas,DC=edu Note: DC stands for "domain component." |
| Owner Security Groups | Department OUs have Owner Security Groups, typically IT directors or managers are group members. Owner security groups are stored as "CN," which stands for "common name," and have "-Owners" appended to the Department OU. These owners can use the User AD Tools and Group AD Tools to make more owners/administrators/users, and to make groups. | e.g., CN=GRAD-Owners CN=[DEPARTMENT OU]-Owners,OU=Departments,OU=Administrative,DC=austin,DC=utexas,DC=edu |
| Administrator Security Groups | Also stored as a "CN" but with "-Administrators" appended to the Department OU. Administrator Security Group have special privileges. | e.g., CN=GRAD-Administrators CN=[Department OU]-Administrators,OU=[Department OU],OU=Departments,OU=Administrative,DC=austin,DC=utexas,DC=edu |
| Security Groups | Security groups are how users are assigned access to resources; in the case of UT CMP, developers who can access staging and production projects in Rancher and users who can access logs will be added to three specific groups. | e.g., CN=GRAD-CMP-Group-Managers, CN=GRAD-CMP-Developers-Staging, CN=GRAD-CMP-Developers-Production, CN=GRAD-CMP-UTSPLUNK CN=[Group name],OU=[Department OU],OU=Managed,OU=Groups,DC=austin,DC=utexas,DC=edu |
EPM is available to IT Support Organizations (ITSOs) with any endpoint management questions. If you have a question about a specific endpoint client, please reach out to your local endpoint client support organization.
- Jamf Training Resources
- EPM Enhancement Requests
- Jamf - Glossary of Terms
- ConfigMgr - Glossary of Terms
- Sample Page
- MCM Training Resources
- Teams: Endpoint Platform Community
- ConfigMgr - Collecting ISORA Data
- Jamf - Collecting ISORA Data from Jamf
- TikTok Block
- EPM Dashboards - Jamf and MECM
- New to Endpoint Administration: Quick Guide
Welcome to the University Wiki Service! Please use your IID (yourEID@eid.utexas.edu) when prompted for your email address during login or click here to enter your EID. If you are experiencing any issues loading content on pages, please try these steps to clear your browser cache.