Help

Jamf for managing devices network access

lk-pantheonlab
New Contributor

yesterday

Hi all, I have a client whose company has very strict policy about data protection and privacy. We are developing an App for this client that will utilise the Apple Dictation function. Due to the data protection and cybersecurity requirements, we want to use the Apple Dictation function in offline manner, which is possible. However, Apple documentation did not provide option to exclude audio and text data using in audio transcription process to be uploaded to Apple servers. Hence we are looking to use JamF to block such traffic. In fact, we want to block most traffic to public internet, except those necessary for operating the devices, MDM and app. For example, we will allow list of servers used for certificate validation.

My question to JamF community and JamF experts is if JamF can help us achieve our objectives, which including network traffic filtering at OS layer (blocking even iOS traffic to Apple servers)?

0 Kudos
Reply
3 REPLIES 3

AJPinto
Honored Contributor III

yesterday

This is not a function that Jamf Pro, and much less Jamf Connect (the channel you posted in) are able to do. The reason you did not see Apple Documentation is because it's not possible to do with MDM. Firewall controls could possibly block this. Even though Apple has some firewall controls in the MDM framework that Jamf Pro can use, its nothing compared to what Firewall controls apple has in the security framework. Be aware, if you block any functions of Dictation don't expect any of it to work correctly. 

 

Jamf Safe Internet may be able to block the hosts/ports that the Dictation function use, but I would suggest using a tool specifically designed for TLS filtering like Forcepoint, Zscaler, or any of the many other network security tools out there. You may be able to use 

 

TL;DR: Use the right tool for the job or have a bad time. You need a network security tool, and to evaluate if it's even possible to provide the features your client wants while maintaining their security posture.

Reply

lk-pantheonlab
New Contributor

yesterday

Possible to achieve by combining Jamf Connect with a VPN gateway that has firewall to block all traffic unless whitelisted?

0 Kudos
Reply

AJPinto
Honored Contributor III
In response to lk-pantheonlab

yesterday

Jamf connect is an authentication tool, it basically enables on demand account creation based on IDP credentials and access. Jamf Connect is not a device management or MDM tool in any way shape or form.

 

Your VPN could open up options depending on what your internal firewall configurations are, I suggest reaching out to the VPN and Firewall vendor for a list of possibilities. Just remember, blocking any of the Dictation traffic can cause the entire feature to not work so keep your expectations in line with that.

0 Kudos
Reply