We have a rather small Mac fleet of a few dozen MacBook Pro, a handful of iMacs. We implemented jamf with a minimum of features. The users have administrative privileges, our environment is scientific and has to be open in that way. We have to provide the best support and also want to limit the workload, while restricting the least.
How do we get the most out of our jamf instance?
Which policies, profiles, scripts, apps and packages do you consider must-have?
I'll be honest, Jamf Now is a much better tool for managing iPhones/iPads than it is for managing Macs. But, the best apps and profiles will be what your end users need and restrictions you want to impose!
For apps, I always of course like to deploy Chrome and Firefox, most end users dont using Safari or don't know how, Chrome is familiar though. For any apps not available in the MacApp Store (like Chrome), you can download the install packages from app providers and deploy them directly via the Apps and Blueprints in your Jamf Now.
In terms of settings and restrictions, obviously deploy your wifi, and set passcode requirements if you'd like, but from there you have a lots of options. Filevault is nice to turn on for security purposes, Jamf will automatically escrow the recovery key to your device's inventory record. But in terms of Blueprint Restrictions, there arent very many Mac specifics ones to begin with, and it doesnt sound like there are that many restrictions you would want to set for your end users. Every organization is different so when I setup Jamf Now instances, I always ask what the needs are, in your case I would look to maybe explore Jamf Now Fundamentals and using iMazing Profile editor to deploy a custom config profile with tailor made restrictions and payloads for MacOS. iMazing is free and allows you to sort payload by device type: