Nearing deployment date for Jamf at my workplace. Want to see if you guys thinks this is alright or if I should change anything. This is regarding software in general.
1:1 environment. Predominantly MacBooks, around 300. Not managed before by other management software. Upper management want some software mandatory for the computers (Cisco VPN/Office 2016 and a few other programs).
I've setup Jamf this way:
Enrollment for new computers with DEP/already existing computers that gets enrolled: For this I've set up a few policies that installs the mandatory
programs. Scoped to smart group that checks if computer got the installed apps. If a mandatory app gets removed from a computer,Jamf installs it again.
Licensed software: Created Static groups per licensed software. Scoped to a policy that installs the software. Set to appear in Self Service. This is for our helpdesk so they can assign the licensed software to a computer when a person requests it.
Freeware software: Just set to Ongoing and available in Self Service.
Looks okay to me.
One thing to think about with the mandatory apps is the inventory collection period versus the reinstallment period and whats happens with a device when it fails to install or fails to detect installation. You probably don't want it to continually attempt a reinstall every 15 minutes or whatever your recurring check-in is set to for example.
With inventory collection in general you might want to think about how the regular updates to this are managed, it generates a large amount of data so if you have it turned on for every single policy and it can generate issues (although with 300 devices it probably doesn't matter too much). I have ours setup to inventory once a day, but excluded by a group if inventory collection has occurred in the last 24 hours (by some other policy that required it and then only have it turned on for policies where it is essential to know the result off (i.e. re-installing Antivirus).