Jamf Nation Community

Whilst what you say is true, @jamf-42, the company is going through growing pains whereby in the past people could pretty much do their own thing. But now it is of a size where it needs to look and behave in a manner that will attract and retain bigger customers; and given that most people have been with the company for a while it is hoping to use carrot rather than stick to get people to comply. If we can dispel people's concerns with sound evidence there's less likely to be any push-back.

As @jamf-42 , mentioned, this is more of a Management/HR issue, than an IT issue. The simple answer is, if you want to use a corporate device and connect to corporate resources, you will enroll your computer in Jamf. And, why are you not using Apple Business Manager and Automated Device Enrollment to force enrollment of corporate devices. 

The jamf binary is very lightweight. It only runs once every 15 to 60 minutes depending on how you set up your check-in time. Generally, it is not Jamf you need to worry about for CPU time, it is any package/agent you install using Jamf (EDR software, network proxy, etc.) That software will be much more likely to use CPU and memory resources. 

Jamf is just the tool that is used to manage the computer, and that includes installing software and running basic policies. 

As far as the article, first it over three years old. Yes, some of the concerns may still be valid, but other (such as using a static password for the management account) no longer apply. Is Jamf 100% safe, not, nothing is. But, when configured correctly, having Jamf installed on a computer will ensure you can properly secure your corporate assets. 

@Tribruin, the company has created an Apple Business Manager account and will be using Automated Device Enrollment going forward but historically devices were purchased and sent to users, like myself who has only been with the company three months, so at the moment we have to use User Initiated enrollment to get visuals on what the IT estate looks like.

Part of the reason to get everybody enrolled is to work out who needs their kit refreshing, but we won't know this until everybody has completed the enrollment.

Given yours and @jamf-42's comments, as well as my own experience having enrolled weeks ago, it looks like the general opinion is that the load caused by Jamf is negligible but being able to point to a process on my machine, for example, and show over time CPU/memory usage would help to ally any concerns. Especially as there is the potential that management may not want to rock the boat - but then again that is a business decision as to whether the tail wags the dog, or the dog wags the tail.

I agree with the other posters that if it's a company asset then they don't really have a choice. I've also been there and have been on the receiving end of "you're not doing anything with my Mac" arguments... but some friendly comms from HR explaining the Mac is property of the business, why this is happening and the benefits soon puts any issues to rest.

I also agree with jamf-42 - best strategy initially is to just get them enrolled and in a managed state, very light touch enrolment then slowly start to bring them under tighter control. The Jamf binary is very lightweight, almost unnoticeable.