Jamf Nation Community

LunaLoomer · ‎12-28-2023

I'm exploring the capabilities of Jamf and have a specific question regarding its functionality. After the installation of Jamf on a device, can it provide a comprehensive view of the device history? Does Jamf allow administrators to see a detailed history of a device post-installation? I'm particularly interested in understanding if it captures information such as application usage, system changes, or any other relevant data over time. How granular is the data that Jamf can capture? Can it provide insights into specific events, configurations, or user activities on a device?Are there considerations or settings in Jamf to address user privacy concerns, especially when accessing historical data on a device?

Thank you in advance for your assistance!

AJPinto · ‎12-29-2023

Your questions are very overarching and vague, I'll see if I can offer guidance.

Can it (Jamf Pro) provide a comprehensive view of the device history?
- Application Usage: Yes
- System Changes: Yes, both software and hardware changes
- Any other relevant data over time: Depends on what you consider relevant.
How granular is the data that Jamf (Pro) can capture?
- Can it provide insights into specific events: Not in most cases.
- Configurations: Not in most cases, but you can write extension attributes to gather pretty much anything CLI can see.
- User activities on a device. No, beyond Application Usage Jamf Pro cannot see what a user is doing.
Are there considerations or settings in Jamf to address user privacy concerns, especially when accessing historical data on a device?
- JAMF Pro is a device management tool, not a spyware tool. Ultimately this is an Apple question, see the Apple link below.
  - iOS/iPadOS: JAMF Pro has very little visibility beyond the management container.
  - MacOS: JAMF Pro's JAMF Binary is not a part of Apples MDM Framework, and since it has root access nothing is off limits. Generally speaking, I do not recommend BYOD Macs, and if the user has an organizationally owned Mac, they should expect no privacy.

Partings thoughts. JAMF Pro is not a security tool. If you are needing elevated log gathering, and event reporting you need a security tool that JAMF Pro would install and configure. Depending what data you want or need, JAMF Protect may be worth looking in to as it can redirect macOS Unified logging to SIEM and gather pretty much anything you want. JAMF Pro and JAMF Protect are two different products.

https://learn.jamf.com/bundle/jamf-pro-documentation-current/page/Application_Usage.html

https://learn.jamf.com/bundle/jamf-pro-documentation-current/page/Computer_History_Information.html

Managed Devices and Corporate Data (apple.com)

https://learn.jamf.com/bundle/jamf-protect-documentation/page/Unified_Logging.html

https://docs.jamf.com/jamf-protect/administrator-guide/Configuring_Unified_Log_Filters.html

LunaLoomer · ‎01-01-2024

Thank you for your detailed response and the valuable insights into the capabilities of Jamf Pro. Your breakdown of its functionalities regarding application usage, system changes, and data granularity is quite helpful.

I appreciate the clarification on user privacy concerns and the distinction between Jamf Pro and security tools. Your mention of JAMF Protect and its potential for redirected logging to SIEM is especially intriguing.

As I continue to explore Jamf's features, I'll delve into the provided links for more in-depth information. If any community members have additional practical tips or experiences with Jamf Pro, I would welcome their contributions to further enhance my understanding.

Once again, thank you for your assistance and the informative links.
'

EHallPass

aultplan · 3 weeks ago

Nice post! We do our best to stay compliant. We don't need issues. Mykplan

Jamf Nation Community

Query Regarding Jamf: Visibility into Full Device History Post-Installation