Title pretty much says it all. I have my own mac to be independent of my main organisation. On it I work on documents from many organisations some of which are confidential. My (very helpful) mac support says that JamF is take it (so my organisation have access to my machines, including apps, files, and the ability to wipe it) or leave it (and not have access to email/calendars, etc).
I've asked whether I could be administrator for my own machine (and only that one), but it's a no go, apparently.
Any guidance anyone can offer on what I'm getting into if I accept would be really appreciated.
For us here, we have to maintain Cyber Essentials plus certification, and one of the new rules for that is no access to data on unmanaged systems. So essentially what you have been told coud be true for your organisation.
I have never done it, but they could possibly do a BYOD setup, and ringfence their own data in a Jamf wrapper. This would leave you in charge of the rest of the Mac, just not their bit. You can always remove their management and then drop their data from your Mac. And they would also be able to remove their management and files etc, but not your own data, just their company data.
But that would depend on them wanting to set that up. For me here it is the all or nothing policy, currently, but that might change. We would never take total control of a Mac that is not company owned.
Well first thing to learn, its JAMF not JamF :).
Sattire aside. Its your personal device, its up to you if you want to have it in JAMF or not. I totally agree with that. However, its your employers data and totally up to them if they want their data on a nonmanaged device or not. Personally I say never have any organization data on a nonmanaged device.
You have two choices
Honestly I am a bit floored in 2023 you had an employer that just "YOLOed" their data on to a device with no management involved. That is a Data Loss Prevention nightmare.
Are you a private contractor or an employee of the company?
If you are a private contractor, they have no business managing your computer, which is owned by you.
If you are an employee, they have no business managing your personal computer either.
If they want to manage your "work" Mac then they need to buy one for you.
This. I myself am against BYOD in the Mac space. If an employer wants/needs this control they do not need to shift the expense of a device off on to the employee/contractor. There are all kinds of SaaS solutions that can be accessed via web portal to be able to accomplish work.
Honestly, BYOD in the computer space is a red flag to me.