Jump to "How can I tell if my Mac is enrolled in UCSF Jamf Pro"

Overview of Jamf Pro at UCSF

Jamf Pro, developed by Jamf, is a comprehensive management system for Apple macOS computers (Macs) and iOS devices.  Formerly called Casper Suite, it has been used by UCSF IT Field Services (ITFS) since late 2012 to manage the entire lifecycle of all Mac computers that are subscribed to any Desktop Support services from ITFS.  This includes deploying and maintaining supported software, distributing settings, enforcing security configuration, analyzing inventory data and assisting with responding to security threats.  For the rest of this FAQ, we will refer to this as "UCSF Jamf Pro" to avoid confusing this with another Jamf Pro instance that is privately run by Clinical Communications.  If you would like to learn more about Jamf Pro, please visit https://www.jamf.com/products/jamf-pro.

Who adds Macs into UCSF Jamf Pro

Prior to November 15, 2021, only authorized IT staff can manually enroll Macs into Jamf Pro.  Currently, UCSF-purchased Macs shipped on or after November 15, 2021 will automatically enroll into Jamf Pro as soon as it is turned on for the first time and connects to the Internet.  UCSF-purchased Macs that are not currently managed by Central IT for minimum security requirements and Macs not purchased by UCSF are also eligible to enroll into Jamf Pro.  Users of UCSF-purchased Macs should contact their IT support first before enrolling the computer into Jamf Pro as those cannot enroll as BYOD computers in Jamf Pro.  Users of Macs that were not purchased by UCSF may enroll their computers into Jamf Pro by following special instructions published at https://it.ucsf.edu/how-to/ucsf-jamf-pro-byod-macs (MyAccess login required to view).

UCSF Jamf Pro vs. UCSF BigFix

In conjunction with UCSF BigFix, Jamf Pro applies policies to perform standardized system configuration, security software maintenance and installing applications to individual Mac computers.  While both management systems can perform device inventory, security patching and software delivery at the same level, only UCSF Jamf Pro can provide centralized device management for Macs at UCSF on the hardware level and manage certain security-sensitive settings on macOS 10.13.4 and newer that require user-approved MDM server to manage, allowing IT to enforce configured system security settings that must adhere to UCSF minimum security requirements.  Additionally, Jamf Pro also features the added benefit of managing lost or stolen Mac computers by remotely wiping or locking the computer.

Can all Macs at UCSF enroll into Jamf Pro

As of Monday, November 15, 2021, both UCSF-owned and non-UCSF-owned Mac computers used for any UCSF business can enroll into Jamf Pro to help UCSF IT automate and improve enforcement of our minimum security standards.  Our Jamf Pro is integrated with Apple School Manager that will allow it to verify if a Mac is UCSF-purchased and process the enrollment into Jamf Pro either as a BYOD or a UCSF-owned property.

If your Mac is not a UCSF-owned property, such as Macs brought into UCSF by their owners or authorized users to conduct UCSF business (a.k.a. "Bring Your Own Device" or BYOD), please visit this page at https://wiki.library.ucsf.edu/x/01r_Hw (MyAccess login required to view) for more information on how we manage BYOD Macs in Jamf Pro.

What can Jamf Pro do to my Mac

Like BigFix, Jamf Pro can do the following to all managed Macs:

• Report system information (hardware and software status)
• Track and maintain user assignment to each Mac computer (similar to BYOD registration in BigFix, but automatically)
• Install and update 3rd party applications via installers in DMG or PKG

Jamf Pro can also perform the following that cannot be accomplished from BigFix:

• Automatically provision Macs with our standard suite of software and configuration during initial setup (normally performed by authorized IT staff)
• Configure and enforce system security settings (configuration profiles and their associated payloads)
• Centrally manage UCSF security software permissions to automatically achieve proper functionality (such as preventing CrashPlan backup blockage due to macOS security features)
• Distribution of managed free apps from the Mac App Store via Self Service
• Escrow Activation Lock Bypass Code when users activated "Find My" with their private iCloud accounts (macOS Catalina 10.15 and newer only on Macs with T2 chips or Apple silicon)
• Manage FileVault 2 encryption for Macs, closely following Encryption Key and Certificate Management Standard as defined by UCoP
• Manage lost or stolen Mac computers by remotely locking or wiping the computer
• Perform in-place macOS upgrades with proper management of UCSF security software tools 

How can I tell if my Mac is enrolled in UCSF Jamf Pro

The best way to check this on all Macs is via Profiles preferences in macOS:

Note: If screenshots are not showing, please reload this page on your web browser.

1. Click the Apple icon in the menu bar and select System Preferences...
2. The System Preferences window will appear. Click the "Profiles" icon, if the icon is not present, then Jamf Pro is not installed.
   
3. Select "MDM Profile" from the left and verify on the right that the MDM profile shows "University of California San Francisco Verified" without any message indicating approval required. 
   
4. Then scroll further down on the right to verify the server URL begins with https://jss.ucsf.edu:8443 to confirm your Mac is enrolled in UCSF Jamf Pro.
   

Questions about Jamf Pro

Questions can be submitted to ITFS Desktop Engineering by opening a ticket as a "General Question" item at https://help.ucsf.edu and select 'Get IT Help' or by calling the UCSF IT Service Desk at (415) 514-4100 to log questions on your behalf and triage the ticket to ITFS Engineering for response.