iPhones, iPads and Macs have a built-in framework that supports mobile device management (MDM). You can find furter information from Apple's support web pages, introduction to mobile device management

MDM lets you securely and wirelessly configure devices by sending profiles and commands to the device. MDM capabilities include updating software and device settings, monitoring compliance with organisational policies, and remotely wiping or locking devices. College-owned Mac devices are enrolled in MDM automatically using Apple School Manager.

Imperial College London uses Jamf Pro as their MDM provider.

You can watch our video below to show you how to setup your College Mac device and visit our JAMF frequently asked questions for further information and support.

How to set up your Imperial-owned Mac device

Setting up your Imperial College London Mac

How to set up your Imperial-owned Mac device and where to get additional support if required.

Device management

What is JAMF Pro?

JAMF is the leading Apple (macOS and iOS) device management platform, allowing for simple and efficient administration of all Apple devices. 

JAMF offers the following functionality: 

  • Apple Deployment and Management 
  • System Security and Software Updates 
  • Software distribution and Application Management 
  • System Administration and Inventory

JAMF uses the macOS built-in MDM framework. You can find out more about this on Apple's introduction to Apple platform deployment web page.

Why is JAMF Pro being installed?

The number of attacks on organisations has grown in the past few years and ransomware attacks/virus infections now present one of the biggest risks to the university. As a result, ICT is working on reducing the likelihood that this type of attack against Imperial would succeed.  A significant part of this work is improving our understanding of the risks that we face. By managing Imperial endpoints we are able to understand the risk they present to the organisation: 

  • Has security been installed? 
  • Is antivirus software running? 
  • Are the security definitions up to date? 

Having managed machines and up-to-date security patches are also a requirement of Cyber Essentials which the College is trying to obtain. If the College does not have this certification, the University’s ability to get funding might be impacted.  

What are the benefits of JAMF Pro?

Reliability:  Your Mac will quickly receive software updates and patches with little to no interaction on your part.  

Time Efficiency:  You will stay more productive as deployment and updating processes run in the background, freeing up more time for teaching and research.  

Security & Compliance: ICT will manage the security of your device so you don't have to, ensuring that software patches, antivirus protection, firewalls, and compliance with Imperial's minimum security standards are well maintained.  

Confidentiality:  Your data and files will remain confidential; no personal data is scanned, indexed, or transmitted off your device. ICT servers also keep full audit logs of any actions performed by technicians. 

What changes does JAMF Pro make to my Mac?

A Mobile Device Management (MDM) profile is installed. This profile allows JAMF Pro administrators to remotely configure settings on the Mac. Basic security settings will be set at enrollment to ensure compliance with Imperial College London policies.   

An application called Self-Service is installed. This allows for content such as software, printers, maintenance tasks, links, and other documentation to be available. If a department has software that they wish to make available through Self Service they should submit a Service Desk ticket.  

An application called JAMF Connect is installed. This allows syncing of your Imperial College London account password with the password on the Mac. 

What data is collected using Jamf?

We have customised Jamf to only collect the data that is required to support macOS devices. This includes:  

  • Hardware Specifications
  • Installed Applications
  • Services Running
  • Available Software Updates
  • Local User Accounts
  • Security Status (Firewall, SSH, etc)
  • Connected Printers 

Jamf does not collect personal information, such as the contents or names of individual files (documents, email, etc.) or any browsing history. Jamf can't:

  • View browsing history on a device
  • See your personal emails, documents, contacts or calendar
  • Access your passwords
  • View, edit or delete photos
  • See the location of a device

For a complete list of attributes Jamf can view for a computer, review the Managing Computers > Inventory for Computers > Computer Inventory Information Reference section of the latest version at the Jamf Pro Administrator’s Guide.

Migrating from an old mac/backing up

Can I use Migration Assistant?

For usual scenarios, it is recommended to store files in OneDrive, which has the benefits of being able to be accessed from any machine.

And for Research Data it is recommended to use the Research Data Store

For applications, it is recommended to freshly install any one needed on the new Mac. A number of applications can be found in the Self Service app (which can be found in the Applications folder). If your department has applications that you would like served through Self Service please contact the Service Desk.

If it is important for your work that you use Migration Assistant to transfer data from an old Mac, you may do so providing the new Mac has been updated to at least macOS Ventura (13).

Can I use Time Machine?

Time machine is a great tool for home use scenarios and although we do not restrict its use it is not supported for College work or by ICT. For files and data, it is recommended to use OneDrive or the Research Data store service. If you wish to restore data from an old Mac to a new one please make sure the new Mac is updated to at least macOS Ventura (13) ahead of restoring. 

Security, upgrades and updates

How do I install unknown or unsigned applications?

Since macOS 10.15 Catalina, all software installed on macOS needs to be both signed by the developer and notarised by Apple. ICT enforce these settings using MDM.

Running software that hasn’t been signed and notarised might expose your computer and personal information to malware that can harm your Mac or compromise your privacy. 

If you’re certain that an app that you want to open is from a trustworthy source and hasn’t been tampered with, you might be able to temporarily override your Mac security settings to open it. Read more about this on the Apple web pages

If you require full control over being able to bypass Gatekeeper completely you can request a security exception using our MacOS configuration changes ASK form

Will I still have admin rights to my Mac?

The person setting up the Mac is given admin rights. This allows installing/uninstalling of applications as well as configuration changes and macOS updates. 

Can I create a local account?

The account that you use to log in is a local admin account, based on your Imperial College London credentials. If you wish to change the mac to a ‘multi-user’ device please complete the relevant section of the MacOS configuration changes form on ASK

All accounts on the Mac must use Imperial College London credentials and collaborators should be given  so transparency and visibility of users on the Mac remain.

If you need to use a previously created account from an old Mac device, it's possible to transfer the account over using migration assistant if the new Mac you are using is on a minimum version of macOS Ventura.

If you require support with migrating a previously created account, please contact the Service Desk.

What changes are there from an Intel Mac to an Apple Mac?

There have been a few significant changes if you are coming from an Intel mac to an Apple Silicon one, especially if you have been running an unsupported version of macOS. Some of the common changes and recommended solutions, where appropriate, are listed below.

Time Machine

Since macOS Big Sur, Time Machine no longer backs up system files or apps installed during macOS installation. If you are trying to restore from a Time Machine backup, only data files can be migrated to the new Mac. If you have issues with your Mac you must first reinstall macOS on your Mac before you can restore your files using your Time Machine backup. You can then run Migration Assistant after you have logged in to use the Time Machine backup.

APFS file system

Since macOS Catalina, macOS uses a new filesystem called APFS and the system volume is on a separate read-only volume from the user data.

Apps

Since macOS Mojave, 32-bit apps are no longer supported. Only 64-bit apps can be used.

Python

In June 2019, Apple announced it was deprecating the Python 2.7 programming language. In April 2022, Apple removed Python 2.7 on macOS devices running Monterey 12.3 and above.

What are MacOS updates and upgrades?

An update is a newer version of the currently installed macOS, such as an update from macOS Ventura 13.5 to macOS Ventura 13.6. MacOS security updates should be installed within 14 days of release.

An upgrade is a major new version of macOS with a new name, such as an upgrade from macOS Ventura to macOS Sonoma. For upgrades, you need to be on a supported version of macOS, which is one of the last three versions. Anything outside this is unsupported and will not receive security updates from Apple.

If you require an opt out from the update notifications please complete the MacOS configuration changes form on ASKPlease note that you may lose access to College services if macOS security updates are not applied within 14 days of release.