How Innovative IT Teams Can Automate Tasks in Jamf Using BetterCloud

Last year, BetterCloud announced a partnership with Jamf and OneLogin to give IT top-notch tooling to automate device management, identity provisioning, and SaaS application management. With Macs experiencing “astonishing” market growth across US enterprise markets in 2021, it’s not a stretch to say that this partnership has proven to be a big deal.

As the Apple Event unfolded a few days ago, I wondered if (or how) Apple’s constant product refresh calendar might impact IT. Spoiler alert: Jamf and BetterCloud allay any fears you have of managing a complex fleet of devices.

Let’s take a closer look at a few tasks that you can automate in Jamf with BetterCloud.

First, a quick overview of each Jamf action in BetterCloud

We’ll dive into some use cases for Jamf later in this post. But first, let’s review each Jamf action available in BetterCloud.

• Add User to User Group. This action adds a user to a group in Jamf Cloud.
• Create Admin. IT can use this action to create an administrator in Jamf Cloud.
• Delete Admin. This action removes an administrator in Jamf Cloud.
• Delete User. This is fairly straightforward, but this action removes a user from Jamf Cloud.
• Lock Device. In the event that a user leaves the company or loses a device, IT can use this action to lock the device.
• Remove User From All Groups. Here, you can remove a user from all groups in Jamf.
• Remove User From Group. This action enables IT to remove a user from a single Jamf Cloud group.
• Unlock User Account. Here’s another straightforward action. This enables IT to unlock a user account remotely.
• Unmanage Device. When an offboarding process is complete, this action removes a device from Jamf Cloud management.

As you might have guessed, this is a pretty comprehensive glossary of terms. But how can IT use the actions above in existing BetterCloud workflows? And can you create standalone workflows for Jamf tasks? The answers to both of these questions? Yes, of course.

Automatically lock a device during the offboarding process

When I left my previous job, I was unsure of how to return my work laptop. In my defense, so was the IT admin in charge of the process. In his defense, most of the process required a lot of manual work, some of which required him to walk over to my desk and watch me wipe my laptop. 

Fortunately, BetterCloud enables IT to automate much of this work. In the screenshot below, you’ll see one example of how we might build a workflow to do the heavy lifting.

Here, we’ve done a few things. First, the IT administrator in this example has created a Google Workspace Group for all Mac users. The workflow above is triggered whenever a user is removed from that group, at which point the following steps occur:

• The user’s device is locked using a passcode set by IT
• The IT admin receives an email 14 days later to confirm if he or she has received the deactivated user’s laptop
• If the IT admin has received the laptop, he or she can put the machine back into rotation by clicking YES

Pretty simple, right? There are actually two ways you could apply these actions in a workflow. 

Some IT administrators simply add each Jamf action above directly into their master offboarding workflows. But remember: The example workflow kicks off whenever a user is removed from the Mac Users group in Google Workspace. You can daisy chain this to a master offboarding workflow by adding the “if” statement “Google Group is Mac Users.”

Automatically lock lost or stolen devices

Automating the management of lost or stolen devices is pretty similar to our offboarding example in the previous section of this post. You’ll notice that the main difference here is that we’ve created a group for Lost/Stolen Devices.

Additionally, take a look at how many more manual tasks this workflow handles on behalf of IT. 

Here’s a short breakdown of what’s happening in the screenshots above.

• The BetterCloud workflow tells Jamf to lock the user’s device and reset the passcode.
• The workflow sends an email to the user, the user’s manager, and the security team. This note confirms that IT is aware of the lost or stolen device and provides additional information regarding the next steps.
• After two days, the workflow removes the user from the Lost/Stolen Devices group in Google Workspace.
• After 23 additional days, the workflow triggers an email to the administrator to confirm whether or not he or she has received the lost device. If not, the administrator can kick off a remote device wipe by clicking “YES.”

I don’t need to tell you that’s a lot of time saved. In addition to the actions in Jamf that this workflow handles, it’s easy to forget that emails can be really annoying to write manually, especially when IT needs to cover important details regarding loaner laptops and remote device wipes. This workflow enables IT to write the email just once and add dynamic fields so that each note is personalized.

Additionally, the final step of this workflow reduces the risk that any lost or stolen device falls off of IT’s radar. Rather than requiring an admin to check on these devices manually, the workflow sends an email to confirm whether or not it’s time to wipe the lost device and remove it from Jamf management. Are these easy tasks? Yes. Are these easy tasks to forget to do without a workflow? Also yes.

Final thoughts

As remote work evolves from the new normal into simply normal, it’s more critical than ever for IT to automate device management. Long gone are the days when IT could wait around for folks to notify them about departing employees or lost devices. The combination of BetterCloud workflows and Jamf not only reduce the manual work related to device management, but also make it easier for IT to provide a more secure and seamless end-user experience.

Want to learn more about how you can use BetterCloud to automate device management tasks in Jamf? Click here to schedule a demo.