I was fortunate to be in Denver, Colorado last week to attend Jamf’s annual JNUC event – this was the first time I have attended this event and I wanted to share a few thoughts below for others that did not attend.
As this blog is reasonably long here are some hyper links to the various sections if you want to jump around
- Top Takeaways
- Keynote Videos
- Product Innovation
- Platform SSO: The Next Frontier
- Enterprise Security Standards in Action – Future of Identity Integrations with SSF and CAEP
- Apple Platform Security
- eSIM Best Practices for iPhone and iPad: Setting the gold standard in mobile security for 2026 and beyond with zero touch global deployment
- From Planning To Impact: Implementing Shared iPad with Purpose in Jamf School
Before getting into the content, I will share four photos from a short hike I did outside of Boulder in the foothills of The Rockies after the conference finished:
Top Takeaways
- Meeting Jamf’s global execs and key leaders was very beneficial. From a partnership perspective this is helpful to establish the Cyclone brand and for us to be aligned with the vision from the key leaders.
- Meeting other global Jamf partners and seeing where their business focus is was also illuminating. Whilst we share similar goals, how they have gone to market at times differs from our stratgegy in New Zealand so it was useful to have my thinking challenged in this space.
- Jamf is a platform, not a point solution. From my days selling Microsoft 365 with Microsoft APAC, I know the value of being able to position a platform to a customer. Jamf are clearly very focused on expanding beyond being a premium MDM for Apple devices, and wrapping very capable security, IdP and education focused solutions around the core MDM offerings
- Automation: a big push from Jamf for partners to automate deployment and management as much as possible to achieve scale and financial efficiencies to be competitive with solutions.
- A continued energy directed towards MSP: new tools, better billing engines, faster quoting tools – much was unveiled to make life easier for MSP to transact and deliver Jamf solutions (a very welcome message from my perspective)
Keynotes
Opening Keynote
Commercial – State of the Union
Things that stood out from the Keynote to me included:
- A big push for use of Jamf Blueprints – a smarter way to group and manage configuration profiles
- 12 additional Declarations and 34 Configuration Profiiles released at the event
- SSO in Jamf Account across the different Jamf consoles – faster switching
- AI Assistant – big push e.g. using AI asisstant to search for redundacies or conflicts in deployed configuration profiles and to provide a remediation plan automatically.
- A live demo of Compliance Benchmarks for CIS L1 and L2 as well as NIST standards – all deliverable via Jamf Blueprints
- when new versions of macOS are released, the benchmarks can be updated automatically and the correct configurations flow to devices seamlessly
- Very smart security via the macOS Telemetry Framework that Jamf Protect and Jamf Security Cloud can pick up on – Jamf Mac endpoint telemetry explained
Education – State of the Union
Things that stood out from the Keynote to me included:
- A big push for enhanced value through Jamf managed Shared iPad mode
- The acquisition of Identity Automation is a key part of this: Jamf completes acquisition of Identity Automation, expanding its platform to include dynamic identity management for specific industries
- A live demo of Jamf School showing how Blueprints can work (coming in 2026)
- A live demo of Platform SSO (PSSO) – easy to deploy, great for multi-user devices
- It was clear that Jamf was not threatend by PSSO native integrations and the impact this may have on Jamf Connect. They actively encouraged customers and partners to migrate to PSSO
- A live demo of Jamf School at Home
- The use of the Jamf Parent app for managing iPads – I really liked this and the functionality was largely new to me.
Overall, the keynotes were mostly useful – there was some very good annoucements in the Commercial keynote and from the Education keynote I was particularly interested in the announcement of the acquistion of Identity Automation and how this can allow a seamless single sign on experience into apps such as Canva and Seesaw when deployed onto iPads managed in Shared iPad mode showing a clear time saving for students in a classroom by removing the need to sign into each app individually with a school email address and password.
Product Innovation
Unsurprisingly, Jamf used the JNUC platform to announce a lot of innovation and new products, some targeted at making the life of MSP easier (yay) other functionality was more for end customers to benefit from directly.
Michael Covington (VP Portfolio Strategy) shared some interesting insights to partners during the pre-event Global Partner Summit, including:
- Endpoint teams are being asked to do more – some are being measured on how happy their end users are with their devices (clearly, this leans into Apple’s wider strategy of “Employee Choice”)
- Customer tool consolidation is a big focus: not using separate consoles for different platforms and leveraging AI assistants wherever possible to accelerate routine tasks
- Jamf view themselves as a platform company now – being a point solution (e.g. best in breed MDM) is not longer a viable solution. Jamf see their platform being:
- Users (IdPm integration)
- Endpoints (MDM, Security)
- Applications (tailored tools for end users e.g. teachers/students/parents, and IT to manage endpoints)
I won’t go into all the partner tools that have been developed and made available but if you are a Jamf partner, check out the Partner Hub and look for the MSP Toolkit as a starting point.
One thing I did enjoy from multiple sessions at Jamf was the willingness of the presenters to do live demos. Most worked flawlessly, some hit a few delays and one didn’t work at all – but that’s the reality. I like to see tech companies backing themselves and their products and being confident to deliver live demos to large audiences.
Mike Vanderlinder (Senior Product Manager) shared some interesting insights into SMB and the focus that Jamf have on that segment (as do Apple themselves, interestingly):
- 27% computers in SMB are Mac
- 43% expect Mac use to increase
- 36% SMB lack dedicated IT Support
- 25,000+ Jamf existing SMB customers
There is a paradox in trying to serve the SMB segment: how to balance employee experience vs delivering a full feature set.
- SMB Solutions: tend to be limited features to keep it simple to manage and quick to deliver
- Enterprise Solutions: tend to be feature rich but more complex to deliver
To address this, Jamf are releasing new tools to reduce the initial provisioning friction, simplify integration setup and ease the learning curve making for a better end user experience overall.
Platform SSO: The Next Frontier
Adam Derrick (Jamf Solutions Engineer) presented this session to a packed audience.
This session demo’ed Simplified Setup, a feature that Apple announced with the launch of macOS 26 Tahoe (see here for technical deployment docs). There is a blog explaining this here and right now only Okta IdP supports this, but essentially it shifts the authentication into the OOBE stages rather than requiring a user to complete the authentication once they reach the active desktop. It makes for a very strong OOBE for the end user, but feels like it’s not quite fully polished yet given most IdP have not adopted it yet.
Jamf are keeping all their PSSO documentation updated here: www.jamf.it/psso
There was discussion around the different authentication methods available for PSSO:
- Password Sync
- Secure Enclave Key
- Smart Card / Yubikey
- Tap to login (new contactless authentication via iPhone/Apple Watch on macOS 26)
The general consensus still appears to be that using Secure Enclave is the way to go. This leverages Apple’s Secure Enclave to store hardware bound non-exportable authenticaatiotn keys and users authenticate using a key that never leaves the Mac’s hardware. Right now, this is only supported by Microsoft’s Entra ID.
Apple’s Authenticated Guest Mode also featured with full Jamf support – I can see a lot of value in this for computer labs, or retail / hospitality where users are needing to quickly sign in/out of a Mac
- Login to Mac with account credentials from IdP
- Sign in to apps and websites
- User data is erased after logout
- Auto advance to streamline process
Enterprise Security Standards in Action – Future of Identity Integrations with SSF and CAEP
This session had a number of presenters:
- Matt Vlasach – VP of product Jamf
- Mike Kiser Director of Strategy Sailpoint
- Atul Tulshibagwale – CTO of Sgnl
- Dan Hefley – Product Manager at Okta
This was a super interesting session for me as it was all new, but appeared very similar to what Microsoft have developed with their Conditional Access inside of Entra ID.
SSF = Shared Signals Framework
CAEP = Continuous Access Evaluation Framework
A good starting point to learn more is here: Shared Signals Framework and Continuous Access Evaluation Protocol, with the idea being that if you can source real time signals from multiple sources using a shared framework, you can make better decisions around device compliance and take appropriate actions as a result.
- If this….
- Account compromised
- Endpoint infected
- User account is disabled
- Compliance level changes
- Then that….
- Restrict access
- Revoke sessions
- Stepup authentication
- Wipe device
The working group collaboratively created the SSF framework (Shared Signals Working Group – OpenID Foundation) and Jamf have done significant work to embrace this: Shared Signals Framework and Continuous Access Evaluation Protocol
For organisations working in heavily regulated industries I can see the adoption of a solution based on SSF and CAEP as a natural progression to integrate robust device compliance with restrictions to corporate data.
Apple Platform Security
This session was mainly presented by Dan Flynn a security engineer from Apple and was excellent. His focus was very much showcasing the built in security functionality in macOS that MDM and security platforms can adopt. Matt Vlasach from Jamf then showcased how Jamf are leveraging this native “security by default” approach from Apple through their MDM and security products.
One feature that Matt did demonstrate was the ability to do “set and forget” OS updates inside of Jamf now. In other words, rather than needing to define a specific date when updates need to be applied by Apple’s Declarative Device Management (e.g. 30th November), you can now define the number of days post-update release to apply.
In other words, if Apple release an update on 30th November, you can configure an OS update policy to say “allow users to manually update at any point after the release, but use DDM to force it after 14 days” – by stating the number of days (instead of a specific date) then you don’t need to continually manually configure the policy when new updates are released.
This reduces the overhead of managing OS updates significantly.
eSIM Best Practices for iPhone and iPad: Setting the gold standard in mobile security for 2026 and beyond with zero touch global deployment
I was interested to learn more about eSIM management – this ession was presented by 1Global who are a Mobile Virtual Network Operation (MVNO) and had a strong influence of their commerical offerings. Nevertheless, there were some great learnings in this space and seeing the industry shift towards eSIM only.
From Planning To Impact: Implementing Shared iPad with Purpose in Jamf School
This session was presented by Michael Thomson (Jamf Sales Engineer) and was excellent.
I have always felt that Shared iPad was not a great name for the functionality that Apple is offering here (unique user profiles stored on a single iPad vs a standard iPad simply being shared amongst users).
Michael did share a PDF of his session slides which you can access here – this goes into good detail on how local storage on an iPad can be intelligently configured to support a great end user experience in the classroom.