Jamf After Dark

Jamf

Device management is complex. Security threats are constant. Apple ecosystems are evolving fast. Who's managing these challenges? What does it actually take? And most importantly, how do you stay ahead? Welcome to Jamf After Dark, where IT leaders, security professionals and Apple experts tackle the real issues facing organisations today. Join our hosts as they uncover what works, what doesn't, and how to build technology strategies that actually stick. Hear honest conversations about managing devices at scale, securing endpoints, protecting data, and supporting hybrid workforces. New Jamf features and capabilities. Real stories from IT teams solving actual problems. For IT Admins, Mac admins,directors, security specialists, educators and Apple advocates.

  1. -1 j

    Mac Threat Hunting as a Service: Inside Beacon by Jamf Threat Labs

    Most security teams know Windows inside out, but not macOS. Beacon by Jamf Threat Labs hunts the Mac malware and attacker activity your team misses. In this episode of Jamf After Dark, hosts Kat Garbis and Josh Thornton talk with Jaron Bradley, Director of Jamf Threat Labs, about the state of the macOS threat landscape in 2026, and a new service that brings dedicated Mac threat hunting to your environment. If you run a Mac fleet and your team's expertise is mostly Windows or Linux, this one's for you. What You'll Learn: - Why macOS is now a real target: info stealers, malicious search ads, and fake app installers - How Jamf Threat Labs researches malware like GhostClaw and builds detections into Jamf Protect - What Beacon is, how telemetry feeds the hunt, and why human analysts review every alert - Why dedicated macOS expertise matters when Windows-first tools fall short on Mac CHAPTERS: 0:00 Mac Threats and the Jamf After Dark Crew 1:21 Meet Jaron Bradley: From Incident Response to macOS Threat Hunting 4:15 What Is Jamf Threat Labs? Team, Research and Mission 6:51 The State of the macOS Threat Landscape 7:33 Why Mac Is a Growing Target: Info Stealers and Malicious Ads 9:24 How AI Is Changing Both Attack and Defense 11:40 Jamf Threat Labs Research: GhostClaw, Predator and the Aftermath Tool 13:57 Jamf Protect and MI:RIAM: Real-Time Mac and Mobile Detection 14:43 How Attackers Masquerade Malware on macOS (DPRK Tactics) 17:21 Introducing Beacon by Jamf Threat Labs: What It Is and How It Works 19:37 Why Beacon Exists: macOS Threat Hunting as a Service 25:05 What to Expect as a Beacon Customer: Alerts, Detections and Reports 28:00 Real-World Story: Catching APT Activity on a Mac Fleet 29:25 How to Get Started with Beacon 30:47 Wrap-Up and Credits 🔔 Subscribe for more Apple security content from Jamf: Who This Video Is For: - Endpoint security specialists and SecOps analysts responsible for macOS compliance and detection - Security stakeholders and CISOs building or scaling a Mac security program - IT and security teams whose strength is Windows or Linux but who now manage a growing Mac fleet Resources Mentioned: - Beacon by Jamf Threat Labs: jamf.com/blog/beacon-jamf-threat-labs-mac-threat-hunting-service/ - Jamf Threat Labs: jamf.com/threat-labs/ - Jamf Protect: jamf.com/products/jamf-protect/ - Jamf Threat Labs on GhostClaw/GhostLoader: jamf.com/blog/ghostclaw-ghostloader-malware-github-repositories-ai-workflows/ Jamf After Dark is a podcast from Jamf. Reach us at info@jamf.com with the subject line "attention to the podcast." #macsecurity #endpointsecurity #applesecurity #threatdetection #siem #endpointprotection #threathunting #Jamf

    32 min
  2. 22 mai

    Travis County: Why We Moved 1,900+ Apple Devices Back to Jamf

    Travis County's Senior Systems Engineer explains why his team migrated 1,900+ Apple devices back to Jamf after trying a competing MDM, and how Jamf tools caught phishing test emails before users ever saw them. Billy Roberts manages endpoints for Travis County government in Austin, Texas, a hybrid environment with 6,900 Windows devices and nearly 2,000 Apple devices including iPhone, iPad, and Mac computers. In this episode of Jamf After Dark, Billy shares why they left Jamf, what went wrong with their previous MDM, and what brought them back. He also walks through how Jamf Trust quarantined phishing emails before users could even open them, and how Jamf Security Center's detailed app reports eliminated the manual research from their technology assessment program. 🎙️ Jamf After Dark, a podcast from Jamf introducing you to the people, products, and stories behind Apple device management and security. Hosted by Kat Garbis and Josh Thornton. What You'll Learn: Why Travis County chose Jamf over a UEM for Apple device managementHow Jamf Pro responds to configuration changes instantly compared to hours on a competing MDMHow Jamf caught internal phishing test emails before users could see themHow Jamf Security Center's app reports cut their technology assessment timeline by a third 🔔 Subscribe for more device management content from Jamf Resources: MDM Migration Checklist https://www.jamf.com/blog/mdm-migration-checklist/ Jamf Pro https://www.jamf.com/products/jamf-pro/ Jamf Protect https://www.jamf.com/products/jamf-protect/

    44 min
  3. 18 mars

    Mobile Device Attacks: Jamf Mobile Forensics with Chris Deane and Harry Jenkins

    Mobile device security is the biggest blind spot in most organizations, and most IT teams have no way to investigate when something goes wrong. Chris Deane, Senior Sales Engineer for Jamf Security Products, and Harry Jenkins, Senior Sales Manager for Jamf Mobile Forensics, sit down with hosts Kat Garbis and Josh Thornton to talk through what actually happens when a mobile device gets attacked. They cover the full picture: why MDM alone isn't security, how mobile threat defense stops most attacks but not all, and where Jamf Mobile Forensics comes in for the ones that slip through. Plus a deep dive into spyware — Pegasus (NSO Group), Predator (Intellexa), zero-click attacks, why journalists are targeted just as often as executives, and how Jamf Threat Labs builds detection rules for threats that have never been seen before. CHAPTERS: 0:00 Mobile devices are the #1 security blind spot 1:50 Meet the guests: Chris Deane and Harry Jenkins, Jamf Security 2:56 What makes Mobile Security different from endpoint security? 5:08 MDM, Mobile Threat Defense, and Mobile Forensics: the three layers explained 7:18 Why Only 15% of mobile devices are properly secured 9:49 Personal vs. Work: why the blurred lines make mobile security hard to enforce 15:36 Incident Response: what happens when an employee says their phone was attacked? 17:43 What Mobile Forensics actually means, and what Jamf is not looking at 19:57 iOS vs. Android CVEs: 90-120 Apple patches vs. 600-900 Android in 12 Months 22:43 Spyware: What Predator and Pegasus actually do to your mobile device 25:37 Targeted malvertising and the shift from One-Click to Zero-Click Attacks 29:07 Who gets targeted: executives, journalists, and travelers in High-Risk countries 33:20 How Jamf Threat Labs detects unknown threats using behavioral analysis 36:43 AI Analysis in Jamf Mobile Forensics: deeper insights without Forensic skills Subscribe for Apple device management and security insights #MobileSecurity #Spyware #EndpointSecurity #mobileforensics #cybersecurity #Jamf

    40 min
  4. 20 févr.

    Platform SSO and Okta: Identity Meets Jamf Device Management on Mac

    Okta's Dan Hefley (https://www.linkedin.com/in/dan-hefley), Senior Product Manager for Device Access, explains how Platform SSO brings enterprise identity to the Mac. From day-zero Setup Assistant enrollment in macOS 26 to device bound SSO using secure enclave keys, Dan covers what IT teams need to know about deploying Platform SSO with Okta and Jamf. Dan shares his perspective as a former MDM admin turned identity product manager, discusses how device bound SSO prevents session hijacking with hardware-backed keys, and explains why the Shared Signals Framework between Okta and Jamf creates layered security. Hosts Josh Thornton and Kat Garbis explore what this means for organizations managing Apple fleets. 1:44 Meet Dan Hefley - Senior Product Manager at Okta 5:00 What Is Okta? Vendor-Neutral Identity Provider Overview 6:23 Why Identity and Device Security Go Hand in Hand 7:21 What Is Platform SSO? Native macOS Framework Defined 8:07 Evolution from Jamf Connect Basic to Platform SSO 9:15 Why Platform SSO Was 9:47 Platform SSO in Setup Assistant 10:08 Day-Zero Enrollment Flow - ABM to Jamf to Okta MFA 11:43 Solving Enrollment Friction with Separated Device and User Registration 12:18 Password Syncing Benefits 16:40 How Device Bound SSO Prevents Session Hijacking 17:53 Identity Threat Protection and Continuous Authentication 18:06 Shared Signals Framework - Okta and Jamf Working Together 20:40 Okta FastPass and Passwordless Authentication on Mac 21:20 Device Bound SSO Completes the Day-Zero Story 22:30 Getting Started - Requirements and Deployment Considerations 26:26 Okta's Platform SSO Roadmap and Future Direction 27:43 Key Takeaway - Identity and Device Teams Belong in the Same Room RESOURCES: - Mac Admins Slack - Platform SSO Channel: https://macadmins.slack.com - IAMSE Blog - Okta Integration Guides: https://iamse.blog - Jamf Learning Hub: https://learn.jamf.com/ - Jamf and Okta integrations: https://www.jamf.com/integrations/okta/ Subscribe for Apple device management and security insights WHO THIS IS FOR: IT administrators and security teams managing Mac fleets in enterprise environments. Relevant if you're evaluating Platform SSO with Okta, migrating from Jamf Connect Basic, or planning identity integration for zero-touch Mac deployment. #Okta #Jamf #macossecurity #AppleSecurity #DeviceBoundSSO #macOS #IdentityManagement #PlatformSSO #ZeroTouchDeployment #JamfAfterDark #EnterpriseSecurity #MacAdmin #TrustedAccess #podcast

    31 min
  5. 19/12/2025

    I Have No Idea What Terraform Is - Infrastructure as Code for Mac Admins

    If you're clicking through Jamf Pro configs manually, you're about to learn why that's becoming a problem. Security teams are starting to ban console access. MSPs are wasting hours rebuilding the same configs for each client. And organizations scaling to hundreds of Macs are drowning in manual changes with zero audit trail. Ryan Legg, Jamf's Solutions Engineer for Infrastructure as Code, breaks down how Terraform lets you manage your entire Jamf environment through code instead of clicking. Whether you're managing 50 Macs or 5,000, here's why this matters NOW. CHAPTERS 4:45 What is Infrastructure as Code - Explained for Non-Coders 8:15 What is Terraform and Why It Exists 11:30 How Terraform Talks to the Jamf API (Without You Writing Scripts) 14:45 Jamf Terraform Provider - 2+ Years in Development 18:20 Version Control for Configs - Git, Testing, Rollback 21:40 Why This Matters - Audit Trails, No Manual Errors, Scalability 24:30 MSP Use Case - Deploy to Multiple Clients in Minutes 27:15 Enterprise Use Case - Manage Hundreds of Configs with Code 30:10 Small Team Use Case - Document Everything as You Build 34:00 Why Every Admin Should Learn This NOW - The Future is Code 37:13 Getting Started - Resources and Documentation 39:09 Wrap-Up - Where to Get Help What You Learn: 4:45 "Treating your Jamf config like a software project" - what that actually means 18:20 Multiple admins can submit changes through pull requests - no more stepping on each other 24:30 MSPs: Stop rebuilding configs manually - use one Terraform module across all clients 30:10 - Small teams: Codify early so the next person doesn't start from zero 34:00 - "Organizations are requiring admins OUT of consoles" - security trend you need to know   RESOURCES: Jamf Concepts (Start Here): https://concepts.jamf.com Trusted by Jamf (Tutorials): https://trusted.jamf.com  Jamf Developer Portal: https://developer.jamf.com MacAdmins Slack: https://macadmins.org   WHO NEEDS TO WATCH: Mac Admins who manually configure Jamf Pro (you're wasting time) MSPs managing multiple Jamf instances (you're rebuilding the same thing repeatedly) IT teams scaling past 500+ devices (manual configs won't scale)   Jamf After Dark: A podcast about managing Apple devices, hosted by Kat Garbis and Josh Thornton. Guest: Ryan Legg, Solutions Engineer III at Jamf #JamfAfterDark #Terraform #JamfPro

    42 min
  6. 05/12/2025

    How WorkBrew Solves Homebrew Security & Compliance for Mac Developers

    John Britton, CEO of WorkBrew, joins Jamf After Dark to discuss how organizations can solve the security, compliance, and management challenges of using the open-source package manager Homebrew on macOS at scale. This episode is a must-listen for any IT or Security leader managing a fleet of Mac devices used by software engineers. Learn how WorkBrew provides visibility, governance, and automated security workflows for developer tools, all while integrating seamlessly with Jamf Pro. What You'll Learn: The security and compliance risks of unmanaged Homebrew in the enterprise. How WorkBrew provides visibility, remote management, and security for Homebrew. The seamless integration between Jamf Pro and WorkBrew for deployment and device group management. How to enable developers to use Homebrew as standard (non-admin) users on macOS. Strategies for distributing and managing private, internal company tools via Homebrew taps. The end-user experience for a developer when a company adopts WorkBrew. Featured Guest: John Britton: Co-founder and CEO of WorkBrew, a platform for securing and managing Homebrew in the enterprise. John is a software engineer with deep expertise in developer tools and experience. He is a contributor to the open-source Homebrew project and is passionate about enhancing developer productivity while meeting enterprise security standards. 0:00:00 - Introduction: Managing Your Digital Tools 0:04:01 - What is Homebrew? The "App Store for Developers" on Mac 0:05:24 - The Challenge: Why Homebrew Creates Risk for IT & Security Teams 0:08:12 - The Solution: What is WorkBrew and How Does it Help? 0:12:19 - Core Features: Deployment, Visibility, Management & Security 0:14:45 - How WorkBrew Benefits Engineers, IT Admins, and Security Teams 0:17:35 - How WorkBrew Integrates with Jamf for Deployment & Policy Management 0:22:55 - Advanced Use Case: Managing Private & Internal Company Packages 0:25:41 - The Developer Experience: Migrating from Homebrew to WorkBrew 0:28:58 - A Major Win: Enabling Homebrew for Standard (Non-Admin) Users 0:32:33 - The Rise of Mac in the Enterprise & Employee Choice 0:36:39 - How to Get Started with WorkBrew (Including the Free Plan) 0:38:58 - Final Thoughts & Key Takeaways Read more: Get started with WorkBrew's free and paid plans: https://workbrew.com/ Join the Mac Admins Foundation Slack Community: https://www.macadmins.org/ Learn more about Jamf Pro: https://www.jamf.com/products/jamf-pro/ #Jamf #WorkBrew #Homebrew #MacAdmins #EndpointSecurity

    41 min

À propos

Device management is complex. Security threats are constant. Apple ecosystems are evolving fast. Who's managing these challenges? What does it actually take? And most importantly, how do you stay ahead? Welcome to Jamf After Dark, where IT leaders, security professionals and Apple experts tackle the real issues facing organisations today. Join our hosts as they uncover what works, what doesn't, and how to build technology strategies that actually stick. Hear honest conversations about managing devices at scale, securing endpoints, protecting data, and supporting hybrid workforces. New Jamf features and capabilities. Real stories from IT teams solving actual problems. For IT Admins, Mac admins,directors, security specialists, educators and Apple advocates.

Vous aimeriez peut‑être aussi