Mobile Device Attacks: Jamf Mobile Forensics with Chris Deane and Harry Jenkins

Mobile device security is the biggest blind spot in most organizations, and most IT teams have no way to investigate when something goes wrong.Chris Deane, Senior Sales Engineer for Jamf Security Products, and Harry Jenkins, Senior Sales Manager for Jamf Mobile Forensics, sit down with hosts Kat Garbis and Josh Thornton to talk through what actually happens when a mobile device gets attacked. They cover the full picture: why MDM alone isn't security, how mobile threat defense stops most attacks but not all, and where Jamf Mobile Forensics comes in for the ones that slip through. Plus a deep dive into spyware — Pegasus (NSO Group), Predator (Intellexa), zero-click attacks, why journalists are targeted just as often as executives, and how Jamf Threat Labs builds detection rules for threats that have never been seen before.CHAPTERS:0:00 Mobile devices are the #1 security blind spot1:50 Meet the guests: Chris Deane and Harry Jenkins, Jamf Security2:56 What makes Mobile Security different from endpoint security?5:08 MDM, Mobile Threat Defense, and Mobile Forensics: the three layers explained7:18 Why Only 15% of mobile devices are properly secured9:49 Personal vs. Work: why the blurred lines make mobile security hard to enforce15:36 Incident Response: what happens when an employee says their phone was attacked?17:43 What Mobile Forensics actually means, and what Jamf is not looking at19:57 iOS vs. Android CVEs: 90-120 Apple patches vs. 600-900 Android in 12 Months22:43 Spyware: What Predator and Pegasus actually do to your mobile device25:37 Targeted malvertising and the shift from One-Click to Zero-Click Attacks29:07 Who gets targeted: executives, journalists, and travelers in High-Risk countries33:20 How Jamf Threat Labs detects unknown threats using behavioral analysis36:43 AI Analysis in Jamf Mobile Forensics: deeper insights without Forensic skillsSubscribe for Apple device management and security insights#MobileSecurity #Spyware #EndpointSecurity #mobileforensics #cybersecurity #Jamf

Okta's Dan Hefley (https://www.linkedin.com/in/dan-hefley), Senior Product Manager for Device Access, explains how Platform SSO brings enterprise identity to the Mac. From day-zero Setup Assistant enrollment in macOS 26 to device bound SSO using secure enclave keys, Dan covers what IT teams need to know about deploying Platform SSO with Okta and Jamf. Dan shares his perspective as a former MDM admin turned identity product manager, discusses how device bound SSO prevents session hijacking with hardware-backed keys, and explains why the Shared Signals Framework between Okta and Jamf creates layered security. Hosts Josh Thornton and Kat Garbis explore what this means for organizations managing Apple fleets. 1:44 Meet Dan Hefley - Senior Product Manager at Okta 5:00 What Is Okta? Vendor-Neutral Identity Provider Overview 6:23 Why Identity and Device Security Go Hand in Hand 7:21 What Is Platform SSO? Native macOS Framework Defined 8:07 Evolution from Jamf Connect Basic to Platform SSO 9:15 Why Platform SSO Was 9:47 Platform SSO in Setup Assistant 10:08 Day-Zero Enrollment Flow - ABM to Jamf to Okta MFA 11:43 Solving Enrollment Friction with Separated Device and User Registration 12:18 Password Syncing Benefits 16:40 How Device Bound SSO Prevents Session Hijacking 17:53 Identity Threat Protection and Continuous Authentication 18:06 Shared Signals Framework - Okta and Jamf Working Together 20:40 Okta FastPass and Passwordless Authentication on Mac 21:20 Device Bound SSO Completes the Day-Zero Story 22:30 Getting Started - Requirements and Deployment Considerations 26:26 Okta's Platform SSO Roadmap and Future Direction 27:43 Key Takeaway - Identity and Device Teams Belong in the Same Room RESOURCES: - Mac Admins Slack - Platform SSO Channel: https://macadmins.slack.com - IAMSE Blog - Okta Integration Guides: https://iamse.blog - Jamf Learning Hub: https://learn.jamf.com/ - Jamf and Okta integrations: https://www.jamf.com/integrations/okta/ Subscribe for Apple device management and security insights WHO THIS IS FOR: IT administrators and security teams managing Mac fleets in enterprise environments. Relevant if you're evaluating Platform SSO with Okta, migrating from Jamf Connect Basic, or planning identity integration for zero-touch Mac deployment. #Okta #Jamf #macossecurity #AppleSecurity #DeviceBoundSSO #macOS #IdentityManagement #PlatformSSO #ZeroTouchDeployment #JamfAfterDark #EnterpriseSecurity #MacAdmin #TrustedAccess #podcast

Educators: ever wonder why certain apps are on your classroom iPads? App Catalog shows you the why behind every app, plus how other teachers use them. We also discuss Jamf's Matter Innovation Hubs - free community learning centers operated in collaboration with Jamf in the US and internationally. These hubs focus on technology-enhanced, student-centered learning and serve educators, students, and communities through hands-on programs and the Matter Career Readiness Institute. GUEST: Kelly Watkins Conrad - Senior Program Engineer, Jamf Community Education (manages devices across all Matter Hub locations globally, 14 years at Jamf) CHAPTERS 2:00 Meet Kelly Watkins Conrad: Jamf Senior Program Engineer 3:20 What Are Matter Innovation Hubs? 5:45 Matter Hub Global Locations 9:24 The Problem - Teachers Can't Find Apps They Need 16:51 Main Benefit - See Why Apps Were Chosen 18:00 Sharing Teacher Use Cases Within Districts 21:25 2026 Expansion - Stay tuned! #JamfSchool #AppCatalog #EdTech #matterngo 

If you're clicking through Jamf Pro configs manually, you're about to learn why that's becoming a problem. Security teams are starting to ban console access. MSPs are wasting hours rebuilding the same configs for each client. And organizations scaling to hundreds of Macs are drowning in manual changes with zero audit trail. Ryan Legg, Jamf's Solutions Engineer for Infrastructure as Code, breaks down how Terraform lets you manage your entire Jamf environment through code instead of clicking. Whether you're managing 50 Macs or 5,000, here's why this matters NOW. CHAPTERS 4:45 What is Infrastructure as Code - Explained for Non-Coders 8:15 What is Terraform and Why It Exists 11:30 How Terraform Talks to the Jamf API (Without You Writing Scripts) 14:45 Jamf Terraform Provider - 2+ Years in Development 18:20 Version Control for Configs - Git, Testing, Rollback 21:40 Why This Matters - Audit Trails, No Manual Errors, Scalability 24:30 MSP Use Case - Deploy to Multiple Clients in Minutes 27:15 Enterprise Use Case - Manage Hundreds of Configs with Code 30:10 Small Team Use Case - Document Everything as You Build 34:00 Why Every Admin Should Learn This NOW - The Future is Code 37:13 Getting Started - Resources and Documentation 39:09 Wrap-Up - Where to Get Help What You Learn: 4:45 "Treating your Jamf config like a software project" - what that actually means 18:20 Multiple admins can submit changes through pull requests - no more stepping on each other 24:30 MSPs: Stop rebuilding configs manually - use one Terraform module across all clients 30:10 - Small teams: Codify early so the next person doesn't start from zero 34:00 - "Organizations are requiring admins OUT of consoles" - security trend you need to know   RESOURCES: Jamf Concepts (Start Here): https://concepts.jamf.com Trusted by Jamf (Tutorials): https://trusted.jamf.com  Jamf Developer Portal: https://developer.jamf.com MacAdmins Slack: https://macadmins.org   WHO NEEDS TO WATCH: Mac Admins who manually configure Jamf Pro (you're wasting time) MSPs managing multiple Jamf instances (you're rebuilding the same thing repeatedly) IT teams scaling past 500+ devices (manual configs won't scale)   Jamf After Dark: A podcast about managing Apple devices, hosted by Kat Garbis and Josh Thornton. Guest: Ryan Legg, Solutions Engineer III at Jamf #JamfAfterDark #Terraform #JamfPro

John Britton, CEO of WorkBrew, joins Jamf After Dark to discuss how organizations can solve the security, compliance, and management challenges of using the open-source package manager Homebrew on macOS at scale. This episode is a must-listen for any IT or Security leader managing a fleet of Mac devices used by software engineers. Learn how WorkBrew provides visibility, governance, and automated security workflows for developer tools, all while integrating seamlessly with Jamf Pro. What You'll Learn: The security and compliance risks of unmanaged Homebrew in the enterprise. How WorkBrew provides visibility, remote management, and security for Homebrew. The seamless integration between Jamf Pro and WorkBrew for deployment and device group management. How to enable developers to use Homebrew as standard (non-admin) users on macOS. Strategies for distributing and managing private, internal company tools via Homebrew taps. The end-user experience for a developer when a company adopts WorkBrew. Featured Guest: John Britton: Co-founder and CEO of WorkBrew, a platform for securing and managing Homebrew in the enterprise. John is a software engineer with deep expertise in developer tools and experience. He is a contributor to the open-source Homebrew project and is passionate about enhancing developer productivity while meeting enterprise security standards. 0:00:00 - Introduction: Managing Your Digital Tools 0:04:01 - What is Homebrew? The "App Store for Developers" on Mac 0:05:24 - The Challenge: Why Homebrew Creates Risk for IT & Security Teams 0:08:12 - The Solution: What is WorkBrew and How Does it Help? 0:12:19 - Core Features: Deployment, Visibility, Management & Security 0:14:45 - How WorkBrew Benefits Engineers, IT Admins, and Security Teams 0:17:35 - How WorkBrew Integrates with Jamf for Deployment & Policy Management 0:22:55 - Advanced Use Case: Managing Private & Internal Company Packages 0:25:41 - The Developer Experience: Migrating from Homebrew to WorkBrew 0:28:58 - A Major Win: Enabling Homebrew for Standard (Non-Admin) Users 0:32:33 - The Rise of Mac in the Enterprise & Employee Choice 0:36:39 - How to Get Started with WorkBrew (Including the Free Plan) 0:38:58 - Final Thoughts & Key Takeaways Read more: Get started with WorkBrew's free and paid plans: https://workbrew.com/ Join the Mac Admins Foundation Slack Community: https://www.macadmins.org/ Learn more about Jamf Pro: https://www.jamf.com/products/jamf-pro/ #Jamf #WorkBrew #Homebrew #MacAdmins #EndpointSecurity

Katie English & Chris Schasse discuss JNUC 2025 highlights: Platform SSO, Blueprints updates, AI security features, and macOS Tahoe improvements.   What You'll Learn: Platform API updates enabling third-party integrations with Jamf Blueprints and compliance features Platform SSO implementation replacing traditional Jamf Connect workflows Automated software update workflows through Jamf Blueprints AI Assistant capabilities for macOS security alerts and configuration profile analysis macOS Tahoe (macOS 15) and iOS 18 security enhancements Cybersecurity best practices for October 2025 Cybersecurity Awareness Month   Featured Guests: Katie English - Principal Product Manager at Jamf, former Jamf After Dark podcast host, expert in Apple device management and security product development Chris Schasse - Owner and Lead Technician at Rocketman Tech, former Jamf Professional Services team member, Jamf-focused MSP specialist, host of the Launchpad meetup Read more: https://www.jamf.com/blog/macos-26-platform-sso-simplified-setup/ https://www.jamf.com/blog/introducing-jamfs-ai-assistant/ https://www.jamf.com/blog/getting-to-know-declarative-management/   0:00 Introduction: Welcome Back from JNUC 2025 2:09 Cybersecurity Month Discussion 5:15 JNUC 2025 Highlights: Platform API & Blueprints 8:30 Platform SSO: The Future of Mac Identity Management 16:00 Jamf Account OIDC Migration Challenges 18:30 Blueprints Automated Software Updates 21:40 AI Assistant: Security Alerts & Configuration Analysis 32:15 Apple OS Updates: macOS Tahoe & iOS 18 35:05 Platform SSO vs Jamf Connect Strategy 39:40 Security Best Practices for Cybersecurity Month 44:20 New iPhone 16 Features & Hardware Security 47:00 Closing Thoughts & Resources   #Jamf #WorkBrew #Homebrew #MacAdmins #EndpointSecurity

200+ agents, 24/7 global coverage and AI assist. Explore how Jamf cut first response from 7 hours to under 10 minutes. Jamf After Dark hosts Kat Garbis and Josh Thornton sit down with Lisa Akerson (VP, Global Technical Support) and CJ Krueger (Sr. Program Manager, Technical Support) to unpack what's new in Jamf Support: an Intercom-powered omnichannel experience, AI assistance for common questions, and faster routing so customers reach the right expert, fast.   Highlights 200+ highly skilled support agents. Since the new portal launched June 20: 28,952 new support conversations and ~98,000 replies across chat/phone/email; 9,758 tickets for complex issues. AI Agent already resolved ~4,500 conversations (Standard Support chat). First response time improved from ~7 hours to <10 minutes after the Intercom move.   Guests Lisa Akerson, VP Global Technical Support at Jamf CJ Krueger, Sr. Program Manager, Technical Support at Jamf

Join co-hosts Josh Thornton and Kat Garbis along with members of the Jamf events team to discuss JNUC 2025. Jeff Ovik (Sr. Event Specialist) and Kelsey Dahl (Sr. Event Specialist) join the podcast to help discuss what listeners can expect at JNUC 2025. From hotel accommodations, things to do in Denver, Braindates, session topics, the Global Partner Summit, Level Up, and of course — the JNUC party, the team unpacks all the exciting things that will happen at JNUC.   Need help getting approval to go? The team discusses money saving strategies, JNUC value-adds, as well as the helpful "Convince Your Boss" letter.  Important links: Register for JNUC 2025 Grab cool JNUC 2025 Swag Store  

Join co-hosts Kat Garbis & Josh Thornton with Jamf guests, Iulia Arghir (Senior Product Manager) and Alexander Dove (Senior Sales Engineer) as they introduce and unpack the exciting details of a new feature, Network Relay.  Network Relay provides a modern VPN framework, built into the OS and deployable via MDM. Rather than replacing an existing VPN all together, Network Relay can work alongside it, securing admin specified destinations, helping modernize and better secure an existing infrastructure. Network Relay preserves the native Apple device experience that users expect. Some benefits are the support for app-specific, policy-driven tunneling, authenticated based on the hardware-attested device identity, ideal for Zero Trust as well as secure remote connectivity available out of the box.   Listen to the full episode to learn more!   Looking to sign up and be an early Network Relay adopter? Sign up here: https://forms.office.com/r/wfWk5RmMGc   Network Relay blog: https://www.jamf.com/blog/jamf-network-relay-service-mobile-secure-connectivity/

Join host, Kat Garbis, with special guest, Matt Jerome (Sr. Engineer Desktops, Fanatics) to discuss a common scenario in the Mac Admin world: inheriting a Jamf instance.  You didn't build the Jamf Pro instance — someone else did. Perhaps they built it but not quite in the way you would have done it.  Maybe the instance came through an acquisition, someone left the organization, regardless, this happens  and is usually met with some questions and requires a strategy to navigate. Matt Jerome has plenty of experience in this and created a process of how to navigate inheriting an instance. Matt shares steps he has found to be repeatable and guidance on how to make this as easy as possible.    Please find a list of cited resources in this episode: Tech Thoughts article: https://community.jamf.com/t5/tech-thoughts/from-huh-to-h-e-r-o/ba-p/341348 Installomator: https://github.com/Installomator/Installomator Setup your Mac: https://github.com/setup-your-mac/Setup-Your-Mac Nudge: https://github.com/macadmins/nudge Superman: https://github.com/Macjutsu/super App Auto Patch: https://github.com/App-Auto-Patch/App-Auto-Patch