Sophos Jamf



The essential guide to Australian IT Distributors. Search for distributors by product category, vendor partners, location, or name. Find out about distributor events in your location. 『Jamf Pro』の製品概要・料金価格のご案内です。IT-EXchangeはIT商材の販売・導入をご検討のお客さまへ、お得な情報をお届けするサイトです。ソフトバンクグループ創業事業であるSB C&Sの強みを活かし、最適なソリューションをワンストップでご提供いたします。. ‎OTP Auth adds support for two-factor authentication to your iPhone and iPad. It can be used with Dropbox, Facebook, GitHub, Google Mail and many more. Make your accounts safe again! Features: - Ads free - Encrypted iCloud Sync - Siri Support - Apple Watch support - Notification Center widget - Safa.

Jamf Now, formerly Bushel, is a cloud-based Mobile Device Management (MDM) solution for the iPads, iPhones, and Macs in your workplace. Jamf Now makes device management accessible and affordable for everyone, so businesses can support their users without help from IT.

The latest operating system from Apple, macOS11 Big Sur, has arrived and it brings with it a few significant architecture modifications. In this article, we will take a look at these changes, as well as some of the things you might consider doing to automate much of the deployment of Intercept X on macOS.

These changes started to appear with macOS Catalina (10.15) – Apple is beginning to deprecate the use of system wide kernel extensions in favour of user space system extension APIs. This allows software like network extensions and endpoint security solutions to extend the functionality of macOS without requiring kernel-level access.

An interesting third party review of some of the most significant changes in the last decade Apple have recently introduced can be found here.

Unfortunately, we didn’t have a GA version of Intercept X for Mac available on the first day of release. The good news is that we now have an Early Access Program (EAP) available in Central, whereby customers can nroll devices running macOS11 in order to receive a pre-release version of Sophos Endpoint v10.0.2.

TIP: As you can appreciate, we don’t typically recommend using EAP (pre-release) software on a production system. If you would like to prevent users from upgrading to BigSur AND if you or your customer are using Sophos Endpoint, then it’s worth noting that the SophosLabs have added an Application Control detection for the Big Sur installer. This means that you can control its rollout by blocking the application – the installer is classified as a “System Tool”.

Most of you are probably aware of the process on how to join an EAP and then enroll devices, however if you would like some info on this process click here. Typically, we don’t make EAPs available to Sophos Central MSP accounts, however given that some customers may be purchasing new Apple hardware that comes pre-shipped running Big Sur, we have extended the EAP to MSP customers too.

About new hardware, the following Macintosh models (at the time of writing) use the new Apple M1 ARM-based system chipset:

  • MacBook Air (M1, 2020)
  • Mac mini (M1, 2020)
  • MacBook Pro (13-inch, M1, 2020)

Sophos Intercept X for Mac does not natively support this new chipset; however, it can be made to work using a piece of backwards compatibility software called Rosetta 2. This software needs to be installed on the Mac before joining it to the EAP and it updating to 10.0.2. More info on this process is also covered in the EAP community post above.

On testing the deployment of Intercept X on a brand new macOS11 device, I found the installation routine quite user intensive with several prompts required to allow permissions etc. before a complete protected state could be achieved.

There are several things that can be done to reduce these prompts, specifically using an MDM provider (such as Sophos Mobile or JAMF) to essentially pre-trust extensions using the Sophos ‘Teams ID’ of 2H5GFH3774. This is a trusted ID that is used in the development of Sophos code, to automatically whitelist our software:

I found that this configuration made the deployment of Intercept X for Mac on macOS Catalina and older, virtually ‘silent’. There were still some prompts that required user interaction when deploying on Big Sur, however this will still down on the amount of interaction required without any applied MDM settings.

Sophos

Our wonderful professional services team have also created a number of scripts to use with JAMF to automate deployment on Macs. Info on this can be found here.

Sophos

Expect to see some more information in the new year, once a GA version of 10.0.2 for Mac is available, on how to automate the deployment further.

Note: Under a new university-wide contract, Sophos Intercept X Advanced is replacing McAfee endpoint protection at UMass Amherst. More information will follow.
For questions, contact the IT professional in your department as applicable, or IT User Services.

This page is intended to provide information to campus IT administrators or people interested in technical aspects of the foundational information security controls.

The foundational information security controls include:

  • Anti-virus software
  • Patching & central management of University-owned computers
  • Data encryption
  • Firewalls
  • Secure Disposal

For more information on the project, refer to the Information Security Controls page.

Anti-virus

Sophos anti-virus software helps prevent and detect malicious software (malware/viruses) on computers. Many viruses enable malicious attackers remote access to computers, capture keystrokes including passwords and other sensitive data, share information from web pages being viewed, or search computers for sensitive data. Detecting and preventing these infections helps reduce the risk of data breaches.

Additional Resources:
Use Anti-Virus Software (download Sophos anti-virus)

Jamf Sophos Central

Patching & Central Management of University-Owned Computers

Central management of university-owned desktops and laptops allows systems administrators to maintain inventories of university-owned computers, configure consistent security settings on university-owned computers, and install and patch software. UMASS IT provides KACE and Casper software to campus departments to help facilitate patching and central management.

KACE

The KACE software facilitates central management and inventory of endpoint Windows and Mac computers. The KACE software will allow systems administrators to initially deploy a consistent operating system image and baseline configuration to Windows computers, and install and patch the software on both Windows and Mac computers. Maintaining a software and hardware inventory, deploying a consistent configuration and enforcing patching of the operating system and software applications help reduce the risk of compromise and data breach.

The KACE software consists of a central console that campus IT Administrators use to manage their computing assets, and a software agent that runs on Windows, Mac and Linux desktop and laptop computers.

JAMF (previously known as Casper)

The JAMF software facilitates central management and inventory of endpoint Apple/Macintosh computers. It provides a similar function as KACE, such as consistent initial configuration, and consistent configuration of security controls to help reduce the risk of compromise and data breach to Apple/Macintosh computers.

Data Encryption

Encryption software uses strong mathematical algorithms to encrypt (scramble) data, rendering it unreadable to anyone who does not have the key (passphrase) to decrypt (unscramble) the data. Encryption makes it difficult for unauthorized individuals to access encrypted files, folders or computers, and reduces the risk of data breaches in the event a computer is lost or stolen.

Additional Resources:
Data Encryption at UMass Amherst

Firewalls

Host-based and network-based firewall help block incoming network attacks. Firewall should be configured to allow only network traffic that is necessary for the operation of the service.

Sophos Jamf Catalina

Please contact security@umass.edu for more information on centrally-managed firewalls.

Sophos

Secure Disposal

Securely disposing of computing devices and media helps prevent unauthorized disclosure of institutional information and research data. Refer to the UMASS Procurement and Waste Management guidelines on secure disposal of electronic equipment and the UMASS IT guidelines on secure media disposal.

Additional Security Controls

Uninstall Sophos Jamf

Additional controls may be required based on the categorization of the information or data, the nature of the information technology resource, the applicable regulatory or contractual requirements, or other risk management calculations.

Please contact security@umass.edu for more information about implementing these security controls in your department.