Effective May 23, 2024, macOS devices must be enrolled in Jamf to remain compliant with Stanford’s device security policies — even if the device has BigFix installed.
How to take action
- Confirm Jamf enrollment. If you're unsure if a device is enrolled in Jamf, follow these steps to check:
1. Choose Apple menu > System Settings.
2. Select "Privacy and Security" in the sidebar.
3. Click "Profiles" on the right (you may need to scroll down).
4. Check to ensure the Stanford Device Management Profile is installed. - Enroll in Jamf. Use the Stanford Device Registration (SDR) app or follow the instructions for macOS Web Enrollment to enroll a macOS device in Jamf.
- Don't delay. Devices should be enrolled before the May 23 deadline to ensure no work disruption. If the deadline is missed, regular reminders will be sent for a grace period of at least 30 days before enforcement action is taken.
A closer look at what’s changing
Previously, macOS devices could achieve compliance by enrolling in Jamf or installing BigFix. However, with the evolving technological landscape, the university is updating its compliance requirements to further enhance security and align IT infrastructure.
As a result, macOS devices that only have BigFix installed will no longer qualify as compliant.
This change will impact approximately 1,000 macOS users in the Stanford community.
Are there alternatives to Jamf?
Those who do not work with High Risk Data have the option to use an alternative called VLRE instead of Jamf. However, if using VLRE, the responsibility for configuration changes and software patching falls entirely on the individual. To understand if data falls into the High Risk category, review Stanford’s Risk Classifications.
More about Jamf for Macs at Stanford
In June 2021, University IT began enrolling Stanford-affiliated macOS devices in Jamf in phased deployments. Today, over 30,000 Macs are enrolled in Jamf.
Questions
If you have questions or need assistance, please submit a Help ticket.
