Learn how to build automated security remediation workflows that detect threats and enable user self-remediation without IT involvement. Lionel Gruenberg and Peter Argyle (Learning Experience Designers, Jamf Customer Education) demonstrate enterprise-grade response workflows using Jamf Pro, Jamf Protect, Jamf Security Cloud, and Jamf Connect #ZTNA See two complete workflow builds: macOS threat detection responding to malicious file extensions, and iOS/iPadOS passcode removal triggering automatic network isolation—both with user-initiated recovery paths.
Discover how to leverage analytics in #JamfProtect to detect suspicious behavior, use extension attributes and smart groups to trigger automated responses, implement content filtering policies that restrict network access during incidents, and configure Zero Trust Network Access policies based on device risk scores. Perfect for enterprise IT and security teams seeking scalable threat containment strategies that minimize operational overhead while maintaining rapid time-to-containment.
What You'll Learn:
► Understanding workflow fundamentals: predefined sequences detecting, responding to, and resolving security threats
► Building macOS workflow: detecting file extensions with trailing spaces that execute malicious scripts
► Configuring Jamf Protect analytics with unique identifiers triggering smart group membership
► Creating content filtering policies in Jamf Security Cloud to block all traffic except critical Apple/Jamf services
► Using UEM Connect to map Jamf Pro smart groups to Security Cloud device groups for automated enforcement
► Setting up webhooks for real-time synchronization between Jamf Pro and Security Cloud
► Building iOS/iPadOS workflow: responding to passcode removal with app restrictions and network isolation
► Deploying risk-based wallpapers (secured, low, medium, high) to visually communicate device status
► Configuring Jamf Connect ZTNA access policies permitting only low-risk devices to corporate resources
► Enabling user self-remediation through Jamf Self Service and web clips with support documentation
#securityframework #securityautomation #jamfprotect #threatprevention #threatmanagement #zerotrust #jamfconnect #enterprisesecurity #enterprisemobilitysecurity
0:00 Introduction: Human Error and Time-to-Containment Statistics
1:50 Defining Security Remediation Workflows
3:04 Scenario 1: Malicious PDF Script on macOS
5:00 Building macOS Workflow: Jamf Protect Analytics Configuration
7:22 Setting Up Self Service Remediation Policy
8:19 Configuring Network Isolation in Jamf Security Cloud
9:55 Mapping Smart Groups with UEM Connect
10:18 Creating Webhooks for Real-Time Synchronization
11:01 macOS Workflow Demo: Detection, Isolation, and User Remediation
12:39 Scenario 2: Passcode Removal on iOS/iPadOS
14:07 Building iOS Workflow: Custom Extension Attributes and Smart Groups
17:14 Deploying Configuration Profile with App Restrictions
18:20 Assigning UEM Tags to Threat Categories
20:21 Configuring ZTNA Access Policies Based on Device Risk Scores
22:19 Setting Up Device Risk UEM Signaling
24:36 iOS Workflow Recap: User-Initiated Remediation
26:05 Workflows as Part of Comprehensive Security Strategy
27:27 Training Resources: JLU 170, 270, and 370 Courses
Who This Video Is For:
► Enterprise IT administrators building automated security response capabilities
► Security operations teams seeking to reduce manual incident response workload
► Jamf admins new to security workflows and threat containment strategies
► Organizations implementing Zero Trust security architectures with Apple devices
► Teams managing BYOD or shared device programs requiring rapid threat isolation
Key Technologies Covered:
Jamf Pro smart groups, Jamf Protect analytics, Jamf Security Cloud content filtering, UEM Connect, Jamf Connect Zero Trust Network Access (ZTNA), extension attributes, webhooks, device risk scoring, configuration profiles, Self Service policies, mobile device restrictions
Related Topics:
Automated threat response, security orchestration, device isolation workflows, user self-remediation, Zero Trust security, endpoint detection and response (EDR), security incident containment, Apple device security automation
Информация по комментариям в разработке