JNUC 2025: Jamf Acquisition, Automation, and the Future of Mac Admin Roles

Seven shifts shaping the “Apple-at-work” landscape

Four days. Hundreds of sessions. Dozens of hallway chats, and a few very good Happy Hours. If there was one shared sentiment echoing through the halls at JNUC this year, it was this:

“Everything’s changing — and no one has enough time.”

The Mac admin world has evolved from a tidy collection of tools and policies into a sprawling ecosystem of code, identity, and automation. The question isn’t if teams will modernize - it’s how fast they can do it safely.

Three weeks after JNUC, Jamf’s $2.2 B acquisition by Francisco Partners made those hallway conversations about identity+device convergence, declarative management, and automation even more timely. If Jamf’s new owners invest in these areas, and retain the company’s long term commitment to the partner ecosystem, the future of Apple-at-work will remain bright. Let’s hope they are here to help move the community and the ecosystem forward.

We left JNUC with 7 clear themes from automation and identity, to security and developer–IT alignment which are shaping the future of the Mac Admin role.

‍^{Note: Throughout the post, we link to sessions from the JNUC 2025 catalog. These entries have full session recordings, but are only available to logged in users. Creating an account is free.}

1. “Developer Empowerment” Meets “IT Control”

Developer workflows were everywhere. Sessions like Mac Admin Apps: The Greatest Hits Vol. 1 and our very own John Britton in Workbrew: How to Unite Developers, IT Administrators, and Security Professionals highlighted the rise of “developer-first IT”. Environments where Homebrew, GitHub Actions, and open-source utilities are part of sanctioned workflows rather than tolerated exceptions.

Admins are no longer saying “no” to developer tools. They’re saying “yes — but safely.”

Related sessions:

• Mac Admins vs. Shadow IT
• One Year On: Evolving the Self Service+ Experience on Mac
• Workbrew: How to Unite Developers, IT Administrators, and Security Professionals

2. Migrating to Standard users: An ongoing trend

A big theme in our conversations this year was the move from admin to standard user accounts. Practically every org we spoke to was in the middle of trying to make this shift, especially in highly-regulated industries such as finance, healthcare and government.

It’s a tough one. Everyone is aware of the importance of least privilege, but developers still want to install the apps they need to get things done. This is why so many people lit up when we showed them Cask Allowlists. It solves the classic “I need sudo to install this desktop app” headache by letting our agent handle all that securely for the device user.

3. Automation & “Infrastructure-as-Code” Go Mainstream

Sessions like Infrastructure as Code with Jamf to Automating Apple Endpoint Management (Git, CI/CD, Terraform) made it clear that Apple device management is moving from “set up a profile manually” to automated, code-driven workflows - versioned, reviewable, and repeatable.

Teams are version-controlling policies, testing in CI, and deploying declaratively. In Getting the Hook of Webhooks, Elmo Kuisma showcased event-driven workflows that tied into identity and logging systems. It’s a cultural shift as much as a technical one, prioritizing workflows which are repeatable, auditable, fast.

Related sessions:

• Infrastructure as Code with Jamf
• Automating the Mac Lifecycle (Jamf + Okta + GitHub Actions)
• Getting the Hook of Webhooks
• MDM and DDM 101

4. Security, Compliance & Device Trust Deepen

If last year was about identity, this year was about trust.Talks like Device Compliance & Platform SSO with Microsoft and Jamf and Soaring with Jamf Protect brought security to the center of every Apple conversation. Compliance isn’t a checkbox anymore - it’s continuous.

Compliance Benchmarks in Jamf Pro: From Complex Scripts to Simple Clicks demonstrated how frameworks like CIS are being embedded directly into management tools. The direction is clear: device trust, software integrity, and identity assurance are converging.

Admins are expected to prove — not just assume — that endpoints are compliant. That shift will ripple through how teams select, deploy, and monitor every layer of the stack.

Related sessions:

• Device Compliance & Platform SSO with Microsoft and Jamf
• Soaring with Jamf Protect
• Compliance Benchmarks in Jamf Pro: From Complex Scripts to Simple Clicks
• Threat Modeling: Practical Mac Security

5. Platform Integration & Identity-Centric Management

Identity took center stage.From Platform SSO | The Next Frontier to Jamf & Okta – Passwordless and Super Friends (S.U.P.E.R.M.A.N.), the message was consistent: users are the new policy anchor.

Identity-driven management means onboarding triggers provisioning and offboarding revokes access automatically. Standards like SSF and CAEP signal a future where MDM, IdP, and security tools cooperate instead of compete.

Related sessions:

• Platform SSO | The Next Frontier
• Jamf & Okta – Passwordless Authentication
• Enterprise Standards with SSF/CAEP
• Device Compliance & Platform SSO with Microsoft

6. IT and developers aren’t in opposition, they’re allies with a tooling problem

One of my favourite conversations was a Braindate with an Admin who manages thousands of developer Macs. He said something that stuck with me:

I want my devs to be as productive as possible, I just need them to be compliant while doing so.

That sentiment echoed across dozens of the chats we had with attendees. IT doesn’t want to slow developers down and developers understand the need for compliance. Everyone just wants tools that make both sides happy, productive and secure. It’s not a zero-sum game.

So this is the world we're creating at Workbrew: Productive Developers and happy IT & security teams.

7. Shadow IT, Open-Source Risk & Supply-Chain Visibility

“Shadow IT” used to mean rebellion; now it means signal. The standout session that I attended was from Todd Clark, Manager of IT Operations at Get Well. As he put it:

“If your users are going rogue, it’s probably because the official path is too slow.”

He highlighted how "shadow IT" is pushing the boundaries of traditional IT admin. He pointed out that Homebrew is often a blind spot for IT teams — not because it’s bad, but because it’s often invisible and therefore risks evading compliance.

It was cool to see how he tackles shadow IT in his own org using a blend of Jamf tooling, a few well-chosen third-party tools, and a refreshingly practical approach to change management.

Related sessions:

• Mac Admins vs. Shadow IT
• Unified Defense: How Security Analysts, Developers and Data Scientists Collaborate on ML-Powered Phishing Detection
• What’s New with Extension Attributes
• Soaring with Jamf Protect

Where the Mac Admin Story Goes from Here

JNUC 2025 showed a community in motion. Mac admins are balancing speed with safety, automation with oversight, and developer freedom with compliance. The role has outgrown its old borders. Admins are now architects, collaborators, and security partners shaping how Apple gets managed at scale. Across every hallway and session, the goals sounded the same: faster, safer, more connected Apple management.

The work ahead isn’t just technical - it’s cultural. The admins who thrive will be the ones who share knowledge, automate responsibly, and learn from each other.

Workbrew’s proud to be part of that story - helping connect the dots between developer velocity, IT governance, and software trust.