Apple management and security specialist Jamf has announced the beta release of AI Analysis for Jamf Executive Threat Protection, a new AI-driven capability designed to accelerate mobile forensics and simplify the examination of sophisticated mobile threats.
The threat protection feature is aimed at helping organisations detect targeted attacks against high-value users, such as political figures, journalists, and executives. With mercenary spyware and similar threats becoming increasingly common — and with Apple issuing threat notifications in more than 150 countries in recent years — Jamf Executive Threat Protection is intended to help individual users and device fleet managers investigate suspicious device activity more effectively.
Jamf leverages AI to enhance its detection and response capabilities, enabling security and forensics teams to determine whether a device has been compromised more quickly. The company says this capability reduces the need for lengthy manual analysis by translating complex telemetry into concise, actionable findings.
The AI analysis generates a clear summary of suspected remote attacks on mobile devices, highlighting unusual app behaviours and other indicators that may point to a hacking attempt. When appropriate, Jamf Executive Threat Protection can also provide recommended next steps for remediation or further investigation.
Henry Patel, Chief Strategy Officer at Jamf, commented: “AI Analysis acts as an embedded forensic expert that can review suspicious activity in minutes and provide clear, actionable summaries. By using AI to translate complex telemetry into plain-language recommendations, we’re helping security teams respond faster and more confidently to potential mobile threats. What previously took hours or even days of manual analysis can now be summarised in minutes.”
For each incident, the AI produces a user-facing summary alongside a detailed technical report suitable for security teams. According to Jamf, this approach helps organisations protect their highest-risk users more efficiently while preserving forensic accuracy.
Most widely used Apple MDM systems
Apple’s native mobile device management (MDM) frameworks include Apple Business Manager and Apple School Manager. Both web-based portals help automate device enrollment into MDM without the need for manual device preparation, enabling zero-touch provisioning for large fleets.
Administrators can assign roles and permissions to manage device deployment, user accounts, and app distribution. The platforms streamline software management by supporting bulk purchasing and distribution of apps, books, and software licences, simplifying lifecycle management across hundreds or thousands of devices.
Apple’s MDM solutions centralise user account control through managed Apple IDs and domain verification. Federated authentication can be added to strengthen security, integrating with identity providers such as Google Workspace and Microsoft Entra ID so users can sign in with their existing credentials.
Apple School Manager provides additional education-specific features, including integration with student information systems (SIS), education workflows, and automated class roster synchronisation, making it suitable for deployment in schools and districts.
Third-party Apple MDM
Beyond Jamf, several third-party MDM providers support Apple device management, including Kandji, Addigy, and Mosyle. These vendors offer varying combinations of automation, security, and management features tailored to business and education environments.
Kandji is an Apple-only, cloud-based MDM focused on automating deployment, compliance, and security for macOS, iOS, iPadOS, and tvOS devices. Kandji incorporates AI through its Iru AI system to enhance threat detection and help guide administrative decision-making.
Addigy provides real-time management tools aimed at managed service providers (MSPs) and IT teams overseeing large Apple fleets. The platform integrates with Apple Business Manager to enable zero-touch deployment, supports OS updates and software distribution, and helps enforce compliance with established security benchmarks.
Mosyle positions itself as a Unified Endpoint Management (UEM) platform for education and business. Its features include zero-touch deployment, patch management, AI-enhanced security capabilities, single sign-on (SSO) integration, and web content filtering to maintain safe and compliant device usage.
Apple vs Android: Which is more secure?
Researcher Ernestas Naprys carried out a comparative experiment that suggests Apple iPhones tend to be more secure than many Android devices by default. In his test, Naprys installed the top 100 apps from the German app store on a new iPhone and a new Android device to observe background network behaviour.
He found the iPhone initiated an average of 3,308 internet connections per day while the Android device made about 2,323. However, a substantial portion of iPhone traffic — roughly 60% — was directed to Apple servers. On Android, only about 24% of traffic went to Google servers, with the remainder communicating with third-party services. The greater tendency for Android apps to communicate with external third-party servers can increase exposure to unknown endpoints.
These results illustrate why many organisations prefer Apple devices in business settings and why those devices are commonly managed with MDM platforms like Jamf. iPhones ship with stronger default protections and more restrictive data-sharing behaviours, which can reduce the risk of connections to potentially harmful servers or services.
When Apple devices are combined with an MDM solution, IT teams gain centralised control over policies, app distribution, and network restrictions — further reducing exposure to risky connections and unapproved applications. Tools such as Jamf’s AI Analysis for Jamf Executive Threat Protection build on iOS’s native safeguards by adding faster forensic review and targeted response guidance.
(Image source: “Apples” by astronomy_blog is licensed under CC BY-NC-SA 2.0.)
Want to discover how IoT is transforming telecoms and connectivity? Attend the IoT Tech Expo events in Amsterdam, California, and London to explore how 5G, edge computing, and IoT innovations are shaping future networks and services. These events are part of the TechEx series and co-located with other technology conferences.
Telecoms News is produced by TechForge Media. Explore additional enterprise technology events and webinars organised by TechForge Media for more opportunities to learn and connect.