How Blumira automates tasks with the SimpleMDM API

What is Blumira?

Name: Blumira
Website: blumira.com
Headquarters: Ann Arbor, Michigan
Category: Computer and network security
Description: Blumira makes security easy and effective for SMBs and mid-market companies, enabling quicker detection and response to cybersecurity threats to stop breaches and ransomware. Achieve compliance, save time on security tasks, and focus on real threats with Blumira.

SaaS security company Blumira is on a mission to simplify security for IT teams. Committed to helping small- to medium-sized businesses enhance their security posture while reducing manual workloads, Blumira recognizes that organizations of that size often lack the resources to procure and manage effective security tools. That’s why the company is dedicated to making its solutions accessible — security doesn’t have to be complex.

Goals

Since early 2021, Mike Toole has been the Head of IT and Security at Blumira. Upon joining the early-stage startup, he took over the company's existing tech stack. Quickly recognizing the need for a mobile device management (MDM) solution, he made it a top priority to implement the right tool. Since he already had experience with SimpleMDM from a previous company, Mike decided to carry it over as he laid the foundation for Blumira’s IT infrastructure.

“One of the things I like [about SimpleMDM] is that it’s a tool we can quickly leverage among all the other tools we start setting up.”

To build and scale Blumira's IT department and infrastructure, Mike started doing a little bit of everything with SimpleMDM in place. Stating he mostly builds “crazy stuff” and then hands it off to the team, he also spends time teaching others how to build around the product. Because they have a lot of other tooling they want to extend to SimpleMDM, they rely heavily on the API, as well as custom configuration profiles and our hosted Munki integration for macOS deployments.

Solutions

To integrate SimpleMDM into their existing infrastructure and automate tasks, Mike and his team have built out some pretty impressive workflows for their Apple device fleet at Blumira. From employee onboarding and offboarding, device trust, real-time alerting, and more, their setup is nothing short of impressive.

Blumira automates onboarding new employees using Apple Business Manager and SimpleMDM. After placing an order directly through Apple, the device is drop-shipped to the end user. Already assigned to a DEP profile, a new user logs in to their device with a temporary password configured with SSO to complete the account setup. Once fully enrolled, configurations and policies are automatically applied to their device.
To enhance device trust (the process of securing and restricting access to resources based on the device’s security posture), Blumira leverages the SimpleMDM API to sync a list of known and trusted devices from SimpleMDM to Duo Security. As employees log in to sensitive apps, Blumira then cross-checks device information, much of which is gathered via the MDM API, against predefined security criteria before allowing them in.
Leveraging the data pulled from SimpleMDM and a series of integrations, Blumira has set up real-time alerting. They wrote better detections and alert more accurately by using internal tooling, such as their own proprietary security information and event management (SIEM) software and endpoint detection and response (EDR) tool, in combination with data from SimpleMDM. One specific use case Mike mentioned is an alert they built that sends a Slack notification to the team when a disk is full so they can reach out to the user.
Since Blumira is a fully remote company, automated offboarding has helped alleviate the cumbersome process typically associated with employees leaving. A task job triggers upon an employee’s departure, remotely locking endpoints as needed. The system checks the inventory to identify assigned devices, and a return box automatically ships to the end user so they can easily send back the device.

Mike values the versatility of Munki for his macOS deployments, specifically calling out how seamlessly it integrates into SimpleMDM. He utilizes most options available to manage and update applications, including the Shared Apps directory of commonly used macOS software that our team maintains to ensure apps are always up to date.

“Having the Shared Apps, the normal apps I just don’t want to deal with, and not having to dedicate resources ... [to] making sure people’s desktop apps are the latest packages in Munki ... it’s just one less thing we have to worry about.”

Mike also uses custom packages and NoPkgs, which he says his team designs mostly to deliver custom security tools to devices. These capabilities give Blumira the flexibility to seamlessly push out software to devices.

“I really like the way you guys [SimpleMDM] implemented Munki. The flexibility of being able to use Shared Apps or bring in our own custom packages and NoPkg scripts has been huge for us.”

Since Mike and the team save enough time automating their device management workflows with the SimpleMDM API, they hope to focus on other projects soon. They’re interested in exploring SSO for device unlock and declarative device management, which is currently in beta for SimpleMDM customers.

“I really appreciate how fast you are to onboard new things, whether it’s OS support or DDM. You are pretty quick as far as any of the new protocols and stuff that come out. I always appreciate that — it’s just more things that we can leverage.”

To see how SimpleMDM can help you customize and streamline your Apple device management workflows, start a free 30-day trial or request a demo.