Protect Mac Endpoints Using MFA

By Greg Keller Posted September 29, 2016

Owning a shiny new Macbook Pro or iMac comes with a caveat:  Apple products are a more likely target for theft.


Nobody wants their device stolen. But if that were to happen, losing the actual device could be the least of your worries. If your Macbook has critical documents or cached credentials on it, the theft could compromise the security of your company.

This is every IT admin’s worst nightmare. According to a 2015 Promisec survey, 73% of IT professionals consider endpoints  (e.g. desktops, laptops and mobile devices) to be the “most vulnerable” part of the network. Only 31% say they are “well prepared for a cyber attack.”

Those numbers don’t look good. So what can we do to fix it?

How to Step Up Endpoint Security


At JumpCloud, a large part of our mission is to enable organizations to operate with confidence in the safety of their entire IT infrastructure, from cloud apps to directory services, all the way down to the individual endpoints.

This post will explain some methods and tools that can help you better protect your endpoints, with a focus on securing Mac devices through Multi-Factor Authentication (MFA).

What is MFA and How Does it Protect Devices?


MFA is Multi-Factor Authentication and it’s also commonly referred to as 2FA (Two Factor Authentication). Multi-factor authentication requires the user to login using at least two different types of credentials. Most often, the first authentication factor is a standard password and the second is a “virtual token” that’s generated at the time of login and sent to a device belonging to the user, such as their phone.

MFA radically improves endpoint security because it prevents a thief from logging in with a password alone. Hackers need to obtain both factors of authentication in order to access the resource – and that’s almost always one too many.

Bar none, implementing system-based MFA is the single most effective measure you can take to ramp up the security of your endpoints.

Other Methods to Improve Endpoint Security 2016-07-15 14-47-50

There are a few basics to get right, including having up-to-date anti-virus installed on every device at your organization. In the same vein, it’s important to regularly update the browsers and plug-ins at use by your end users.

Ideally, admins would have centralized control over all of the devices in use. That way, in case of theft or if an employee leaves suddenly on not-so-good terms, the admin is able to disable the computer from their dashboard.

How to get MFA

multi-factor authentication mac

This can be difficult to achieve on your own, thankfully there are services out there that make it easier. At JumpCloud, we’ve worked to include multi-factor authentication as a foundation component of our Directory-as-a-Service®. We’ve integrated with the powerful Google Authenticator in order to provide our clients with MFA at the system level, at no additional cost. In order to achieve this, you also need JumpCloud’s lightweight agent installed on your Mac.

If you’re looking for how to set up JumpCloud’s MFA, that resource is located here on our KnowledgeBase.

If you don’t have JumpCloud, but are interested in the ways that a cloud-based directory can unify all of your IT infrastructure and while protecting your devices, I encourage you to read the DaaS primer or watch the video below:

With JumpCloud, your first 10 users are free forever so there’s no reason not to give it a try.  

Greg Keller

Greg is JumpCloud's Chief Product Officer, overseeing the product management team, product vision and go-to-market execution for the company's Directory-as-a-Service offering. The SaaS-based platform re-imagines Active Directory and LDAP for the cloud era, securely connecting and managing employees, their devices and IT applications.

Recent Posts