Organisations are increasingly adopting Apple devices for end user workstations, and now face the same device management challenges that others faced 20 years ago with Windows and Active Directory. To counter this, 3rd party device management solutions such as Jamf, have filled the macOS management void. This talk will give an attacker's perspective on the security implications behind adopting Jamf in your hybrid Windows and macOS estate. We will explore in detail our experiences attacking Jamf-managed macOS estates, ranging from undisclosed attack vectors through to common mis-configurations that are consistently observed in the world of Windows Active Directory. We will also be releasing F-Secure's bespoke Jamf exploitation tooling, so that these attack paths can be identified in your own organisations. In addition to the offensive skills needed to exploit these issues, we will also be providing recommendations to mitigate them, giving you the ability to harden both on-premise and SaaS Jamf instances.