Real talk, real tools and real-time support from people who get it.
Get answers from fellow admins
Find your way around
Share your thoughts
Submit your idea
Hello Jamf Community, I'm currently experiencing an issue with Jamf Remote Assist — I haven't been able to successfully connect to any Mac devices for the past two weeks. Each attempt either times out or fails with no clear error message. I've tried the following so far: Confirmed that Remote Assist is enabled in Settings. Restarted Jamf Daemon and the local Jamf app on the affected Mac. Verified network/firewall configurations (no changes recently). Tested on both Intel and Apple Silicon Macs with the same result. Has anyone else encountered similar issues recently?Is there any known workaround or reliable fix that could help restore functionality? Any suggestions or guidance would be much appreciated. Thanks in advance!
Basically we have disabled the screenshot feature for a certain group in my organization via JAMF Configuration Profiles, but recently we have found a loophole for users to take screenshots via enabling the “Show features for web developers” and then on Safari, going to Develop tab and “Show Web Inspector” > Elements tab and right click the html to show the option to “capture screenshot” and it will allow you to save the screenshot. We are trying to remediate this loophole by disabling the option to enable the web developers option. Anyone have any ideas? I have tried using Configuration Profile and using the Application & Custom Settings option, but could not get it to work using the plist I found online.https://www.geeksforgeeks.org/techtips/how-to-take-screenshot-apple-safari/
Hi everyone,We’re currently using Jamf School to manage our Apple devices and are running into issues with Microsoft’s enforcement of strong certificate mapping as outlined in KB5014754.Our environment relies on certificate-based authentication with Active Directory. While we’ve configured UPN mapping using the RFC 822 SAN field, our domain controllers (now in Full Enforcement mode) are rejecting certificates that don’t meet the new strong mapping requirements.Unfortunately, Jamf School doesn’t appear to support:Inclusion of SAN URIs with SID Custom certificate templates Scripting or automation for explicit mapping via altSecurityIdentitiesWe’ve temporarily enabled Compatibility Mode on our domain controllers, but this is only viable until 10 September 2025, when Microsoft will enforce Full Enforcement by default.Questions for the community and Jamf staff:Are there any confirmed plans for Jamf School to support strong certificate mapping before the enforcement deadline? Has anyone foun
I’ve got a weird issue with MS Defender Configuration Profiles applying/Un-applying intermittently. As part of our enrollment process we install MS Defender and apply Configuration Profiles. This has been working fine for close to 12months.Now for some reason even though the Configuration Profiles are still applying (You can see them in Device Management). The configuration doesn’t always apply even when it does apply the settings can stop taking affect shortly afterwards.Device Management still has the Configuration Policies applied.I’ve tried downloading fresh configurations, onboarding etc. from Microsoft with exactly the same result. Has anyone else seen this?
Hey All,We are working on determining the best way to manage our assets. We are a Mac/iOS only environment. So all of our equipment goes into Jamf Pro. We don’t do touchless deployment (management decision although its practically touchless). I’d imagine we’d need to get MUT involved to update purchase status.How do you handle new equipment or equipment that goes back into inventory? Also, we are looking to get physical asset tag stickers for the devices. Any suggestions on using Jamf as a complete solution? Or addition tools that people use for Asset Management to track items?Thanks!
Updated 14SEPT2022 - I moved the GitHub link over to the official Jamf Github - https://github.com/jamf/jamfconnect/tree/main/azure_conditional_access will have the latest until the official Jamf Connect docs get updated.Updated 14JUL2022 - The github link below has been updated with some steps removed for version 2.13 or greater of Jamf Connect, details about custom ROPG scopes in the menu bar, notes on how the login may still show a failure after doing this but that's fine. https://www.jamf.com/blog/how-to-azure-conditional-access-and-jamf-connect/ will supersede instructions currently on the Jamf Blog.Updated 14JAN2022 - The github link below has been updated to simplify the setup of the application registrations in Azure and allows for full testing in Jamf Connect Configuration before deploying to a test machine.https://www.jamf.com/blog/how-to-azure-conditional-access-and-jamf-connect/ - Updated instructions posted to Jamf Blog.UPDATE
Hi folks, I'm looking to create a policy to do the following. Install AWS VPN Client Add Profile with provided .ovpn file. Pushing the AWS VPN Client is easy enough by pushing the .pkg file.Anyone have any experience/ideas for the second part? Thanks!
At some point in your career as an Apple Admin, you’ve (most likely) inherited a Jamf instance and said either to yourself or out loud, “Huh, I wonder why they did that. I certainly wouldn’t do it that way” or “That’s not the best practice I was taught”. Caveat: There’s no such thing as best practice. The better concept is defining the best practice for your environment. This is where you get to step in and be the hero. It’s your job to take the environment, back it up first. Make sure you backup your instance and sync it to your free Jamf sandbox (If you don’t have one, talk to your rep). Once you’ve backed up and sync’d to the sandbox, I hope you’re noticing the theme here…you can get started with the H.E.R.O. process. Something not mentioned is the process of writing documentation. DOCUMENT, DOCUMENT, DOCUMENT. Write down everything from the current state, proposed changes, changes you made (with dates), how configs work, work
Hi, We'd like to create an app/script that when run prompts the user to enter an asset tag and then automatically renames the device.I.e. asset tag 12345 renames the device to AG-MAC-12345 so that "AG-MAC-" is already predefined? Is this something that can be done with DEPNotify? TIA.
I have been getting requests to provide all managed phones with a contact list. The config page allows me to access a CARDDAV server. I would like some suggestions on how to best set one up, perhaps a cloud solution. Thanks
Our department is rolling out 500 new iPhones and we’ve been asked to provide an “address book” to each phone that will display the caller’s name on the phone receiving the call. These assumes that both the caller and the callee will be using our managed, and supervised, phones. Most of the en users are using Office 365. We also have the option of creating our own address book data entries and hosting them “someplace”. I can see that Casper can push out settings for a CardDAV server, but am not sure if that will do what we need or if there are better approaches. Any ideas appreciated. Thanks. Seth
Was upgrading my on prem dev Jamf pro instanace today and was looking into Important notices for the last few releases. I noticed this:11.14.0 Apple announced upcoming changes to the Apple Push Notification service (APNs) Certificate Authority (CA). Organizations using APNs will be required to update their application's trust store to include the new server certificate before 24 February 2025 to prevent communication disruption. For cloud-hosted environments, the root certificate is already trusted and validated. For on-premise environments, you may need to download and install the new SHA-2 Root USERTrust RSA Certification Authority certificate to your server's certificate trust store if it is not already trusted on your hosting infrastructure. For more information, see How to Download & Install Sectigo Intermediate Certificates - RSA documentation from Sectigo per Apple's announcement. Apple has a test server available to allow organizations to send push certificates to v
Submit and vote on product ideas.
Learn about our customer advocacy program that celebrates our most passionate customers.
Join the community to receive product updates, and share feedback.
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.
