Real talk, real tools and real-time support from people who get it.
Get answers from fellow admins
Find your way around
Share your thoughts
Submit your idea
Hello, So I’m curious about whether we need to have either an LDAP server setup or issue managed AppleIDs in order to utilize user-initiated enrollment.I made a user and user group in JAMF Pro thinking it would allow for enrolling a device and that I could give my end users a single set of credentials to then get the MDM profile and configuration to everyone. However during the enrollment, I get stuck on a page which mentions “Assign to User” with a blue magnifying glass and Enroll button which don’t seem to react, no matter what I enter. Perhaps this is not possible, but it’s what I’m hoping to find out here. Can I use a single JAMF Pro user to log in all my end users for user-initiated device enrollment? Or must we set up an LDAP server/get managed IDs?Context: We are doing a big push for new devices soon, and currently we have no self-enrollment, meaning our IT department would have to manually enroll every phone. We are looking for an alternative solution to avoid that. We do not u
Last month, we announced through this Tech Thoughts blog article that Jamf Nation will get an upgrade later this summer. Well, friends...the time has come! On Friday, July 4, Jamf Nation shifted from its current platform to a new space, and we couldn't be more excited. What you need to know about the migration Any new content published on Jamf Nation between JUNE 23 – JULY 3 will need to be re-posted to the new site after launch. (If you got your answer in that timeframe and don’t care that it’s on the new site, that’s fine too!) All content that was posted to Jamf Nation BEFORE JUNE 23 will migrate. No action needed! Yes, your profile information will migrate. Yes, your User Group information will migrate. Yes, your postings to the job board will migrate. It will ALL migrate. 😊 Improvements in the new space We’re excited for you to come in and see the new space soon! Warning...it will look and feel different, this is by design. This upgraded version of Jamf Nation w
We need to add a new allowance to our VPN profile that is required for the newest version of our VPN client .I am trying to figure out what exactly happens on macOS when a profile gets updated. Does it remove all the settings the profile sets and reapply, or does it only add/remove changes. I would like it so people do not get kicked off VPN when the profile is updated (The addition to the profile only deals with login items.
Monday June 9 it was that time of the year, Apple’s World Wide Developers Conference kicked off with the usual Keynote where they introduce the new versions of macOS, iOS, iPadOS, visionOS, tvOS and watchOS. I was lucky enough to have obtained a ‘golden ticket’ through the lottery system and actually attend this event at Apple Park in Cupertino! As an Apple consultant and macOS developer at long-time Jamf-partner Root3, it was both very exciting and relevant for me to attend. I’d like to share my in-person experience while also highlighting key announcements, especially for Apple IT admins and how this may affect us this fall. In-person experienceThe WWDC event for attendees is actually a multi-day event with most activities taking place from Sunday to Tuesday. It starts with a welcome reception at the historic Apple Campus at 1 Infinite Loop where you check-in, get your badge, happy Apple employees high-fiving and lots of photo opportunities. It’s a great start of the week to mingle
Whether you manage a few Macs or thousands of iOS devices, connect with other Apple administrators in a relaxed and collaborative environment.No presentations or sales pitches—just excellent company, coffee, and engaging conversations with individuals who comprehend the unique advantages and challenges of managing Apple devices in the enterprise.RSVP at this link or simply drop in — we will be here! Time 8:30 am - 11:30 am CSTLocation Fiddleheads Coffee WauwatosaAddress 8807 W North Ave, Wauwatosa, WI 53226Sponsored by Jamf — Connecting the Apple admin community, one coffee at a time.
Informal Coffee & Connect Meetup! Whether you manage a few Macs or thousands of iOS devices, connect with other Apple administrators in a relaxed and collaborative environment. Attend at your convenience and stay as long as you wish. No presentations or sales pitches—just excellent company, coffee, and engaging conversations with individuals who comprehend the unique advantages and challenges of managing Apple devices in the enterprise. RSVP or simply drop in — we will be present. Sponsored by Jamf — Connecting the Apple admin community, one coffee at a time.
Things are a little different around here! As we shared in this Tech Thoughts article, any posts that were created in that space between JUNE 23 - JULY 3 DID NOT MIGRATE. Instead of putting Jamf Nation into read-only mode during our transition to this new site, we opted to keep it open so y’all could keep getting help from the community. If you posted during that timeframe and didn’t get your answer, go ahead and re-post it on the forum now! If you posted during that timeframe but already got your answer (or don’t need it), no need to do anything else. That’s all! I hope you’re enjoying this revamped version of Jamf Nation. Be sure to reach out to us at jamfnation@jamf.com with any questions or feedback!
Today we released Jamf Connect 3.1.0; this release addresses the following product issues:[PI131938] Fixed: For configurations using Microsoft Entra ID as their identity provider, the Jamf Connect login window displays an error message at the bottom of the screen when passkeys are an available authentication method. [PI134695] Fixed: The Jamf Connect login window displays a black screen after a user enters their password incorrectly and triggers the maxFailedAttempts setting. [PI135947] Fixed: When Short Name (OIDCShortName) is set to an email, the Jamf Connect login window creates a user account with the entire email domain instead of the prefix before the "@" symbol. To access new versions of Jamf Connect, log in to Jamf Account with your Jamf ID. The latest version is located in the Solutions section under Jamf Connect.Product DocumentationFor additional information on what's included in this release, review the release notes via the Jamf Learning Hub.
I have been using docutil for many years at this point (along with BuildADock). It works great. I am building a new lab and it's a weird setup. Not every computer will have the same versions of software installed (mainly Adobe) for some stupid licensing issues. I'm wondering if there is a way to use wildcards in the docutil script? For example, I have three sets of computers that have either Adobe CC 2023, 2024, or 2025. The software installs are the same, but the version year is different. Rather than make different docks for all the variations in the lab, is there a way to use a wildcard so it puts whichever version of Photoshop onto the dock that is installed onto the computer?
Hi,I would like to create a deployment for Maya 2025 based on the topic for 2024:https://community.jamf.com/t5/jamf-pro/packaging-autodesk-maya-2024-with-redundant-license-servers/m-p/298743I've found a .app installer in the Contents of the installer:/tmp/maya2025/AdskIdentityManager/AdskIdentityManager-Installer.app This app opens an installation wizard. How can I execute this (after the PKG installs) in silent mode?Thank you.
Anyone having a keychain issue and the onboarding window not opening automatically upon first login (newly imaged machine that hasn’t been logged into before)? Tried 3 times and get the same result.Self Service+ Version: 2.4.0Jamf Connect Version: 3.4.1Jamf Connect Preference Domain Version: 3.2.0macOS Version: 15.5 (24F74)
Does anyone receive these emails, [HIGH] Alert for Sophos Central, when their computer is updated from one operating system to another, or at other random times? I was informed by Sophos that I would need to manage using static groups instead of smart groups, but that seems inefficient and not ideal.
Hi,I’m trying to use Network Access in Jamf Cloud to route traffic to M365 apps via the ZTNA network for IOS devices. I’ve added this as a separate Activation Profile on top of the Default Profile that covers different services. The users already had the Jamf Trust app on their phones for the previously enabled services. Those services didn’t require a login, since Jamf Pro is distributing Jamf Trust. With the additional profile I assumed that logging in was somehow made possible in the App, but there’s no option anywhere. Also, I don’t see that traffic is routed through the ZTNA network either (since I would expect traffic to come from a different IP). Last, if I look in device management in Jamf Cloud, the Network Access services is not active for the devices, so I wonder if the Activation Profile is even deployed, despite I’ve done that (I even tried to open the link on a phone manually).Any suggestions on what I might be missing or doing wrong? The documentation isn’t really giving
Hi everyone,We’re currently using Jamf School to manage our Apple devices and are running into issues with Microsoft’s enforcement of strong certificate mapping as outlined in KB5014754.Our environment relies on certificate-based authentication with Active Directory. While we’ve configured UPN mapping using the RFC 822 SAN field, our domain controllers (now in Full Enforcement mode) are rejecting certificates that don’t meet the new strong mapping requirements.Unfortunately, Jamf School doesn’t appear to support:Inclusion of SAN URIs with SID Custom certificate templates Scripting or automation for explicit mapping via altSecurityIdentitiesWe’ve temporarily enabled Compatibility Mode on our domain controllers, but this is only viable until 10 September 2025, when Microsoft will enforce Full Enforcement by default.Questions for the community and Jamf staff:Are there any confirmed plans for Jamf School to support strong certificate mapping before the enforcement deadline? Has anyone foun
Hello Jamf Community, I'm currently experiencing an issue with Jamf Remote Assist — I haven't been able to successfully connect to any Mac devices for the past two weeks. Each attempt either times out or fails with no clear error message. I've tried the following so far: Confirmed that Remote Assist is enabled in Settings. Restarted Jamf Daemon and the local Jamf app on the affected Mac. Verified network/firewall configurations (no changes recently). Tested on both Intel and Apple Silicon Macs with the same result. Has anyone else encountered similar issues recently?Is there any known workaround or reliable fix that could help restore functionality? Any suggestions or guidance would be much appreciated. Thanks in advance!
We’ve been testing Platform SSO with Microsoft Entra ID in a Password Authentication configuration, and found that we need to create a local account on the system first in System Settings > Users & Groups, before a user can log in with user@domain.com as their username, is that expected behavior? If that is what is required then we can work with that, but ideally once the system has the relevant configuration profiles installed I’d like anyone in Entra ID to be able to log in without any manual configuration. If I don’t manually create a local, standard account with the same username beforehand, the user just gets a dialogue box containing a yellow warning triangle with no other information and is then automatically logged out again. Or would I be better off with a Secure Enclave configuration? We have hundreds of staff 1:1 Macs (mostly MacBooks) and about 100 lab iMacs/Mac Studios. We are a big MS/Azure/Entra house, currently bind to AD (which we are desperate to come away from
Hello jamf nation, If the goal of the new Jamf Nation Rewards program is to generate more content, user numbers and traffic, then it would be cool if jamf also considered redesigning the forum page. There are no specific topic areas. I can only search or scroll down. If I have then scrolled down so far that I have to click on "load more", then open a post and click back again, I am back at the top of the homepage and have to go back to the bottom and click on "load more". The only way to avoid this is to open a post in a new tab. Are there any thoughts on this?l @Mitchell_Gordon Cheers
Hi,We are working on implementing Managed Blocking of Macros in Office365. My task was to to have every user (not computer) have the Macro Security locked to "Disable all macros without notification" There was also to be an exclusion group for users who would not be controlled by the above lock. For the exclusion group, we wanted if possible for them to be locked instead to "Disable all macros with notification" as that setting allows a user to enable macros on a document by document useI also had to make this work with Entra or our On Premises Active Directory (to which the Mac's are bound). As there's no linkage yet with Entra I've focused on Active Directory (AD)I found that the settings for this in the Configuration Profile only work on a "Computer Level" even though they seem to be User settingsMy Configuration Profile looks like this:This works but generally takes a few minutes for the machine to pick up a change in the group from ADIf I try and make a second Config Profile an
Submit and vote on product ideas.
Learn about our customer advocacy program that celebrates our most passionate customers.
Join the community to receive product updates, and share feedback.
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.