Real talk, real tools and real-time support from people who get it.
Get answers from fellow admins
Find your way around
Share your thoughts
Submit your idea
We have identified a critical issue in the latest release of Self Service+, where the app’s background process consumes excessive memory when Self Service+ starts while a computer is not connected to the Internet. We are currently working on a hotfix, which will be available as soon as possible. If you are experiencing symptoms (slow computer performance, menubar app showing only a spinning icon, Menubar App unresponsiveness), do the following:Ensure the affected computer has an active Internet connection Force quit the "Self Service+" app via Activity Monitor (⌘+Space → type "Activity Monitor" → find and quit the Self Service+ app) Self Service+ restarts automatically and will function as intended. You may need to repeat this process if the app is restarted while the computer is not connected to the internet. Thank you for your understanding and we apologize for any inconvenience.
We need to add a new allowance to our VPN profile that is required for the newest version of our VPN client .I am trying to figure out what exactly happens on macOS when a profile gets updated. Does it remove all the settings the profile sets and reapply, or does it only add/remove changes. I would like it so people do not get kicked off VPN when the profile is updated (The addition to the profile only deals with login items.
Just to be clear this is not a JAMF issue or any MDM issue. This is an apple issue and unless people speak up by opening apple tickets or feedback cases or talking with their apple engineer, apple will not take this seriously.If you as system engineer of your environment would like IP addresses reported from your devices please feel free to use as much or as little of my argument to apple from my ticket I opened with them I am writing to advocate for the inclusion of IP address reporting within MDM solutions for devices supervised under the DEP for iOS, macOS, visionOS, and tvOS.The ability to report IP addresses is not merely a desirable feature; it is an essential capability for enterprises to gain a comprehensive understanding of their devices and network environment. This functionality will significantly enhance our ability to scope and troubleshoot Apple devices effectively. Currently, the process involves multiple teams and systems to ascertain a device's IP address, which requi
Hi everyone,I'm currently facing an issue with AnyDesk deployed via Jamf across our Mac fleet. Initially, I set up an installation policy and a configuration profile for all Macs and users, and everything was working smoothly.However, I've noticed that whenever I add a new PC to AnyDesk and attempt to connect remotely to a Mac, I receive an "Access Denied" message. I understand this isn't the official AnyDesk forum, but I’m hoping someone here might have encountered a similar situation.I’m considering removing and redeploying the configuration profile to see if that resolves the issue—but I’m not entirely sure how to go about it. Would changing the scope to "specific computers" and "specific users" be enough? Could that potentially cause other problems?If anyone has suggestions or has dealt with something similar, I’d really appreciate your input.Thanks in advance for your help!
Hello Jamf Community, I'm currently experiencing an issue with Jamf Remote Assist — I haven't been able to successfully connect to any Mac devices for the past two weeks. Each attempt either times out or fails with no clear error message. I've tried the following so far: Confirmed that Remote Assist is enabled in Settings. Restarted Jamf Daemon and the local Jamf app on the affected Mac. Verified network/firewall configurations (no changes recently). Tested on both Intel and Apple Silicon Macs with the same result. Has anyone else encountered similar issues recently?Is there any known workaround or reliable fix that could help restore functionality? Any suggestions or guidance would be much appreciated. Thanks in advance!
Hello, So I’m curious about whether we need to have either an LDAP server setup or issue managed AppleIDs in order to utilize user-initiated enrollment.I made a user and user group in JAMF Pro thinking it would allow for enrolling a device and that I could give my end users a single set of credentials to then get the MDM profile and configuration to everyone. However during the enrollment, I get stuck on a page which mentions “Assign to User” with a blue magnifying glass and Enroll button which don’t seem to react, no matter what I enter. Perhaps this is not possible, but it’s what I’m hoping to find out here. Can I use a single JAMF Pro user to log in all my end users for user-initiated device enrollment? Or must we set up an LDAP server/get managed IDs?Context: We are doing a big push for new devices soon, and currently we have no self-enrollment, meaning our IT department would have to manually enroll every phone. We are looking for an alternative solution to avoid that. We do not u
Hey folks, I worked on a script to deploy Autodesk 2026 (the one that uses the named user licenses). We don’t teach Mudbox, so that isn’t in the script...but Maya and AutoCAD is (along with Darwin..what a PIA to get working). I packaged the apps and deployed to /private/tmp/AutodeskApps… I have a lot of logging left in the script as Darwin is a royal pain and can fail at many different steps. I also made use of a lot of variables to hopefully make updating in the future easier. Oh, also did it in zsh.Hope you all find it useful, or at the very least, a good jumping off point!#!/bin/zshset -euo pipefail############################# VARIABLES############################YEAR="2026"TMP="/private/tmp"APP_TMP="${TMP}/AutodeskApps"LOG="/var/log/autodesk2026_install.log"DMG_LIST=( "Autodesk_Maya_2026_1_Update_ML_macOS.dmg" "Darwin.dmg" "AdskIdentityManager-UCT-Installer.dmg" "Autodesk_AutoCAD_2026_macOS.dmg")PKG_FILE="AdskLicensing-15.4.0.13093-mac-installer.pkg"INSTALL_SUMMARY=()log() {
Does anyone receive these emails, [HIGH] Alert for Sophos Central, when their computer is updated from one operating system to another, or at other random times? I was informed by Sophos that I would need to manage using static groups instead of smart groups, but that seems inefficient and not ideal.
Anyone having a keychain issue and the onboarding window not opening automatically upon first login (newly imaged machine that hasn’t been logged into before)? Tried 3 times and get the same result.Self Service+ Version: 2.4.0Jamf Connect Version: 3.4.1Jamf Connect Preference Domain Version: 3.2.0macOS Version: 15.5 (24F74)
I am trying to test out Single App Mode so we can fulfill a request a user has when their new Ipad comes in. They want it to only allow access to Safari and not allow any websites except the sign in page they set up. I have been able to restrict other sites with no issues, but the Single App mode is causing me issues. I created a Configuration Policy and selected Safari from the Lock to App drop down. When I scope it to my test group, it does attempt to apply, but fails due to "The field “Identifier” contains an invalid value.". Even when I chose "Specify Build ID" and enter "com.apple.mobilesafari" as the build ID, I get the same error. This happens for all apps in the drop down.I have confirmed the Ipad is supervised and all other settings I set up have applied with no issues. It is just this one thing that will not apply. Any assistance anyone can provide would be appreciated.
Hi,I’m trying to use Network Access in Jamf Cloud to route traffic to M365 apps via the ZTNA network for IOS devices. I’ve added this as a separate Activation Profile on top of the Default Profile that covers different services. The users already had the Jamf Trust app on their phones for the previously enabled services. Those services didn’t require a login, since Jamf Pro is distributing Jamf Trust. With the additional profile I assumed that logging in was somehow made possible in the App, but there’s no option anywhere. Also, I don’t see that traffic is routed through the ZTNA network either (since I would expect traffic to come from a different IP). Last, if I look in device management in Jamf Cloud, the Network Access services is not active for the devices, so I wonder if the Activation Profile is even deployed, despite I’ve done that (I even tried to open the link on a phone manually).Any suggestions on what I might be missing or doing wrong? The documentation isn’t really giving
Hi everyone,We’re currently using Jamf School to manage our Apple devices and are running into issues with Microsoft’s enforcement of strong certificate mapping as outlined in KB5014754.Our environment relies on certificate-based authentication with Active Directory. While we’ve configured UPN mapping using the RFC 822 SAN field, our domain controllers (now in Full Enforcement mode) are rejecting certificates that don’t meet the new strong mapping requirements.Unfortunately, Jamf School doesn’t appear to support:Inclusion of SAN URIs with SID Custom certificate templates Scripting or automation for explicit mapping via altSecurityIdentitiesWe’ve temporarily enabled Compatibility Mode on our domain controllers, but this is only viable until 10 September 2025, when Microsoft will enforce Full Enforcement by default.Questions for the community and Jamf staff:Are there any confirmed plans for Jamf School to support strong certificate mapping before the enforcement deadline? Has anyone foun
We’ve been testing Platform SSO with Microsoft Entra ID in a Password Authentication configuration, and found that we need to create a local account on the system first in System Settings > Users & Groups, before a user can log in with user@domain.com as their username, is that expected behavior? If that is what is required then we can work with that, but ideally once the system has the relevant configuration profiles installed I’d like anyone in Entra ID to be able to log in without any manual configuration. If I don’t manually create a local, standard account with the same username beforehand, the user just gets a dialogue box containing a yellow warning triangle with no other information and is then automatically logged out again. Or would I be better off with a Secure Enclave configuration? We have hundreds of staff 1:1 Macs (mostly MacBooks) and about 100 lab iMacs/Mac Studios. We are a big MS/Azure/Entra house, currently bind to AD (which we are desperate to come away from
Submit and vote on product ideas.
Learn about our customer advocacy program that celebrates our most passionate customers.
Join the community to receive product updates, and share feedback.
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.
