Real talk, real tools and real-time support from people who get it.
Get answers from fellow admins
Find your way around
Share your thoughts
Submit your idea
What's your favorite: - Resource when stuck in a rut and need answers? (aside from chatGPT) - Favorite beverage hot or cold- Role model in the tech world- Way to decompress after a stressful day - Hobby side from work
Microsoft has announced plans to move storage of the Workplace Join Key out of the user’s Login Keychain and into Apple’s Secure Enclave: Microsoft Enterprise SSO plug-in for Apple devices - Microsoft identity platform Announced in March 2024, Microsoft Entra ID will be moving away from Apple’s Keychain for storing device identity keys. Starting in Q3 2025, all new device registrations will use Apple’s Secure Enclave. There will be no opt-out of this storage location. Applications and MDM integrations that have a dependency on accessing Workplace Join keys via Keychain will need to start using MSAL and the Enterprise SSO plug-in to ensure compatibility with the Microsoft identity platform. In the same document, Microsoft provides guidance on how to test the Secure Enclave today to ensure the change will be compatible with your environment when the change goes live: If you would like to enable Secure Enclave based storage of
At some point in your career as an Apple Admin, you’ve (most likely) inherited a Jamf instance and said either to yourself or out loud, “Huh, I wonder why they did that. I certainly wouldn’t do it that way” or “That’s not the best practice I was taught”. Caveat: There’s no such thing as best practice. The better concept is defining the best practice for your environment. This is where you get to step in and be the hero. It’s your job to take the environment, back it up first. Make sure you backup your instance and sync it to your free Jamf sandbox (If you don’t have one, talk to your rep). Once you’ve backed up and sync’d to the sandbox, I hope you’re noticing the theme here…you can get started with the H.E.R.O. process. Something not mentioned is the process of writing documentation. DOCUMENT, DOCUMENT, DOCUMENT. Write down everything from the current state, proposed changes, changes you made (with dates), how configs work, work
Hi all, We have quite a weird recurring issue with 3 mac devices. FileVault is set to enable via a configuration profile from UIE//ADE and this has been working good since we introduced Jamf. We are however having issues where the secure tokens assigned to these users are being removed? I was wondering if this is something that anyone else has seen? The accounts a mobile accounts from AD. All of the mobile accounts on the devices are struggling. The workaround currently is to sign in with the local account that was created for support (has securetoken key) and then log out. Falling short of disabling FileVault for these devices, is there anything else any one can think of? Thanks in advance!
Went to the support portal to enter a ticket and has a link at the top to go to the new support portal which turns out to just be an AI chat bot. While its good for Jamf to have an AI chatbot try and “screen” support questions, I am wondering how well this will work out. The AI bot did not really have an answer to my question so I asked it to create a ticket and it said the team would email me back.I hope there is a way to track these support requests like you could with the old ticketing system. It can be important to have a ticket number.
Just be going though the process of updating our Autodesk apps for 2026. its not a script I have written but I have updated for Maya & Mudbox 2026. I found on her somewhere.Thought it was sharing to help other as a starting point. #!/bin/bash#Copy installer app from .dmg to /tmp#Modify values below as necessary (Usually: year and pKey)#Set variablesyear="2026"pkgPath1="/private/tmp/InstallMaya2026.app/Contents/Helper/Packages/Maya/MayaUSD.pkg"pkgPath2="/private/tmp/InstallMaya2026.app/Contents/Helper/Packages/Maya/Maya_AdLMconf2026.pkg"#pkgPath3="/private/tmp/InstallMaya2024.app/Contents/Helper/Packages/Licensing/adskflexnetserverIPV6.pkg"pkgPath4="/private/tmp/InstallMaya2026.app/Contents/Helper/Packages/Licensing/AdskLicensing-15.1.0.12339-mac-installer.pkg"pkgPath5="/private/tmp/InstallMaya2026.app/Contents/Helper/Packages/Maya/Maya_core2026.pkg"pkgPath6="/private/tmp/InstallMaya2026.app/Contents/Helper/Packages/Maya/bifrost.pkg"pkgPath7="/private/tmp/InstallMaya2026.app/Content
Hey folks, I worked on a script to deploy Autodesk 2026 (the one that uses the named user licenses). We don’t teach Mudbox, so that isn’t in the script...but Maya and AutoCAD is (along with Darwin..what a PIA to get working). I packaged the apps and deployed to /private/tmp/AutodeskApps… I have a lot of logging left in the script as Darwin is a royal pain and can fail at many different steps. I also made use of a lot of variables to hopefully make updating in the future easier. Oh, also did it in zsh.Hope you all find it useful, or at the very least, a good jumping off point!#!/bin/zshset -euo pipefail############################# VARIABLES############################YEAR="2026"TMP="/private/tmp"APP_TMP="${TMP}/AutodeskApps"LOG="/var/log/autodesk2026_install.log"DMG_LIST=( "Autodesk_Maya_2026_1_Update_ML_macOS.dmg" "Darwin.dmg" "AdskIdentityManager-UCT-Installer.dmg" "Autodesk_AutoCAD_2026_macOS.dmg")PKG_FILE="AdskLicensing-15.4.0.13093-mac-installer.pkg"INSTALL_SUMMARY=()log() {
Recently, an end user had their laptop stolen, so once notified i was able to apply a lock to the unit from my instance of JamfPro with a 6 digit code and it’s been a week now and it looks like nobody has tried to get the unit online. Long term can anyone suggest what i should do? I don’t expect to ever get the unit back so should i remove it from JamF?? Umberto
I'm trying to apply proxy settings to Macs for use only when they are in the office, connected to corporate Ethernet or WiFi, but I don't want these proxy settings to be applied when the user is at home or anywhere that isn't the office. Is there a way that this can be done?
C'est vrai ça, c'est bien beau d'avoir un beau forum tout propre, mais qui fait quoi par ici ? :-)
Hi All,Does anybody know if InTune Cloud PKI integration with JAMF works instead of the legacy setting up NDES on prem?
Howdy everybody! Time for my annual post about how we all need to get our budgets prepped and ready to go for all the hardware we need to replace that Apple is dropping from its OS Compatibility list! I've modified my previous regex statement to take out the models that were lost to us this year to the latest macOS version. It looks like Apple is taking a big ole axe to the intel macs, minus only a couple of exceptions that seem to tie to the devices that were still being sold at the time of the M1 release. One tricky piece are the specific intel MacBook Pro's that Apple has listed. In that grouping are the MacBookPro16,x models, where x is 1,2 and 4, but not the 16,3 model, so keep that in mind. If anyone has details that contradict that, please let me know here and i'll quickly change the posted regex. I've tested this in my own Jamf instances to verify its returning the data that i'd expect to see, and am confident this will be able to match everything that is no longer supported by
Basically we have disabled the screenshot feature for a certain group in my organization via JAMF Configuration Profiles, but recently we have found a loophole for users to take screenshots via enabling the “Show features for web developers” and then on Safari, going to Develop tab and “Show Web Inspector” > Elements tab and right click the html to show the option to “capture screenshot” and it will allow you to save the screenshot. We are trying to remediate this loophole by disabling the option to enable the web developers option. Anyone have any ideas? I have tried using Configuration Profile and using the Application & Custom Settings option, but could not get it to work using the plist I found online.https://www.geeksforgeeks.org/techtips/how-to-take-screenshot-apple-safari/
I uploaded the Protect plan to Jamf Pro configuration profile. I was wondering if Protect also works on devices? I tried to upload the same file to the devices but it ends up failing. If there is any documentation for deploying to devices, please point me to it!
Hey All,We are working on determining the best way to manage our assets. We are a Mac/iOS only environment. So all of our equipment goes into Jamf Pro. We don’t do touchless deployment (management decision although its practically touchless). I’d imagine we’d need to get MUT involved to update purchase status.How do you handle new equipment or equipment that goes back into inventory? Also, we are looking to get physical asset tag stickers for the devices. Any suggestions on using Jamf as a complete solution? Or addition tools that people use for Asset Management to track items?Thanks!
Hello Jamf Community, I'm currently experiencing an issue with Jamf Remote Assist — I haven't been able to successfully connect to any Mac devices for the past two weeks. Each attempt either times out or fails with no clear error message. I've tried the following so far: Confirmed that Remote Assist is enabled in Settings. Restarted Jamf Daemon and the local Jamf app on the affected Mac. Verified network/firewall configurations (no changes recently). Tested on both Intel and Apple Silicon Macs with the same result. Has anyone else encountered similar issues recently?Is there any known workaround or reliable fix that could help restore functionality? Any suggestions or guidance would be much appreciated. Thanks in advance!
I have been getting requests to provide all managed phones with a contact list. The config page allows me to access a CARDDAV server. I would like some suggestions on how to best set one up, perhaps a cloud solution. Thanks
Submit and vote on product ideas.
Learn about our customer advocacy program that celebrates our most passionate customers.
Join the community to receive product updates, and share feedback.
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.
