Real talk, real tools and real-time support from people who get it.
Get answers from fellow admins
Find your way around
Share your thoughts
Submit your idea
Hello, So I’m curious about whether we need to have either an LDAP server setup or issue managed AppleIDs in order to utilize user-initiated enrollment.I made a user and user group in JAMF Pro thinking it would allow for enrolling a device and that I could give my end users a single set of credentials to then get the MDM profile and configuration to everyone. However during the enrollment, I get stuck on a page which mentions “Assign to User” with a blue magnifying glass and Enroll button which don’t seem to react, no matter what I enter. Perhaps this is not possible, but it’s what I’m hoping to find out here. Can I use a single JAMF Pro user to log in all my end users for user-initiated device enrollment? Or must we set up an LDAP server/get managed IDs?Context: We are doing a big push for new devices soon, and currently we have no self-enrollment, meaning our IT department would have to manually enroll every phone. We are looking for an alternative solution to avoid that. We do not u
Does anyone receive these emails, [HIGH] Alert for Sophos Central, when their computer is updated from one operating system to another, or at other random times? I was informed by Sophos that I would need to manage using static groups instead of smart groups, but that seems inefficient and not ideal.
Anyone having a keychain issue and the onboarding window not opening automatically upon first login (newly imaged machine that hasn’t been logged into before)? Tried 3 times and get the same result.Self Service+ Version: 2.4.0Jamf Connect Version: 3.4.1Jamf Connect Preference Domain Version: 3.2.0macOS Version: 15.5 (24F74)
I am trying to test out Single App Mode so we can fulfill a request a user has when their new Ipad comes in. They want it to only allow access to Safari and not allow any websites except the sign in page they set up. I have been able to restrict other sites with no issues, but the Single App mode is causing me issues. I created a Configuration Policy and selected Safari from the Lock to App drop down. When I scope it to my test group, it does attempt to apply, but fails due to "The field “Identifier” contains an invalid value.". Even when I chose "Specify Build ID" and enter "com.apple.mobilesafari" as the build ID, I get the same error. This happens for all apps in the drop down.I have confirmed the Ipad is supervised and all other settings I set up have applied with no issues. It is just this one thing that will not apply. Any assistance anyone can provide would be appreciated.
Last month, we announced through this Tech Thoughts blog article that Jamf Nation will get an upgrade later this summer. Well, friends...the time has come! On Friday, July 4, Jamf Nation shifted from its current platform to a new space, and we couldn't be more excited. What you need to know about the migration Any new content published on Jamf Nation between JUNE 23 – JULY 3 will need to be re-posted to the new site after launch. (If you got your answer in that timeframe and don’t care that it’s on the new site, that’s fine too!) All content that was posted to Jamf Nation BEFORE JUNE 23 will migrate. No action needed! Yes, your profile information will migrate. Yes, your User Group information will migrate. Yes, your postings to the job board will migrate. It will ALL migrate. 😊 Improvements in the new space We’re excited for you to come in and see the new space soon! Warning...it will look and feel different, this is by design. This upgraded version of Jamf Nation w
We need to add a new allowance to our VPN profile that is required for the newest version of our VPN client .I am trying to figure out what exactly happens on macOS when a profile gets updated. Does it remove all the settings the profile sets and reapply, or does it only add/remove changes. I would like it so people do not get kicked off VPN when the profile is updated (The addition to the profile only deals with login items.
Monday June 9 it was that time of the year, Apple’s World Wide Developers Conference kicked off with the usual Keynote where they introduce the new versions of macOS, iOS, iPadOS, visionOS, tvOS and watchOS. I was lucky enough to have obtained a ‘golden ticket’ through the lottery system and actually attend this event at Apple Park in Cupertino! As an Apple consultant and macOS developer at long-time Jamf-partner Root3, it was both very exciting and relevant for me to attend. I’d like to share my in-person experience while also highlighting key announcements, especially for Apple IT admins and how this may affect us this fall. In-person experienceThe WWDC event for attendees is actually a multi-day event with most activities taking place from Sunday to Tuesday. It starts with a welcome reception at the historic Apple Campus at 1 Infinite Loop where you check-in, get your badge, happy Apple employees high-fiving and lots of photo opportunities. It’s a great start of the week to mingle
Whether you manage a few Macs or thousands of iOS devices, connect with other Apple administrators in a relaxed and collaborative environment.No presentations or sales pitches—just excellent company, coffee, and engaging conversations with individuals who comprehend the unique advantages and challenges of managing Apple devices in the enterprise.RSVP at this link or simply drop in — we will be here! Time 8:30 am - 11:30 am CSTLocation Fiddleheads Coffee WauwatosaAddress 8807 W North Ave, Wauwatosa, WI 53226Sponsored by Jamf — Connecting the Apple admin community, one coffee at a time.
Informal Coffee & Connect Meetup! Whether you manage a few Macs or thousands of iOS devices, connect with other Apple administrators in a relaxed and collaborative environment. Attend at your convenience and stay as long as you wish. No presentations or sales pitches—just excellent company, coffee, and engaging conversations with individuals who comprehend the unique advantages and challenges of managing Apple devices in the enterprise. RSVP or simply drop in — we will be present. Sponsored by Jamf — Connecting the Apple admin community, one coffee at a time.
Things are a little different around here! As we shared in this Tech Thoughts article, any posts that were created in that space between JUNE 23 - JULY 3 DID NOT MIGRATE. Instead of putting Jamf Nation into read-only mode during our transition to this new site, we opted to keep it open so y’all could keep getting help from the community. If you posted during that timeframe and didn’t get your answer, go ahead and re-post it on the forum now! If you posted during that timeframe but already got your answer (or don’t need it), no need to do anything else. That’s all! I hope you’re enjoying this revamped version of Jamf Nation. Be sure to reach out to us at jamfnation@jamf.com with any questions or feedback!
Hi,I’m trying to use Network Access in Jamf Cloud to route traffic to M365 apps via the ZTNA network for IOS devices. I’ve added this as a separate Activation Profile on top of the Default Profile that covers different services. The users already had the Jamf Trust app on their phones for the previously enabled services. Those services didn’t require a login, since Jamf Pro is distributing Jamf Trust. With the additional profile I assumed that logging in was somehow made possible in the App, but there’s no option anywhere. Also, I don’t see that traffic is routed through the ZTNA network either (since I would expect traffic to come from a different IP). Last, if I look in device management in Jamf Cloud, the Network Access services is not active for the devices, so I wonder if the Activation Profile is even deployed, despite I’ve done that (I even tried to open the link on a phone manually).Any suggestions on what I might be missing or doing wrong? The documentation isn’t really giving
Hi everyone,We’re currently using Jamf School to manage our Apple devices and are running into issues with Microsoft’s enforcement of strong certificate mapping as outlined in KB5014754.Our environment relies on certificate-based authentication with Active Directory. While we’ve configured UPN mapping using the RFC 822 SAN field, our domain controllers (now in Full Enforcement mode) are rejecting certificates that don’t meet the new strong mapping requirements.Unfortunately, Jamf School doesn’t appear to support:Inclusion of SAN URIs with SID Custom certificate templates Scripting or automation for explicit mapping via altSecurityIdentitiesWe’ve temporarily enabled Compatibility Mode on our domain controllers, but this is only viable until 10 September 2025, when Microsoft will enforce Full Enforcement by default.Questions for the community and Jamf staff:Are there any confirmed plans for Jamf School to support strong certificate mapping before the enforcement deadline? Has anyone foun
Hello Jamf Community, I'm currently experiencing an issue with Jamf Remote Assist — I haven't been able to successfully connect to any Mac devices for the past two weeks. Each attempt either times out or fails with no clear error message. I've tried the following so far: Confirmed that Remote Assist is enabled in Settings. Restarted Jamf Daemon and the local Jamf app on the affected Mac. Verified network/firewall configurations (no changes recently). Tested on both Intel and Apple Silicon Macs with the same result. Has anyone else encountered similar issues recently?Is there any known workaround or reliable fix that could help restore functionality? Any suggestions or guidance would be much appreciated. Thanks in advance!
We’ve been testing Platform SSO with Microsoft Entra ID in a Password Authentication configuration, and found that we need to create a local account on the system first in System Settings > Users & Groups, before a user can log in with user@domain.com as their username, is that expected behavior? If that is what is required then we can work with that, but ideally once the system has the relevant configuration profiles installed I’d like anyone in Entra ID to be able to log in without any manual configuration. If I don’t manually create a local, standard account with the same username beforehand, the user just gets a dialogue box containing a yellow warning triangle with no other information and is then automatically logged out again. Or would I be better off with a Secure Enclave configuration? We have hundreds of staff 1:1 Macs (mostly MacBooks) and about 100 lab iMacs/Mac Studios. We are a big MS/Azure/Entra house, currently bind to AD (which we are desperate to come away from
Hello jamf nation, If the goal of the new Jamf Nation Rewards program is to generate more content, user numbers and traffic, then it would be cool if jamf also considered redesigning the forum page. There are no specific topic areas. I can only search or scroll down. If I have then scrolled down so far that I have to click on "load more", then open a post and click back again, I am back at the top of the homepage and have to go back to the bottom and click on "load more". The only way to avoid this is to open a post in a new tab. Are there any thoughts on this?l @Mitchell_Gordon Cheers
Submit and vote on product ideas.
Learn about our customer advocacy program that celebrates our most passionate customers.
Join the community to receive product updates, and share feedback.
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.
