Real talk, real tools and real-time support from people who get it.
Get answers from fellow admins
Find your way around
Share your thoughts
Submit your idea
We need to add a new allowance to our VPN profile that is required for the newest version of our VPN client .I am trying to figure out what exactly happens on macOS when a profile gets updated. Does it remove all the settings the profile sets and reapply, or does it only add/remove changes. I would like it so people do not get kicked off VPN when the profile is updated (The addition to the profile only deals with login items. Â
Today we released Jamf Connect 3.1.0; this release addresses the following product issues:[PI131938] Fixed: For configurations using Microsoft Entra ID as their identity provider, the Jamf Connect login window displays an error message at the bottom of the screen when passkeys are an available authentication method. [PI134695] Fixed: The Jamf Connect login window displays a black screen after a user enters their password incorrectly and triggers the maxFailedAttempts setting. [PI135947] Fixed: When Short Name (OIDCShortName) is set to an email, the Jamf Connect login window creates a user account with the entire email domain instead of the prefix before the "@" symbol. To access new versions of Jamf Connect, log in to Jamf Account with your Jamf ID. The latest version is located in the Solutions section under Jamf Connect.Product DocumentationFor additional information on what's included in this release, review the release notes via the Jamf Learning Hub.
I have been using docutil for many years at this point (along with BuildADock). It works great. I am building a new lab and it's a weird setup. Not every computer will have the same versions of software installed (mainly Adobe) for some stupid licensing issues. I'm wondering if there is a way to use wildcards in the docutil script? For example, I have three sets of computers that have either Adobe CC 2023, 2024, or 2025. The software installs are the same, but the version year is different. Rather than make different docks for all the variations in the lab, is there a way to use a wildcard so it puts whichever version of Photoshop onto the dock that is installed onto the computer?
Hi,I would like to create a deployment for Maya 2025 based on the topic for 2024:https://community.jamf.com/t5/jamf-pro/packaging-autodesk-maya-2024-with-redundant-license-servers/m-p/298743I've found a .app installer in the Contents of the installer:/tmp/maya2025/AdskIdentityManager/AdskIdentityManager-Installer.app This app opens an installation wizard. How can I execute this (after the PKG installs) in silent mode?Thank you.
Today we are releasing a maintenance version of Jamf Pro; highlights include:Changes and ImprovementsJamf has upgraded the Jamf Support ticketing system. To access the new Support portal, log in to Jamf Account and click Contact Support in the top navigation. Jamf Pro no longer returns a "Version entered is unknown" error when attempting to execute an advanced computer search or save a smart computer group that uses 'unknown version' as a value for existing patch reporting criteria. Resolved IssuesJamf Pro Server: Security IssueJamf provides the CVE-ID for security issues with high or critical severity when possible.[PI136944] Jamf Pro 11.18.1 includes Tomcat 10.1.42, effectively resolving a known security vulnerability in a third-party library (CVE-2025-48976). For additional information on what's included in this release, review the release notes via the Jamf Learning Hub.To access new versions of Jamf Pro, log into Jamf Account with your Jamf ID. The latest version is located in the
Hey folks, I worked on a script to deploy Autodesk 2026 (the one that uses the named user licenses). We don’t teach Mudbox, so that isn’t in the script...but Maya and AutoCAD is (along with Darwin..what a PIA to get working). I packaged the apps and deployed to /private/tmp/AutodeskApps… I have a lot of logging left in the script as Darwin is a royal pain and can fail at many different steps. I also made use of a lot of variables to hopefully make updating in the future easier. Oh, also did it in zsh.Hope you all find it useful, or at the very least, a good jumping off point!#!/bin/zshset -euo pipefail############################# VARIABLES############################YEAR="2026"TMP="/private/tmp"APP_TMP="${TMP}/AutodeskApps"LOG="/var/log/autodesk2026_install.log"DMG_LIST=( "Autodesk_Maya_2026_1_Update_ML_macOS.dmg" "Darwin.dmg" "AdskIdentityManager-UCT-Installer.dmg" "Autodesk_AutoCAD_2026_macOS.dmg")PKG_FILE="AdskLicensing-15.4.0.13093-mac-installer.pkg"INSTALL_SUMMARY=()log() {
Anyone having a keychain issue and the onboarding window not opening automatically upon first login (newly imaged machine that hasn’t been logged into before)? Tried 3 times and get the same result.Self Service+ Version: 2.4.0Jamf Connect Version: 3.4.1Jamf Connect Preference Domain Version: 3.2.0macOS Version: 15.5 (24F74) Â
Does anyone receive these emails, [HIGH] Alert for Sophos Central, when their computer is updated from one operating system to another, or at other random times? I was informed by Sophos that I would need to manage using static groups instead of smart groups, but that seems inefficient and not ideal.
Hi,I’m trying to use Network Access in Jamf Cloud to route traffic to M365 apps via the ZTNA network for IOS devices. I’ve added this as a separate Activation Profile on top of the Default Profile that covers different services. The users already had the Jamf Trust app on their phones for the previously enabled services. Those services didn’t require a login, since Jamf Pro is distributing Jamf Trust. With the additional profile I assumed that logging in was somehow made possible in the App, but there’s no option anywhere. Also, I don’t see that traffic is routed through the ZTNA network either (since I would expect traffic to come from a different IP). Last, if I look in device management in Jamf Cloud, the Network Access services is not active for the devices, so I wonder if the Activation Profile is even deployed, despite I’ve done that (I even tried to open the link on a phone manually).Any suggestions on what I might be missing or doing wrong? The documentation isn’t really giving
Hi everyone,We’re currently using Jamf School to manage our Apple devices and are running into issues with Microsoft’s enforcement of strong certificate mapping as outlined in KB5014754.Our environment relies on certificate-based authentication with Active Directory. While we’ve configured UPN mapping using the RFC 822 SAN field, our domain controllers (now in Full Enforcement mode) are rejecting certificates that don’t meet the new strong mapping requirements.Unfortunately, Jamf School doesn’t appear to support:Inclusion of SAN URIs with SID Custom certificate templates Scripting or automation for explicit mapping via altSecurityIdentitiesWe’ve temporarily enabled Compatibility Mode on our domain controllers, but this is only viable until 10 September 2025, when Microsoft will enforce Full Enforcement by default.Questions for the community and Jamf staff:Are there any confirmed plans for Jamf School to support strong certificate mapping before the enforcement deadline? Has anyone foun
Hello Jamf Community, I'm currently experiencing an issue with Jamf Remote Assist — I haven't been able to successfully connect to any Mac devices for the past two weeks. Each attempt either times out or fails with no clear error message. I've tried the following so far: Confirmed that Remote Assist is enabled in Settings. Restarted Jamf Daemon and the local Jamf app on the affected Mac. Verified network/firewall configurations (no changes recently). Tested on both Intel and Apple Silicon Macs with the same result. Has anyone else encountered similar issues recently?Is there any known workaround or reliable fix that could help restore functionality? Any suggestions or guidance would be much appreciated. Thanks in advance!
We’ve been testing Platform SSO with Microsoft Entra ID in a Password Authentication configuration, and found that we need to create a local account on the system first in System Settings > Users & Groups, before a user can log in with user@domain.com as their username, is that expected behavior? If that is what is required then we can work with that, but ideally once the system has the relevant configuration profiles installed I’d like anyone in Entra ID to be able to log in without any manual configuration. If I don’t manually create a local, standard account with the same username beforehand, the user just gets a dialogue box containing a yellow warning triangle with no other information and is then automatically logged out again. Or would I be better off with a Secure Enclave configuration? We have hundreds of staff 1:1 Macs (mostly MacBooks) and about 100 lab iMacs/Mac Studios. We are a big MS/Azure/Entra house, currently bind to AD (which we are desperate to come away from
Hello jamf nation, If the goal of the new Jamf Nation Rewards program is to generate more content, user numbers and traffic, then it would be cool if jamf also considered redesigning the forum page. There are no specific topic areas. I can only search or scroll down. If I have then scrolled down so far that I have to click on "load more", then open a post and click back again, I am back at the top of the homepage and have to go back to the bottom and click on "load more". The only way to avoid this is to open a post in a new tab. Are there any thoughts on this?l @Mitchell_Gordon Cheers
Hi,We are working on implementing Managed Blocking of Macros in Office365.  My task was to to have every user (not computer) have the Macro Security locked to "Disable all macros without notification" There was also to be an exclusion group for users who would not be controlled by the above lock. For the exclusion group, we wanted if possible for them to be locked instead to "Disable all macros with notification" as that setting allows a user to enable macros on a document by document useI also had to make this work with Entra or our On Premises Active Directory (to which the Mac's are bound). As there's no linkage yet with Entra I've focused on Active Directory (AD)I found that the settings for this in the Configuration Profile only work on a "Computer Level" even though they seem to be User settingsMy Configuration Profile looks like this:This works but generally takes a few minutes for the machine to pick up a change in the group from ADIf I try and make a second Config Profile an
Does anyone noticed LDAP attributes for Okta is changed from city to l or o?From today morning, I saw this changes on my environment. With city key word, its not pulled data from Okta to Jamf.
Submit and vote on product ideas.
Learn about our customer advocacy program that celebrates our most passionate customers.
Join the community to receive product updates, and share feedback.
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.