+18Hey all,
Has anyone started using the new command in 11.5 as shown here:
https://developer.apple.com/documentation/devicemanagement/set_recovery_lock_command
It looks like its been set up on Apple's side, but I don't see any documentation in the Jamf Admin guide related to it? Looks like this is the closest we will get to having a firmware password on M1's.
Best answer by boberito
Not support by Jamf...yet.
+22Not support by Jamf...yet.
+6So much for zero-day feature implementations - we hounded Apple for this addition, they rushed it into a patch, and yet we still have no way of utilizing...
+22So much for zero-day feature implementations - we hounded Apple for this addition, they rushed it into a patch, and yet we still have no way of utilizing...
I think what they mean by zero day support is that jamf works on the platform same day. They’ve never said zero day feature I believe. There’s feature requests going back 3-4 years for things Apple has supported that aren’t in jamf.
+26So much for zero-day feature implementations - we hounded Apple for this addition, they rushed it into a patch, and yet we still have no way of utilizing...
zero-day feature implementations is just a sales pitch. It typically takes JAMF 3-6 months to fully support something new Apple implements. It is extremely common for JAMF to take 5+ years to add new functions (softwareupdate MDM commands anyone?).
Even nearly 3 months later JAMF is still having issues with DeviceLockAndRemovePasscode. I will not even try to implement this until mid to late 1st quarter next year. Let the kinks get sorted out.
+4Here is how you can set the recovery lock key for Jamf computers - https://github.com/shbedev/jamf-recovery-lock
Here is how you can set the recovery lock key for Jamf computers - https://github.com/shbedev/jamf-recovery-lock
Dep,
I was able to adapt and use your code and it does set a recovery code. However, I'm noticing that it won't enable the recovery lock. That is, under the device's Security tab in JAMF you can see that the security lock password is set, but right above it where it says 'Recovery Lock' it says 'Not Enabled'.
I couldn't find in the API documentation what's the method used to enable or enforce a recovery lock. Do you have this information?
EDIT: After more reading on this it looks like the recovery lock status should change to Enabled after the next inventory collection. I'll wait.
+5Ive been able to make my own bash script to set this up using two curls so i can have this as a build item, annoyingly getting a Forbidden result even with :"Send Set Recovery Lock Command" enabled on our API account, anyone know what other perms might be needed.. we only have a few permissions set as we only really use api for one or two items
+5Ive been able to make my own bash script to set this up using two curls so i can have this as a build item, annoyingly getting a Forbidden result even with :"Send Set Recovery Lock Command" enabled on our API account, anyone know what other perms might be needed.. we only have a few permissions set as we only really use api for one or two items
just incase anyone is wondering I realised i was missing the below perms:
Endpoint Operation Privilege Requirements Deprecation Date
| /preview/mdm/commands | post | View MDM command information in Jamf Pro API | N/A |
+4Looks like its in the 2nd Beta of 10.32 so hopefully hits soon.
Can this Set Recovery Lock Command be used in jamf10.4.2 version?
+4Looks like its in the 2nd Beta of 10.32 so hopefully hits soon.
Can this Set Recovery Lock Command be used in jamf10.4.2 version?thanks😁
+26Can this Set Recovery Lock Command be used in jamf10.4.2 version?thanks😁
No, not a chance in heck. The MDM command was not added for years after the release of 10.4.
If you are seriously still running JAMF 10.4, it's time to do some deep thinking and considerations on the viability of managing you Mac environment.
+4No, not a chance in heck. The MDM command was not added for years after the release of 10.4.
If you are seriously still running JAMF 10.4, it's time to do some deep thinking and considerations on the viability of managing you Mac environment.
If I upgrade to 10.42.1 can I use the no mdm command or not😭
+4just incase anyone is wondering I realised i was missing the below perms:
Endpoint Operation Privilege Requirements Deprecation Date
| /preview/mdm/commands | post | View MDM command information in Jamf Pro API | N/A |
/preview/mdm/commands post This command is deprecated no??😱😱😱
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
