I (like others) use a smart group for students which lists devices that have “Apps Not In the App Catalog Are Installed”, in case some talented student is somehow able to download or sideload apps we don’t allow. I then use a configuration profile to hide all apps except those they downloaded/sideloaded, making their device near useless until they remove the offending app.
Unfortunately with the iPadOS 26 update, Jamf Pro reports all the iPad default apps (camera, contacts, calendar, etc.) in the installed apps report. As these are default and can not be purchased through the app store, there is no way to add them to the app cataloge. So now every device that updates to iPadOS 26 will be considered to have unnauthorized apps on them. Not sure if this is a bug that Jamf will be able to fix, or if there is another work around to this.
iPadOS 26 - Jamf Pro lists default apps as "Other" (ie. not in the Mobile Device App Catalog)
+7
+26What version of Jamf are you running, OS26 support is added with 11.20. Also, this is why OS update deferrals exist, Jamfs day 1 support is little more than a marketing pitch.
Our district is in the same boat. We had update deferrals enabled since before 26 released, but that doesn’t 100% prevent the problem because there are always situations where an iPad needs to be restored, and then it’s stuck on the latest version. We’ve had to temporarily exclude iPads running iOS 26 from being locked down when non-catalog apps are detected, which isn’t a long-term solution.
I have gone to our catalog and have searched from some of the apps in the list. The ones that do not come up, I have been manually putting them in using this list https://support.apple.com/en-bh/guide/deployment/depece748c41/web For the link if you go to the app store and hit the share button it will give you the link. Have to test the rest of apps but this may make it work because the core apps would be part of your catalog
+7I have gone to our catalog and have searched from some of the apps in the list. The ones that do not come up, I have been manually putting them in using this list https://support.apple.com/en-bh/guide/deployment/depece748c41/web For the link if you go to the app store and hit the share button it will give you the link. Have to test the rest of apps but this may make it work because the core apps would be part of your catalog
So with built in apps, there is no app store url, and they are not technically part of the jamf app catologue it seems, but you can add a an app manually, use the bundle id’s from the website you listed, and for the App url you can use itms-apps:// before the bundle id, and it seems to work. I tested it with the App Store app, and it now reports the app as being part of our catalogue.
Edit: So currently I manually add the app, but it in a category “Native Apps” (to keep them out of the way), set them as “Install automatically”, use the bundle id plus the prefix for the app url, and don’t actually scope the apps. Jamf Pro then reports the apps as “App Store Apps from Mobile Device App Catalog” as unamanged (no problem). So hopefully once I’ve added all the native apps the smart group should work again.
Edit 2: I manually added all the native apps, and they now show up under “App Store Apps from Mobile Device App Catalog” but the device is still in the smart group from the “Apps Not In the App Catalog Are Installed” criteria. I also tried scoping the apps to the devices, but there was no change.
Tony
I did not set mine to automatically install and its not scoped anywhere I created them, and set them to not be managed and not installed and just set it to show in self service. Here is the screen shot of what I did that seems to work. I made my category Apple preinstalled software. Hope this helps
Dave
+7Do the devices stop showing up in the smart group after you do this? I just tried it, but it doesn’t change the membership of the smart group, even though all the apps show as being part of “
App Store Apps from Mobile Device App Catalog”.
So in the inventory view, they show as being part of the app catalog, but the criteria for smart groups “Apps Not in the App Catalog Are Installed” is still being triggered.
Tony
That is exactly what i did. Can you check one of the users that are being flagged and at this point maybe check the department is exactly Student. Not sure if case make a difference just be sure you have no rogue spaces in either the device or the criteria for your smart group, Mine no longer are being flagged and it has the same specs that you have. We are comparing a smart group that uses the criteria department = 2033 for instance. My guess is the device does not exactly have the same department
Dave
+7Yeah, I tried creating a smart group without the department criteria, and it had the same results (plus the extra for teacher devices who are allowed to install whatever they want). The one difference I can see is the fact that I hadn’t marked the apps as free, but the problem is that testing all these permeations requires so many clicks …
Thanks for the help though.
Edit: Wrote a powershell script to change all the apps to free, but still didn’t work for me (devices still getting picked up by the “Apps Not In the App Are Installed” criteria).
FYI I have an active Product Issue number with Jamf regarding this (PI141570) but have so far not heard anything for about 3 weeks.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.