What is the recommended way of handling compliance with the upcoming Sequioa release? I have used the Jamf Compliance Editor to create config profiles for Sonoma, which was very convenient, since the JCE let's you upload perfectly name config profiles for Sonoma and its predecessors.
If I am not mistaken, the JCE does not currently support Sequoia, yet. For now, I have set major OS updates to be deferred by 90 days, so I can sort this out.
How do you guys handle this?
When is the JCE likely to be updated?
Thank you for your help.
Toby
Best answer by AntMac
Yeah, I saw that. I am using the Compliance Editor GUI. How does that tie in with the release?
At its core Compliance Editor relies pretty heavily on MacOS Security Compliance project. Compliance Editor just has a really user friendly GUI instead of command line only.
As far as I know, you have 2 options at this point in time.
Use the MacOS Security Compliance project command line version
Modify your JCE Preferences to show all branches (including draft)
If you choose to make the modification it will show branches that are still under development as well as released. Run this with JCE closed:
On open it will show all of the branches with Sequioa towards the bottom of the list.
Side note - I have heard the final version for the CIS benchmarks will probably be an October release. Maybe this is when Sequioa branch will come out of draft branch? But no official word yet. You may want to join the Macadmins slack and join the #jamf-compliance-editor channel as it will likely be posted there first.
Yeah, I saw that. I am using the Compliance Editor GUI. How does that tie in with the release?
At its core Compliance Editor relies pretty heavily on MacOS Security Compliance project. Compliance Editor just has a really user friendly GUI instead of command line only.
As far as I know, you have 2 options at this point in time.
Use the MacOS Security Compliance project command line version
Modify your JCE Preferences to show all branches (including draft)
If you choose to make the modification it will show branches that are still under development as well as released. Run this with JCE closed:
On open it will show all of the branches with Sequioa towards the bottom of the list.
Side note - I have heard the final version for the CIS benchmarks will probably be an October release. Maybe this is when Sequioa branch will come out of draft branch? But no official word yet. You may want to join the Macadmins slack and join the #jamf-compliance-editor channel as it will likely be posted there first.
At its core Compliance Editor relies pretty heavily on MacOS Security Compliance project. Compliance Editor just has a really user friendly GUI instead of command line only.
As far as I know, you have 2 options at this point in time.
Use the MacOS Security Compliance project command line version
Modify your JCE Preferences to show all branches (including draft)
If you choose to make the modification it will show branches that are still under development as well as released. Run this with JCE closed:
On open it will show all of the branches with Sequioa towards the bottom of the list.
Side note - I have heard the final version for the CIS benchmarks will probably be an October release. Maybe this is when Sequioa branch will come out of draft branch? But no official word yet. You may want to join the Macadmins slack and join the #jamf-compliance-editor channel as it will likely be posted there first.
At its core Compliance Editor relies pretty heavily on MacOS Security Compliance project. Compliance Editor just has a really user friendly GUI instead of command line only.
As far as I know, you have 2 options at this point in time.
Use the MacOS Security Compliance project command line version
Modify your JCE Preferences to show all branches (including draft)
If you choose to make the modification it will show branches that are still under development as well as released. Run this with JCE closed:
On open it will show all of the branches with Sequioa towards the bottom of the list.
Side note - I have heard the final version for the CIS benchmarks will probably be an October release. Maybe this is when Sequioa branch will come out of draft branch? But no official word yet. You may want to join the Macadmins slack and join the #jamf-compliance-editor channel as it will likely be posted there first.
Did you hear or see anthing on iOS 18 CIS Benchmark by chance?
@exo - just out of curiosity, how did you create the actual config profile for managing the OS update deferrals while also using the config profiles that JCE auto built?
The OS update deferrals are pretty easily set if you use the UI for Restrictions.... but there's a lot of other settings in there that will also step all over the arcane XML/mobileconfigs that JCE has put in place. So I'm not really sure where to actually put the settings for the deferral.
At its core Compliance Editor relies pretty heavily on MacOS Security Compliance project. Compliance Editor just has a really user friendly GUI instead of command line only.
As far as I know, you have 2 options at this point in time.
Use the MacOS Security Compliance project command line version
Modify your JCE Preferences to show all branches (including draft)
If you choose to make the modification it will show branches that are still under development as well as released. Run this with JCE closed:
On open it will show all of the branches with Sequioa towards the bottom of the list.
Side note - I have heard the final version for the CIS benchmarks will probably be an October release. Maybe this is when Sequioa branch will come out of draft branch? But no official word yet. You may want to join the Macadmins slack and join the #jamf-compliance-editor channel as it will likely be posted there first.
I'm interested in learning more about the compliance project's CLI. Is there a separate binary for that which is different from the JCE I guess? I haven't seen anything about a CLI except for this post.
