Today we released Jamf Connect 2.19.0. This release includes the following changes and improvements:
• The Jamf Connect menu bar now reports to Jamf what settings are configured on computers.This data is used to assist our development teams and align with customer interests. This data does not include any Personally Identifiable Information (PII).
• The Disable Update Watcher key for the Jamf Connect login window has been added to allow for the Update Watcher to be disabled. When the key is set to true, the login window will remain installed during any macOS updates rather than being uninstalled then reinstalled automatically after the update. The key is now available in Jamf Connect Configuration and the Application & Custom Setting configuration profile payload in Jamf Pro.
To access new versions of Jamf Connect, log in to
Jamf Account with your Jamf ID. The latest version is located in the Products section under Jamf Connect.
Product Documentation
Thank you!
The Jamf Connect team
Hi Justin,
Could you elaborate on which settings Jamf is collecting information on?
I understand this does not include any PII but still need to know this for information security purposes.
Feel free to let me know via email as well v.weinstein@drurydesign.com
-Vlad Weinstein
IT Manager
Drury Design Dynamics, Inc.
Vlad,
Thank you for your question. The information being collected with this change is a listing of Jamf Connect specific preferences which have been set for the user. The values corresponding to the keys are not collected. As an example if the configuration included the below settings, Jamf Connect would be reporting back to Jamf that the preference "WindowTitle" had been set, but the value "Company Login"associated with the key would not be collected.
<key>WindowTitle</key>
<string>Company Login</string>
This change aims to help prioritize future Jamf Connect development work on the features most important to our customers.
Thank you for reaching out,
David Engum
Product Owner - Jamf Connect
Sorry if this is a dumb question, but can you explain why disabling the update watcher might matter?
Sorry if this is a dumb question, but can you explain why disabling the update watcher might matter?
I'd like to know this as well
I'd like to know this as well
@JustinV or @david_engum, can you address this?
@JustinV or @david_engum, can you address this?
I believe (and I could be wrong) but for every major upgrade , Jamf connect login gets disabled. And you need to run a script to enable it. We have a Ext attribute to look for which login is primary and if it hits the OS login primary smart group, the policy to re enable the Jamf Connect Login gets run and they they are authenticating again with, for us, Azure and JC.
If your not looking for it, you wouldn't even know it was happening and end users aren't going to mention it. Sounds like this can mitigate this issue with this setting.
Again , i could be wrong in this. But that is how i am viewing it.
I believe (and I could be wrong) but for every major upgrade , Jamf connect login gets disabled. And you need to run a script to enable it. We have a Ext attribute to look for which login is primary and if it hits the OS login primary smart group, the policy to re enable the Jamf Connect Login gets run and they they are authenticating again with, for us, Azure and JC.
If your not looking for it, you wouldn't even know it was happening and end users aren't going to mention it. Sounds like this can mitigate this issue with this setting.
Again , i could be wrong in this. But that is how i am viewing it.
Y'know, that does sound kind of familiar. We only require users to login via Connect for the initial login to the computer because we didn't want users to have to enter their passwords twice after rebooting (FileVault and Connect/SSO). Interestingly, after updating to Ventura, users have been getting prompted for the Connect login when the process is complete (and not FileVault, but I understand that to be normal).
Y'know, that does sound kind of familiar. We only require users to login via Connect for the initial login to the computer because we didn't want users to have to enter their passwords twice after rebooting (FileVault and Connect/SSO). Interestingly, after updating to Ventura, users have been getting prompted for the Connect login when the process is complete (and not FileVault, but I understand that to be normal).
I have seen that as well, not getting prompted for Filevault after upgrade. and i do agree, that is normal.
Y'know, that does sound kind of familiar. We only require users to login via Connect for the initial login to the computer because we didn't want users to have to enter their passwords twice after rebooting (FileVault and Connect/SSO). Interestingly, after updating to Ventura, users have been getting prompted for the Connect login when the process is complete (and not FileVault, but I understand that to be normal).
@Bretterson how do you require your users to only login via JC and avoid entering their credentials twice !!
I asked this question before and no one said that I can, I either have to live with the double authentication (FV and Connect) or not to enable "DenyLocal" or require a network authentication so basically I had to disable it.
i'm still in the process of testing Jamf Connect, didn't deploy it yet so if you can shed more light on this point that would be great.
@Bretterson how do you require your users to only login via JC and avoid entering their credentials twice !!
I asked this question before and no one said that I can, I either have to live with the double authentication (FV and Connect) or not to enable "DenyLocal" or require a network authentication so basically I had to disable it.
i'm still in the process of testing Jamf Connect, didn't deploy it yet so if you can shed more light on this point that would be great.
@MacJunior - It's the other way around: for the very first login we require Jamf Connect, but after that it's only the FileVault login. The bit where it prompts for JC but not FV is only for the restart when the Ventura install is complete. Sorry for the confusion, I see how what I wrote could be misinterpreted.
