In Apple's macOS Sequoia 15.0 release notes the following is mentioned:
"Executables, scripts, and launchd configuration files can be installed using MDM and stored in a secure and tamper-resistant location."
How does this work in Jamf? I have searched but could not come up with the answer. Has anyone been using this and if so how do I configure a tamper resistant location?
MacOS has something called System Integrity Protection or SIP for short, pretty much everything MDM does is protected by SIP and there are tons of SIP protected directories on the disk. I am going to assume they are referring to this.
https://support.apple.com/en-us/102149
@Michael_ABN You're talking about the following Declarative Device Management feature added in macOS Sequoia: https://support.apple.com/guide/deployment/background-task-management-declarative-dep931381403/web
AFAIK Jamf hasn't announced exactly when this will be available in Jamf Pro, but if you look at the JNUC 2024 Keynote they demonstrated "Blueprints" which will be the feature which will bring more support for DDM to Jamf Pro.
And to be clear, directories normally protected by SIP are not writeable via MDM unless SIP has been disabled. In the description of this new capability Apple references the earlier introduction of service configuration files which also use tamper-resistant locations which were not under SIP.
This feature is not yet available in JAMF, you need to wait for Blueprint to be publicly released by JAMf
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.