Does anyone know if JC 2.25 | Okta OIDC support Authentication Passthrough?  I have been struggling with getting this to work with Okta OIDC.  A few have mentioned via Mac Admins channel that this is a feature request but Jamf support, via support ticket, has mentioned that it does work with Auth Passthrough and Okta OIDC. Scratching me head....

I've been seeing some extremely odd behaviors with the 13.5 installer involving internet connectivity during the installation. I use Download Full Installer to grab the whole shebang as a single installer so I'm not working with deltas or snub installers. I've done this for the past couple years without any problems. Reports are kinda scattered, but it appears that when the installer is running before the initial restart, it is trying to download additional bits from Apple. I only discovered this when a user was getting this error  I triple checked that the installer that was pushed to his Mac worked on a couple of my test Macs. The installer was not broken. After deleting and reinstalling the installer on his Mac 3 times with the same result, I asked him to disable Wifi and unplug from ethernet.. same problem, The I had him reconnect to the network and then disable ZScaler. The installer worked instantly!Another sign was that a user's Mac was on our guest network but he forgot to

Hello everyone,We're running across a very mysterious issue with macOS systems running Monterey. Once in awhile, the Mac will get into a condition where com.apple.softwareupdated either gets corrupted, broken, or gets unregistered completely. These are all Macs connected to our Jamf Pro container. When the service goes into a problem state, the Software Update GUI spins indefinitely and when we try to run softwareupdate -l in Terminal, we receive an error stating:The connection to service named com.apple.softwareupdated was invalidated: failed at lookup with error 3 - No such process. When we try to run sudo launchctl kickstart -k system/com.apple.softwareupdated , we get error:Could not find service "com.apple.softwareupdated" in domain for system To verify the service is even installed on the Mac, we run sudo launchctl list | grep com.apple.softwareupdated and it doesn't return anything back. When we run this same command on a Mac where Software Update is still functio

Long story short. Everything was manually created and assigned statically or via smart and everything was good. Now all the devices have come back and mixed all together and they need to go back out. What is the best way to deploy from that scenario. I've been looking for days but finally decided to reach out since no one has a clue just an idea of what they want it to do. I was tossed this project with the knowledge of only assigning and simple usage of JAMF. Now I am in charge of recreating the beast and getting it up and running with new parameters. Any help is appreciated. We have around 1000 devices that are named based on site rooms and a few assigned to the user or teacher. We now have SFTP pulling data for grades tk-1st along with their teachers, in the hopes of enabling classroom. Apple school manager is being used but that's another beast in itself that I have to deal with. 

We are currently looking to implement some preferences to Outlook.We have configurations to block users from adding personal emails but is there a way to report on how many users have personal emails added and how to remove them  Thanks  

Hey JAMF Nation Community!I was exploring with my team and wanted to see if there's a way to block users from adding a personal O365 account to their Outlook via a plist. I've checked around JAMF Nation and online and haven't seen anyone bring this up. Just wanted to see if anyone has implemented a solution in their own environments? Thanks!

Hello all, Requiring our org to update the password complexity and have a quick few questions. We have a configuration profile setup to update the password complexity to a higher number of digits needed. Currently our systems have static passwords. We are doing this in a two pronged approach1. Config profile will be updated from 12 characters to 16 characters2. Policy will be run on the determined group of people at a determined time.  # Pulls the current logged in user currUser=$(ls -l /dev/console | awk '{print $3}') pwpolicy -u "$currUser" -setpolicy "newPasswordRequired=1"   Since we are planning to roll out this update with groups of people at a time, can we push the config profile (step 1 above) to ALL users without it prompting them to update their password until we run the policy/remote command (step 2 above) to flag the account for a password reset? Or does the config profile have to be scoped to each group at a time (depending on when w

Hi :) Has anyone else found themselves looking for a smart group you know you created?Every now and again we will create a new smart group and it could be anywhere from a few hours to a couple of days and suddenly it is nowhere to be found! It happened again this morning; I created a smart device group and within an hour it was gone.Just me or goes the Jamf gremlin not like your smart groups either? 🙊 Thanks. 

Does anyone successes to build the VM in Apple Silicon chip devices using VM Ware fusion 13.0,2, If so please guide me to create it successfully.

Hi everybody,Hope everyone is having a great Saturday.Quick question for all.. I have a remote user that keeps entering the correct password (according to her) on her Mac, but it doesn't work and would like to reset it at this point. However, the credentials for the admin account seem to not work either for some reason. Is there a way in Passcode Compliance in JAMF pro to reset the password on a Mac or disable it on her machine so she can enter the last PW? Thanks everyone.

Basically the title.Our Jamf Pro environment is setup with Jamf connect via Okta, and our users use their AD short name to login, so changing it to Azure AD would be too much of a change (unless we can change the login username).As such, we can't leverage as easily AzureAD group membership on the local device.Is it possible to use a policy + script to create a local group that contains the members of the Azure AD idp  group?Thanks! 

Hello everyone;Does any one know how to disable "you don't have permission to use the application "..."" popup, while turn on the parent control "only allow apps" from configuration profile? Only show the "The application "..." can't be opened" popup.  

We are experiencing an odd issue in Jamf where it is reporting both 13.5 and 13.5.0. I have confirmed that 13.5.0 is not a beta version since the build number is the same across these 2 versions. I have also already tested on a Mac that is reporting in Jamf as 13.5.0 that sw_vers -productversion displays 13.5.Has anyone else been experiencing this issue?

I am in the process of writing a new "make me an admin" script. I know there are others that are available but I wanted to do this myself. Yesterday, I got a version of the script working. It promotes the user to admin, then launches Jamf Helper with a countdown. When the countdown is finished, it reverts the user back to a standard account. That part works perfectly. The next step is to add a function to check if the user is already an admin user. That's where I'm having trouble. If I run this part of the script through CodeRunner, it displays the Jamf Helper with a "Done" button. Obviously, the variables defined are working. My Jamf Helper syntax is correct. The if statement that contains the Jamf Helper configuration works. What will be added later is an "else" to elevate the standard user to admin, then launch Jamf Helper with a countdown. When I have these two steps working, I will go back and add in the ability to demote any additional admin accounts that the user may have added

Hi everyone,I created a policy to install Google Chrome using the Installomator script and accidentally scoped it to all computers instead of just newly enrolled devices. Some of my staff report Chrome installing fine and no other issues. Others are saying they get the prompt that Chrome is installing, it closes Chrome, and then says it updated... 30 minutes later, they get the prompt again and it closes Chrome, etc.Is there a way to kill the process so it stops trying to install Chrome?Let me know if you need any information from the script I am using or the policy I created, etc.  

Now I'm migrating from Jamf to Intune. However, in my ABM preference session 'Default MDM server' showing as 'Jamf Pro' and kept as it is. And I'm changing the MDM server manually to 'Intune' by searching the device under device section for testing purpose. Now my question is which will take precedence here, Is that Jamf or Intune MDM server? And any impact to the environment in case if I change the 'Default MDM server' to 'Intune'. Kindly clarify it. Thanks for understanding

Hi! We are looking for a way to enable our user to enroll new macs onsite with our corporate wifi.WiFi is a SSID Hidden WPA2-Enterprise, so users have to use their AD credentials to connect.During Zero-Touch-Setup when the mac setup is prompting the user to connect to a wifi, majority of them are not able to connect a hidden ssid wifi with ad login on top, macOS prompts for the password which user have to leave blank, press enter and then gets asked for their AD Credentials.Or we have issues with the wifi after Initial deployment when the user made it to the wifi and the macs are terminating the connection right before Jamf Connect. How do you guys handle this? A separate "Setup Wifi" and pushing the right corporate wifi after setup with an config profile? Seems not ideal, so we are open for inspiration :) 

I have a local account policy that is still pending for one of my machines, but this particular machine has checked into Jamf plenty of times in the meantime. The log action (details, flush) are also greyed out. Any Ideas 

Hi I want to add an App but it is not listed in the Jamf list. Is there a way to do this? it about this application https://www.papersapp.com/Thanks 

Before version 10.47, App Installers were not relevant for us as there was no Self Service option. Most of our apps were distributed from uploading pkg and installing via a policy (from Self Service).We only install very few apps during enrollment and let the users decide for themselves what they want from Self Service.Now our users may already have installed Chrome or Firefox (or other apps). How do I get them to use the one from the Jamf Catalog?I already created these apps from Jamf App Catalog, but as I understand, this will only auto-update if you install it from the App Installer. So do I need to ask all users to uninstall and then reinstall their apps?Or is there a way I can automate this? 

Is there any way with JAMF to schedule when iOS apps update themselves so that they're not trying to update willy nilly throughout the day? We have some users who are complaining that their apps try to update at inopportune times. Force updates are set on, but it's my understanding that if we didn't have that then they'd have to manually update their apps via self-service? Ideally I'd want to set it to just run updates overnight if that is a possibility in JAMF Pro. Any help is appreciated. Thanks!

Hi folks,Just wondering if any have switched from Intune to Jamf - on IOS devices (this topic is not mac related).We have used intune, and overall I think the experience is pretty bad. Often new updates from Apple come very late into Intune - like RSR support. And overall if pushing apps to devices, the inventory updates first after several hours and the app also can take really long time to get installed.But is it only me that see this issues with Intune ? - The only argument I read on using intune from Admins is typicall that Intune is "free", as companies already have Microsoft licenses where Intune is free included in. But overall features, management, user friendly Intune would not be selected in my view ?Any comments ? - or maybe someone that did the switch from Intune to Jamf on IOS?

Today we are releasing a maintenance version of Jamf Pro. Jamf Pro 10.48.1 fixes the following product issues: [PI111817] Fixed an issue that caused performance degradation in cloud-hosted Jamf Pro environments. [PI111961] Jamf Self Service no longer fails to install packages over SMB. [PI112192] When editing the Jamf Setup or Reset apps in the App Catalog, Jamf Pro no longer fails to save changes. For additional information on what's included in this release, review the release notes via the Jamf Learning Hub. To access new versions of Jamf Pro, log into Jamf Account with your Jamf ID. The latest version is located in the Products section under Jamf Pro.   Cloud Upgrade Schedule Your Jamf Pro server, including any free sandbox environments, will be updated to Jamf Pro 10.48.1 based on your hosted data region below. Review this guide if you need assistance identifying the Hosted Data Region of your Jamf Cloud instance.   Hosted Region Begins En

I have a script I am using for creating website shortcuts on the desktop. My manager doesn't like that they all end in .webloc and asked if I can hide the extension, which can be done in the Finder. The only way I found to do this is using AppleScript command set extension hidden. I have no problem running the following script as myself (removing the sudo -u $logged_in_user). It creates the shortcut and hides the webloc extension. But no matter what I cannot figure out how to get this to work when running the script as root. Since the script will run from JAMF it will always run as root. Any help with this would be appreciated.    #!/bin/zsh logged_in_user=$(/usr/sbin/scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ {print $3}') webloc_filename="Apple" webloc_address="https://www.apple.com/" shortcutPath="/Users/${logged_in_user}/Desktop/${webloc_filename}.webloc" webloc_data='<?xml version="1.0" encoding="UTF-8"?

We are seeing this account creation failed error message occur more often now in M1 and M2 macbooks running Ventura or Monterey OS. We have set up prestage in jamf to automatically create an admin account before the apple set up assistance steps. The workflow is, we turn on the macbook (already assigned to default prestage) and it gets enrolled through ADE and installs the remote management profile. Skips the admin account creation part, but allows us to create a local user manually. This is where it throws the error message. We have a tick with Jamf Support, but not so helpful as it doesn't sound like they have a solid fix for this.