Hello everyone,Hope everyone is having a good week.I have a simple question to ask. I'm trying to install an application called Gytpol on a Mac and I'm getting this error. (See screenshot 1) - When I click on: "Open Anyway" the same error still appears. I checked the GateKeeper settings and the options needed to bypass this error have been enabled - (See screenshot 2). I was wondering if there's another setting that I need in order to get this processed? Obviously, I don't want to bypass Gatekeeper with the spctl --MASTER-DISABLE command and disable GK since this install is going to be added onto other users. Thanks team.

Hi All, I was wandering if anyone has found a webpage or an app that will display the iOS's device serial number on the screen in the format of a 1D linear barcode where we can use our library scanners to quickly scan the devices for inventory purposes? Similar to the idea of having a barcode on your iPhone when going to the airport or a concert event. Thanks, Alex

Hi all, I apologize if this question has been asked - I haven't been able to find a solution. I work for a university and we are in the process of moving off of Airwatch to Jamf. We've got about 500 devices still enrolled into Airwatch and I am slowly moving a few Macs and iPads to Jamf for testing.The onboarding process has been extremely smooth up to integrating our VPP from ASM (Apple School Manager). My main concern is accidentally wiping apps from the devices still in Airwatch while uploading the VPP token to Jamf. Now, the steps I have followed are: In our ASM I have created a secondary location. When I go to Settings > Apps and Books > Server Tokens. I see the second location listed, however, when I go to upload the server token to our Jamf instance I am greeted with an error that says "The service token may be in use by another server. The service token can be reclaimed below for this Jamf Pro server." I am afraid to "reclaim" as this may wipe the apps from devices enroll

iOS 14 reached EOL almost two years ago but Jamf Pro still supports it. My InfoSec team has asked that we prevent our older iPads on version 14 from enrolling. I figured it would be in the pre-stage enrollment settings but alas, have not found it. Is it located somewhere else or simply not possible?

Keep up to date with new Jamf features, solve problems fast, and explore advanced topics with Jamf's Training and Support YouTube channel. Subscribe today for all the latest from Jamf Training and Support!  For more on-demand training, check out some of these additional courses and resources: Jamf 100 Course Jamf 170 Course Jamf Online Training Catalog At any time you need a bit more help or have additional questions, you can always reach out here to your fellow community members or to our friends in Support. 

Hi all, I have an In-House iOS app that we built ourself and where we upload the IPA file to jamf pro and send it out to our iPads. For some iPads, the app does not get updated however if a new one arrives.  It seems that jamf pro is fully aware that a device is not on the latest version, but none of the remote commands will force it to update. It lists the currently installed app as version 1.0.0 and the app in scope is version 1.0.2. But the app does not get updated. This does not happen on all devices. Some update without any issues.  Is there anything I can do to force the updates? Thanks!  

Hi,The title almost points out the complete issue... When adding an App through "Mac Apps > Jamf App Catalog >"  I don't get the option "Distribution Method". Also I don't have the tab 'Self Service'. The only tabs I see are "Configuration settings" and "User notifications":So I am not able to offer App installers through Self Service.Any ideas?

Testing out the Jamf App Installer User Notification settings configuration profiles with the recommended setting:Best Practice: Jamf recommends choosing Persistent from the Banner alert type pop-up menu. You may choose Temporary; however, end users may not see a temporary notification.While we would like update notifications only to be Persistent, we found that ALL notifications are Persistent. eg. Slack messages stayed on the screen, which is not desired.Can Jamf separate user notifications and just target update notifications?

Hi, Has anyone ever tried to pull the expiry date of any Certificate? I can see it is in my Keychain and also can see the last date there. But I need to find a way to pull report from all Macs and send out notification based on expiry date.Unable to pull this info. Any ideas?

We managed to get Apple Classroom to work on iPads, but we couldn't get it to work as a teacher's device on the Mac. We are just trying a very simple 1 teacher device running Classroom and 2 student devices. When starting Classroom on the Mac, Classroom doesn't detect that I've already logged into the Mac with my managed Apple ID. It doesn't detect any classes, and it doesn't detect my name (it asks for my name). I can't see a way to log into Classroom itself. Also, I noticed there is no EDU profile installed on the Mac. This profile is present on our iPads. See screenshot below. Devices are using the same Wifi and Bluetooth is ON. I've tried tethering off my phone's hotspot just to rule out the network - no difference. Any assistance would be much appreciated!

Hello Team,I just need to understand how can I deploy a certificate by Jamf(config profile) so that it will be deployed with mac's hostanme, I have a .cer file.I dont understand how can I put the payload variable, where is the place?Can anyone provide me a screenshot to understand this?If there is ADCS or SCEP server available then process will be same or different?

This school year our school is migrating our existing iPads from Jamf Pro to Jamf School.  Initially, we started by replacing our 30 iPads for our Library with new iPads and in the process purchased Perptual Licenses for each iPad.  Now I'm in the process of moving our existing Jamf Pro iPads to Jamf School.  This process has been very confusing and while I was doing this a found a Jamf School license assigned to an iPad, SN# F6QZP03KJMVR, that I can't l locate and when I view its info in Jamf School inventory, it doesn't exist.  But when I check our Jamf School licenses it appears with a perpetual license in Location Makalapa Elementary School but is not Enrolled.  Since I don't know where this iPad is, may I recover this Jamf School license? 

Hi, All :)I want to restrict updates for macOS Ventura at version 13.2.1 and prevent further updates. I have been using a 90-day restriction policy, but it expired yesterday, and the restriction was lifted. I'm wondering if anyone has a specific method to restrict minor updates.Thank you 

It appears that a Jamf Infrastructure Manager installation will not warn prior to the expiration of the certificate used to secure communication between the JIM instance and Jamf Pro. For more info see the thread @pbenware1 created earlier this year: https://community.jamf.com/t5/jamf-pro/jamf-infrastructure-manager-quot-problem-with-checkin/m-p/288005 

I use macOS VMs a lot for testing. For general policy testing, macOS VMs running in the Apple Silicon version of Parallels work great. One huge limitation of Parallels on Apple Silicon is that there doesn't appear to be a way of creating a macOS VM that is running an earlier version of macOS. On the Intel version of Parallels, I can download the installer app for the version of macOS I want such as 13.3.1 using either the Download Full Installer app or the "softwareupdate --fetch-full-installer --full-installer-version" command, and then use Parallels to select that older macOS installer for my VM. The Apple Silicon version does not appear to allow this. Does anyone have process for this? I have kept older macOS VMs that I made a few months ago saved so I can use them for testing software update policies and workflows, but this is getting annoying. There are many limitations in Parallels for Apple Silicon that don't seem to be getting fixed any time soon. I have tried VMware Fusion on

Hi All,I have a launch Daemon that calls a custom trigger in JAMF which runs a script.The bulk of the script runs fine but there is a section to clean up the existing LaunchDaemon which isn't working as expected. It's meant to bootout the launchdaemon and delete it. It manages to bootout the LaunchDaemon but then the whole script just stops running after this step and there is no recon to JAMF or anything it's like the whole process is just killed once the LaunchDaemon is booted out.If I open terminal and run a "sudo jamf policy -event TRIGGER" then the whole script runs exactly as its meant to.I'm baffled and could do with some help if anyone has come across a similar issue?

I am upgrading all of our Mac environment to Ventura from Monteray. This year we are using inplace upgrades using the Jamf API as we had major issues with deploying the OS update.app then running it through command line to do an erase install. Though this means that all the Apps from last year are still installed and we would like to clean them up. Is there any easy way of identifying and uninstalling the apps that specifically came from Jamf?

Hi All, We use ISL for remote assistance. I added a new line as per ISL supports guidance but then the PPPC profile started to fail on random devices. I've removed the additional line but the profile is still failing on random devices. The error in the management log is:"In the payload (UUID: 5C3CDB37-76DB-4AC6-B82E-ACCF1F2A9345), the required key 'Allowed' is missing." Now, I'm not using a key that has "allowed" as an option, it's just "Deny" or "Allow standard user to allow" which is what I choose. Anyone come across this issue before?

Hi guys,Quick one, what are the correct steps to set up time machine backups to a NAS device using JAMF? I accessed configuration profiles and saw time machine there, but it feels so unnatural that the settings are easily done. Considering that we are using a NAS, I was kind of expecting a username and password field for authentication, etc. 

We've recently started testing Jamf Connect and Azure IdP and was wondering about the following.1. It seems password sync only occurs when using the menu app.  If we change a users password and then login to the Mac we're not given the option to sync the password.  Is this normal?2. From the user perspective having the Azure login screen or the apple native login screen depending on the situation isn't very nice.  Can Jamf Connect be setup to use Azure but with the apple native (Or close to) login screen just to try and maintain a consistent login process. 

What is the main difference between dscl and sysadminctl commands in macOS?

I need to make a script that will clear all safari data, I found some commands that mostly work but I can't get rid of one thing saved microsoft account during SSO login, the only way that works is to delete safari history via GUI, but i need to do it using CLI.Commands I've tried so farosascript -e 'quit app "Safari"'rm -Rf /Users/$3/Library/Cookies/*;rm -Rf /Users/$3/Library/Cache/*;rm -Rf /Users/$3/Library/Safari/*;rm -Rf /Users/$3/Library/Caches/Apple\\ -\\ Safari\\ -\\ Safari\\ Extensions\\ Galleryrm -Rf /Users/$3/Library/Caches/Metadata/Safarirm -Rf /Users/$3/Library/Caches/com.apple.Safarirm -Rf /Users/$3/Library/Caches/com.apple.WebKit.PluginProcessrm -Rf /Users/$3/Library/Cookies/Cookies.binarycookiesrm -Rf /Users/$3/Library/Preferences/Apple\\ -\\ Safari\\ -\\ Safari\\ Extensions\\ Galleryrm -Rf /Users/$3/Library/Preferences/com.apple.Safari.LSSharedFileList.plistrm -Rf /Users/$3/Library/Preferences/com.apple.Safari.RSS.plistrm -Rf /Users/$3/Library/Preferences/com.apple.Safa

Wondering how and what communications admin have send out to users before enabling Apple managed ID?In our company we without doubt have some users who have created an @company.com apple ID, but find it really hard to send out info without it get´s to technical.So wondering if any has some input what they have done (both good and bad things) on sending out communication to usersSo as I understand when enabling managed Apple Id´s, if users do nothing, they and up with a account that will be lost

How do you guys rotate your FV 2 recovery keys?! any ideas?

プッシュ証明書の更新はVPP、DEPと同じで毎年行う必要があります。更新方法はその他の証明書と同様に簡単ですが、　以下の注意点を留意しないと登録済みのコンピュータ / デバイスとの通信が止まってしまう可能性があります。・同じアップルIDを使用する必要有り。・同じApple Device Managementを使用する必要有り。 「なぜ同じプッシュ証明書を使って更新しなければならないのか」を昔懐かしい関所を例に説明してみたいと思います。 ジャムフはアップルのAPNsを使ってジャムフ・プロに登録されたコンピュータ と通信を行いますが、APNsを介して通信を行うにはプッシュ証明書が必要になります。 詳細は割愛しますが、コンピュータはプッシュ証明書を「関所の通行手形」としてジャムフ・プロと通信を行います。通行手形は関所を管理する政権が変更しない限り同じですので、同じ通行手形を使用して、いつでも関所を安全に通過できる事になります。 プッシュ証明書の発行はhttps://identity.apple.com/pushcertで行われます。プッシュ証明書の発行にはアップルID（関所を管理する政権）とMobile Device Management（関所）が必要となります。例：全てのMobile Device Managementが１つのAppleID（政権）で管理されています。そして各Mobile Device Managementが特定のプッシュ証明書（通行手形）を管理する関所となります。 もし通行手形が変更された場合どうなるでしょうか。関所はコンピュータが所持する通行手形を確認、関所が発行した手形と異なるので関所の通行を拒否します。 通行手形が変更される理由は２通りあります。１）異なるアップルIDからプッシュ証明書を更新した場合。別の政権が発行する手形なので、当然手形が異なる事になります。 ２）同じ政権しかし異なる関所からプッシュ証明書を更新した場合。同じ政権が発行する手形ではありますが、別の関所用なので手形が異なる事になります。 上記の理由から、最初に手形を発行した同じ政権が管理する、同じ関所から発行された、通行手形を使用しないといけません。つまり、最初にプッシュ証明書を発行した時と同じアップルID、同じMobile Device Managementから発