https://support.google.com/chrome/a/answer/9301891I've tried the "CloudManagementEnrollmentToken" file placed in the directory through JAMF as described above with no luck. Reinstalled chrome, signed existing users out and back in, but nothing seems to trigger enrollment or show as enrolled within google admin's "managed browsers" The token itself is a simple text string and nothing more. Example value:"37185d02-e055-11e7-80c1-9a214cf093ae" Below is the limited instruction on setting up this feature of chrome/g-suite **Option 1: Use a policyPush the token to your browser as a policy named CloudManagementEnrollmentToken. Setting policies on Mac devices requires the Apple Profile Manager. Option 2: Use a text filePush the token in a text file called CloudManagementEnrollmentToken, under /Library/Google/Chrome/. This file m

Hi Team,I am trying to create a Jamf Pro Classic API Connection in OKTA Workflows. I created a service account in JAMF Pro granted Administrator, Standard user and Full privileges. When I try to test the connection. I am getting HTTP 401 Authorized Error. I am not finding settings to grant access to  "Make sure that your Jamf Pro Classic API account has access to the /JSSResource/activation code endpoint"Appreciate any help or pointer!Thanks,Kalai

Hi. This is kind of a weird one. We want to create a configuration profile that forces VPN to always stayed toggled on, so that any internet activity is monitored. Obviously we would want this setting to be locked/grayed out. Is this possible to do for iPads/iPhones?Note: We already have a separate configuration profile in place that has the actual VPN connection configured. We just want to make sure that the general VPN setting within the mobile device is locked to ON at all times.Thanks.

Best way to setup auto-restart on a nightly or certain day basis. I want to do it without installing a package to force the restart

Very much a newbie here and not good at writing my own code (I'm very much a copy paste guy when it comes to creating plists etc) - I find that there is no easy way in the JAMF Pro UI to reboot machines in a static group - can anyone give me an easy guide for a policy or config profile that just performs a simple reboot on a machine that I can apply to a static group?

Hi All, I'm wondering if anyone else here force installs chrome apps and how you do it?Right now, I am trying to use the com.google.chrome.plist in /Library/Preferences.That method works great for all other chrome settings that I want (for example I have developer tools turned off, populated the blacklist for extensions, etc), and it's easy to deploy and update with jamf. BUT I cant get it to actually force install any extensions.chrome://policy lists everything right and even says the status for that policy is "OK"any ideas? or a better method? thanks!

Any suggestions welcomed. How can I force sync the Desktop to OneDrive with Jamf Pro? 

After a LOT of head banging, I finally am able to deploy Malwarebytes Endpoint Agent to computers via JAMF. I wanted to share to help others who may be looking for assistance. Please feel free to tweak any of this as there may be better ways, but this worked for me. FYI … this is the deployment method that worked for me in JAMF 1) Log in to the Malwarebytes Nebula platform.2) Go to Downloads.3) In the Mac section, click Download to download the Mac Endpoint Installer to your local device.4) For JAMF the brackets [ ] are incompatible, replace the PKG filename brackets to an underscore enclosing the account token. File name downloaded Setup.MBEndpointAgent[xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx]_.pkg New file name Setup.MBEndpointAgent__xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx__.pkg* 5) Upload the renamed package to JAMF

Hi all, This may be a stupid question but I am relatively new to managing computers with Jamf (only 5 managed so far). I have been testing enrolling my test MacBook Pro and unenrolling a few times to make sure everything comes down as we want it. Instead of unenrolling the device I decided to test out the "Remote Wipe" command in Jamf, which worked perfectly. However since reimaging (and reimaging a few times through the normal process, as well as unenrolling and re-enrolling) the Mac and when doing self enrollment or email enrollment I'm being asked to install the QuickAdd package instead of enrolling by installing the CA certificate and Mobile device profile. This only seems to happen on this one computer, if I go to any other Mac it enrolls with the cert and profile. What is causing this one Mac to enroll with the QuickAdd package and is there anyway to configure which way a device enrolls? We did have a an image set up under Settings -> Computer

This script will completely remove Trend Micro security from the MacWe saw that the official uninstaller didn't completely remove all components.Newer versions might work but this script works for us anyway. #!/bin/sh # Copyright: EVRY # Filename: UninstallTrend.sh # Requires: - # Purpose: Removes Trend Micro Security # Contact: Anders Holmdahl <anders.holmdahl@evry.com> # Mod history: 2018-01-31 launchctl unload /Library/LaunchDaemons/com.trendmicro.icore.av.plist rm /Library/LaunchDaemons/com.trendmicro.* rm -r "/Library/Application Support/TrendMicro" rm -r /Library/Frameworks/TMAppCommon.framework rm -r /Library/Frameworks/TMAppCore.framework rm -r /Library/Frameworks/TMGUIUtil.framework rm -r /Library/Frameworks/iCoreClient.framework rm -r /Applications/TrendMicroSecurity.app killall -kill TmLoginMgr killall -kill UIMgmt exit 0

I've been working on setting up MDM profiles and implementing Secure Token for our devices using Jamf Software, and I've run into a bit of a roadblock. I'm trying to establish MDM profiles on a list of devices using Jamf Software. These profiles are supposed to work in conjunction with Apple's Device Enrollment Program (ADE).I've double-checked my configurations, ensured that the devices are registered correctly with ADE, and waited for an adequate amount of time to allow for profile propagation. Still, the issue persists. Has anyone else faced a similar problem when integrating MDM profiles, ADE, and Secure Token using Jamf Software?

I was wondering if there is a way to manually force a device to check if it has any apps it needs to install from the App Installers. Similar to running "sudo jamf policy" to see if there are any new policies updates, I was wondering if there is something similar.I had an application that I set to auto install, but it was stuck in "processing" for a whole day. It didn't install the app, until I flipped the deploy to "off" then back "on"Thanks for any help!

We use a mac mini as our print server.  Initially we had our printers set to default to black and white but administration wanted that changed to default to color.  I made the appropriate changes in CUPS but our user devices are still defaulting to b&w.  Is there a way to push out these changes to our users?

Hi allIs it possible to deactivate a profile on multiple iPads via Jamf? Maybe over the Group or mark all Devices in on of the group.Best regardsPeter

Hi There, Any help documentation on how to Deploy Windows Defender 365 via iMazing for JAMF NOW?

HiWe use Jamf Pro. I have lots of items displayed in the dashboard of my account. That seems to make the dashboard very slow. It usually takes more than five seconds to load and display everything. I would like to clear the dashboard and only add a few items to speed it up and make it easier to find relevant information.Is there a way to clear the dashboard without having to go through all the items one by one and uncheck the "Show in Jamf Pro Dashboard" checkbox?Thanks in advance!Manuel Brotz

Greetings,  I am trying to support teachers using the classroom app on 2020 model MacBook airs with M1 chips running macOS 13.2 or macOS 13.2.0 Student computers are identical. Both groups are on the same wifi network. Both groups are not signed in with manage apple ids and join the classroom with a join code following the 1st pathway below. ####### There are three (3) ways to do Apple Classroom and they are all currently MUTUALLY EXCLUSIVE. 1. No Apple ID or personal Apple IDS - This is the scenario in which teachers can create the class and give students 4 digit code. No management in the scenario but very easy to implement and flexible for after school programs etc. There are also some MDM restrictions that can be set to make sure students can’t opt out in settings. 2. MDM managed -

I need to push updates to my macs and it seems like the Jamf Software Update tool (yes, I know it's unreliable) from the side bar seem to disappear.Can anyone here explain what might have happened?

Hi everyone,I use JAMF School to administrate the iPads from our school. Most of them don't belong to a specific user, but are borrowed by the students for only one lesson and then given back. That's why the devices "collect" lots of stuff like photos or documents.Is there a way to delete only this user saved data from the devices without losing apps, group affiliation etc. ? I have found "wipe device", which seems to do this (?), but it's not very feasible to do it manually for every single device.What I'd like to have is a command that deletes only the user stored data, preferably automatically like every monday or such - not only for one device, but for every device in a group. I don't want to have to re-enroll the devices or lose their profiles, device group etc. Thank you in advance!(Sorry for mistakes, I'm not a native speaker ;-) )

Hi,I have noticed that when an app is deployed through Self Service and an end-user installs an app, there is a spinning circular "loading" animation that is displayed while the app is downloading and installing. For small apps, this isn't an issue because the animation is replaced with a "done" status quite quickly.For larger apps, like iMovie, Visual Studio, or Premiere, this can be an issue, because the end-user may believe that the app is stuck as the circular loading animation keeps repeating over and over again. This may lead the end user to belive that the app is stuck and may cancel the process. If the animation can be changed to include a % or a loading bar, then the end-user will understand that the app isn't completely done getting installed and will know to be patient until the "done" status is displayed. Can you change the status to include a % or a loading bar when an app is getting installed from Self-Service?

Hi all. I have searched for this specific issue on here and got conflicting results, so I thought I'd post. Two things that we are trying to achieve: 1) Change the prestage enrollment local admin password - this one is pretty self explanatory and can easily be done, however will only take effect for newly enrolled computers. Which brings me to 2) Creating a policy that changes the local admin password. I thought I was successful in this and sort of was. Scoping the policy to a couple of test machines resulted in successful change to admin password when authenticating for things such as software installs and preference changes. The new password even works when changing users in terminal (su administrator). However, the password does not work for initial login to the machine. In fact, it breaks the old password as well, so we are left with a machine that the user "administrator" is unable to log in. I realize this was long winded, so thanks in advance.

Does anyone know the process on a Mac that is run when you use Kerberos authentication/configuration through JAMF.  

Mac OS ventura:, Intel Mac mini, iMacs, and Mac Studios M1 - - so far I have 12 devices stuck in a boot loop. Had a few that started in June, and it's gradually increased. Some are at 13.3, some are at 13.5.Reset SMC, NVRAM, PRAM, first aid, can't get into safe mode. Held down option to ensure I was booting off the main disk - - Nothing is working. We've completely reset a few devices, seems to work for a few days then they go right back into a boot loop.Is it just my environment, or is this a thing from a recent update? If it is an update, is there a way to remove the offending files, or revert back without time machine? I can't even access terminal from the recovery assistant. No utilities option.

Below is our current configuration as we are trying to use our External CA to provide Computer and Mobile Device Enrollment. However when the certificate shows on the device, it shows as $COMPUTERNAME. I changed this to $DEVICENAME and get the same result. Additionally, when we remove the subject completely from the External CA configuration, it causes the enrollment to fail with the error "Your profile has expired".As shown we also have SCEP setup for our config profiles and the Subject config is working fine there. Any thoughts are greatly appreciated. This is on Ventura OS 

We have a configuration profile that's deployed to our laptops that was modified not too long ago containing various payloads and is now being removed and replaced with individual profiles containing only one payload each. I removed everything from the scope of the original profile and deployed the newly created ones in its place. I have been monitoring the removal of the old profile via a smart group and noticed that everything still has it listed as being installed in inventory even though the removal command succeeded. I just took a look at one of the computers in question and decided to redeploy the original configuration profile to it and remove it to see it it would clear up. What I noticed was upon deployment, there were now 2 profiles with the same name, one with the latest settings it had and one with the old settings. I double checked in Jamf and there is in fact only 1 configuration profile with that name. I'm now stuck with 369 computers that have this orphaned