We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.
We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.
Real talk, real tools and real-time support from people who get it.
Real answers from Apple Admins like you
Find your way around
Share your thoughts
Submit your idea
For awhile both Jamf Pro and Jamf Protect had a Resource box on the dashboard page. Both are gone now and we are just redirected to countless webpages to click through to find the information buried. Another useful tool gone….
Looking for some guidance with Jamf Pro - PreStage Enrollment and FileVault. The issue: In PreStage, we pre-create and hide a local admin account. During setup, the workflow prompts for end-user account creation. FileVault is enabled immediately after the user account is created and the user logs in for the first time. As a result, only the end user is added to FileVault , the local admin account is left out of the FileVault enabled users list. I haven’t found a way to ensure the local admin is automatically included in FV2 during enrollment. Should this be configured differently in PreStage, or would scripting the local admin addition after FileVault is enabled be the right approach?
As part of my rollout of platform single sign-on I created a script that checks the user’s password expiration date so that we can alert the user that their password is expiring within 14 days. I want the script to run once a day. I created a launch daemon to run the script. The script and the launch daemon get installed on every Mac with PSSO setup. If the user’s password is expiring on a date that is more than 14 days away the script slimply logs the expiration date and how many days are remaining. The problem I have run into is that if the Mac is not currently connected to the internet when the launch daemon runs the script, there will be no results from the password expiration check with Microsoft. How can I get the launch daemon to run the script again? Currently I have the launch daemon configured to run at a specific hour and minute daily. The deployment script that writtes the password expiration check script and the lauch daemon takes note of the current hour and minute and us
Good day, all! I have a couple of PreStages set up to configure newly purchased Macs for our environment that utilize JSM to install apps and configure the systems. I want to now tackle Macs already in our environment by having the customers, or our technicians, manually enroll them via the web, chiefly because they’ve already been in use and configured, and wiping them to put them in ASM isn’t an option. I want to utilize JSM to do some configuration and prompt for inventory information (ID, email, location info, etc.). Based on this discussion thread on JSM’s GitHub (https://github.com/jamf/Setup-Manager/discussions/88), I know that it’s possible to use JSM for user-initiated enrollments. My problem is that I cannot find anything on how to actually do it. Anyone out there have or know of a site, documentation, group discussion, or anything that would help me? Thanks in advance! -Terry
Howdy everybody! Time for my annual post about how we all need to get our budgets prepped and ready to go for all the hardware we need to replace that Apple is dropping from its OS Compatibility list! I've modified my previous regex statement to take out the models that were lost to us this year to the latest macOS version. It looks like Apple is taking a big ole axe to the intel macs, minus only a couple of exceptions that seem to tie to the devices that were still being sold at the time of the M1 release. One tricky piece are the specific intel MacBook Pro's that Apple has listed. In that grouping are the MacBookPro16,x models, where x is 1,2 and 4, but not the 16,3 model, so keep that in mind. If anyone has details that contradict that, please let me know here and i'll quickly change the posted regex. I've tested this in my own Jamf instances to verify its returning the data that i'd expect to see, and am confident this will be able to match everything that is no longer supported by
I’m unsure if this effects iPadOS 26.0 as I have just pushed out iPadOS 26.0.1 to devices this week. We have a Single App Mode profile for TD Snap (though app doesn’t really matter). After the device is rebooted it looks like on the home screen you can’t unlock the device. Swiping up just shows “No older notifications” but does not unlock the phone and take it to the Single App locked mode to TD Snap. Has anyone else experienced this? This iPad is on iPadOS 26.0.1. Didn’t have this issue prior to the update.
The Foundation is an Apple Business Partner, Apple Premium Technical Partner, and even Apple Authorized Service Provider. We’re also Jamf Professional Partners on the path to Elite status through our latest MSP offering. Our headquarters is in Minneapolis (you can wave to Jamf HQ from our break room!), however we’re looking for an Enterprise Account Executive that can be located anywhere in the U.S. The hope is to help more mid-market and enterprise clients with their MDM and Apple needs. To learn more and apply, visit https://fndtn.com/work
Please RSVP https://luma.com/t0ncmlbl Excited to gather, chat and eat some food! We are still looking for a speaker if anyone has a topic to discuss or a presentation they are dying to share. Please also Location Updated!TimeOut Market916 W. Fulton Market, Chicago, IL 60607 Transit options: 20 minute walk from Ogilvie, 25 minute walk from Union Station.5 Minute walk from CTA Morgan Green/Pink#8 Halsted BusSpothero parking available in the garage directly North in 333 N Green St. Address 916 W. Fulton Market, Chicago, IL 60607
Hi all I’ve got an problem with my Jamf deployment at the moment and the way we use our iPads. Essentially, our filtering and monitoring solution relies upon an app being running in order to re-connect the filtering VPN if disconnected. When teachers restrict students to a specific app or apps, the filtering and monitoring app gets disabled and thus the VPN disconnects. Is there a way to force an app to never be able to be disabled by Jamf Parent or Jamf Teacher? ie. I’d like it so that if a teacher says “Right, no more anything other than Goodnotes” the filtering and monitoring app is not disabled and continues to run. Thanks in advance for any advice with this.
Does anyone has a way to setup MS Outlook 365 as default mail app? If you want to setup it manually you have to do it in the Mac mail app, although you never used it. I have to send out something to the organization with an mailto: link and I do not want all people calling me to ask why Mail is opening instead of Outlook. Additionally it would be nice to set default programs via config profile in Jamf pro. Thank you for your help.
Looking for an alternative to Carddav to push a shared contact list out to shared devices. We have several shared devices that no one will log into M365 on so sharing a contact list to a group of M365 users won't work. What if I set up a shared M365 account, created a standard contact list, created an Exchange Activesync profile in Jamf, and pushed it out to the shared devices as that shared M365 user? In Activesync settings I could deselect everything except contacts. I could share that contact list from the shared account to the entire department so that everyone in the department had the shared contact list in Outlook when signed in to M365. And for the people with an assigned device and sign into M365 on that device, I could direct them to use the contact sync option in Outlook mobile to copy the shared contact list to the native IOS contacts app. Then, I could delegate access to the shared account to designated people in the department so they can manage the shared contact list th
We started implementing Homebrew packages in our deployments. and there are permissions needed for them to run smoothly. When I try get the CDHASH for the binary, they report as not signed. codesign --display -vvvvvv <binary> code object is not signed at all when running tccprofile on our test computer, (tccprofile) it reports cdhash for binary <dict> <key>Authorization</key> <string>Allow</string> <key>CodeRequirement</key> <string>cdhash H"5703c8d7d913bc20bb2e219173cd89267b200400"</string> <key>Identifier</key> <string>/usr/local/Cellar/restic/0.18.0/bin/restic</string> <key>IdentifierType</key> <string>path</string> </dict> my question is how to get the cdhash , or how does apple get it when its not signed?
Earn a cool badge and Jamf Nation Reward Bytes for your published articles. We’re looking forward to your submissions!
216 Questions Answered
30 Questions Answered
17 Questions Answered
15 Questions Answered
45 likes
28 likes
26 likes
25 likes
Learn about our customer advocacy program that celebrates our most passionate customers.
Join the community to receive product updates, and share feedback.
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.
