We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.
We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.
Real talk, real tools and real-time support from people who get it.
Real answers from Apple Admins like you
Find your way around
Share your thoughts
Submit your idea
Hi everyone, Apparently there is a loophole to leak data according to our cybersecurity team on the MacOS Outlook client using the “Share to Teams” feature I am trying to disable the function for “Share to Teams” via a configuration profile on JAMF with the following configurations Application & Custom Settings > Upload Preference Domain: com.microsoft.Outlook PLIST: <plist version="1.0"><dict> <key>com.microsoft.Outlook</key> <dict> <key>DisableShareToTeams</key> <true/> </dict></dict></plist> I am wondering if anyone have any insights about this Thanks in advance!!
I'm integrating with JAMF MDM to get mobile devices. I have a standard JAMF pro user created and assigned Auditor privileges(grant all read). I'm able to get device info with the following info under the security object. "security": { "dataProtected": , "blockLevelEncryptionCapable": true, "fileLevelEncryptionCapable": true, "passcodePresent": true, "passcodeCompliant": true, "passcodeCompliantWithProfile": true, "hardwareEncryption": , "activationLockEnabled": true, "jailBreakDetected": false }, I have to capture the compliance info as well when I try to access compliance info using the following API call BaseURL/api/v2/conditional-access/device-compliance-information/mobile/{deviceid} it is showing null results. Please advise how can get the compliance status of the device. Do I need to get more privileges or can we capture from a security object? Thanks. mythdhr
Hey all, If you missed the PSU conference this year, not to worry. You can check out the videos of sessions here and slides can be found here.
Hi All, I have issue with login into Self Service with SSO, I am able to login to access the login process, but once I approve my MFA it doesn't approve my access, does anyone have any information this process?
Hello Jamf Nation The JNL London 2025 sessions are now available here on Youtube. Catch all the sessions in case you weren’t able to attend. Happy watching!
Hey All, We are working on determining the best way to manage our assets. We are a Mac/iOS only environment. So all of our equipment goes into Jamf Pro. We don’t do touchless deployment (management decision although its practically touchless). I’d imagine we’d need to get MUT involved to update purchase status. How do you handle new equipment or equipment that goes back into inventory? Also, we are looking to get physical asset tag stickers for the devices. Any suggestions on using Jamf as a complete solution? Or addition tools that people use for Asset Management to track items? Thanks!
Went to the support portal to enter a ticket and has a link at the top to go to the new support portal which turns out to just be an AI chat bot. While its good for Jamf to have an AI chatbot try and “screen” support questions, I am wondering how well this will work out. The AI bot did not really have an answer to my question so I asked it to create a ticket and it said the team would email me back. I hope there is a way to track these support requests like you could with the old ticketing system. It can be important to have a ticket number.
Hello there, maybe someone has an idea for solving this issue. We have started to enroll MacBooks to employees without admin rights. We was using first the visual studio code installer from jamf mac apps. The problem with this, is that i cant add some configuratio (for example creating a symlink for this app) within the jamf mac app installer config. So at the moment i am using a normal policy with a pkg for vscode. Everything until here is working fine. When an update is released for vscode, the user (without admin right) can't install it. The first window which pops up is for the helper tool (updater) for visual studio code So i was searching for a solution and found this page here, which explains this problem: https://github.com/microsoft/vscode/issues/115805 I am able to do all this changes for the group and ownership for the logged in user but the problem still persist. My script #!/bin/bash set -x # Get the current user's home directory loggedInUser=$(stat -f "%Su" /dev/console)
I have a script that worked before OS15.5. After updating to OS15.6, the script became abnormal. Even if it connected to the allowed SSID and obtained the IP address, it would turn off and on WIFI infinitely. The following is the script. Thank you for your help~~ #!/bin/bashallowed_ssids=("SSID_1" "SSID_2")wifi_port=$(networksetup -listallhardwareports | awk '/Wi-Fi|AirPort/{getline; print $NF}')[[ -z "$wifi_port" ]] && exit 1 lockfile="/Library/Application Support/JAMF/.wifi_cleaner.lock"mkdir -p "/Library/Application Support/JAMF"if [[ -f "$lockfile" ]]; then pid=$(cat "$lockfile") if ps -p "$pid" > /dev/null; then exit 0 else rm -f "$lockfile" fifi{ echo $$ > "$lockfile" trap 'rm -f "$lockfile"; exit' EXIT INT TERM check_and_clean_ssid() { local connected_ssid=$(/usr/sbin/ipconfig getsummary "$wifi_port" | awk -F ' SSID : ' '/ SSID : / {print $2}') local ssid_list=$(networksetup -listpreferredwirelessnetworks "$wifi_port" | tail -n +2 | sed 's/^[[:space:]]*//') is_allowed() { local
Today we are releasing a maintenance version of Jamf Pro; highlights include: Changes and Improvements Jamf Pro 11.19.1 includes Tomcat 10.1.43. Resolved Issues Jamf Pro Server: Security Issues Jamf provides the CVE-ID for security issues with high or critical severity when possible. [PI136944] [PI138128] Fixed: A known vulnerability in a third-party library (CVE-2025-48976). [PI138965] [PI138090] Fixed: A known vulnerability in a third-party library (CVE-2025-5878). Jamf Pro Server [PI135178] Fixed: In a computer configuration profile with a Restrictions payload configured to allow integration with external intelligence services, users may be prevented from enabling ChatGPT on computers in scope. This is due to the profile containing the key "allowedExternalIntelligenceWorkspaceIDs", even if the corresponding setting is not selected. [PI139029] Fixed: Modifications to smart groups are unable to be saved when the group is a dependency of a blueprint and impact alert notifications are e
End User Experience Reference: https://learn.microsoft.com/en-us/mem/intune/configuration/use-enterprise-sso-plug-in-macos-with-intune?tabs=prereq-jamf-pro%2Ccreate-profile-jamf-pro#end-user-experience Secure Enclave After the configuration profile for PSSOe and the companion application for PSSOe are installed on the device, macOS will prompt the user to register. The message can be customized with the configuration profile value of “Display Account Name”. In this example, the Display Account Name was set to “Jamfse.io Entra ID”. The user is then prompted for their local macOS UNIX account password. This is used to determine the user is present and actively using the device. The next step requires the user enter a strong credential like a security key or Passkey enabled on another device. Other methods also include push with number challenge. Upon completion, the user is shown instructions to set up the device as a Passkey provider for Microsoft Entra ID. A user must dismiss the dialo
Hi there. We’re looking at moving to PSSO, where we currently have Jamf Device Compliance on prod Macs, but have run into a wall. MDM=Jamf, IdP=Entra ID, PSSO profile uses Secure Enclave Key as the auth method because we have Jamf Connect managing accounts and password sync and understand that they can be complementary. On new builds when we deploy the PSSO profile before registering with Intune/Company Portal/Entra ID via our normal Jamf-driven Device Compliance workflow, it registers cleanly, works as expected, and CA permits access to protected data and apps, so it’s successfully replacing Device Compliance.On prod devices already registered with Device Compliance, with Entra ID device records, WPJ keys in keychain and the rest, when we deploy PSSO after, it initiates the registration, accepts the user credentials, creates a duplicate stub record in Entra ID, but at the last step where it would require MFA and then pop up the dialog prompting to allow CP Passkeys in System Settings,
Need help with installing GarageBand Loops for users without admin rights.
How do I set up so that students are not able to use the Messages app on their Mac.
Earn a cool badge and Jamf Nation Reward Bytes for your published articles. We’re looking forward to your submissions!
216 Questions Answered
30 Questions Answered
17 Questions Answered
15 Questions Answered
16 likes
12 likes
11 likes
8 likes
Learn about our customer advocacy program that celebrates our most passionate customers.
Join the community to receive product updates, and share feedback.
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.
