Posted on 01-09-2023 11:29 AM
Posted on 01-11-2023 10:10 AM
Hi Justin,
Could you elaborate on which settings Jamf is collecting information on?
I understand this does not include any PII but still need to know this for information security purposes.
Feel free to let me know via email as well v.weinstein@drurydesign.com
-Vlad Weinstein
IT Manager
Drury Design Dynamics, Inc.
Posted on 01-11-2023 12:01 PM
Vlad,
Thank you for your question. The information being collected with this change is a listing of Jamf Connect specific preferences which have been set for the user. The values corresponding to the keys are not collected. As an example if the configuration included the below settings, Jamf Connect would be reporting back to Jamf that the preference "WindowTitle" had been set, but the value "Company Login"associated with the key would not be collected.
<key>WindowTitle</key> <string>Company Login</string>
This change aims to help prioritize future Jamf Connect development work on the features most important to our customers.
Thank you for reaching out,
David Engum
Product Owner - Jamf Connect
01-19-2023 06:24 AM - edited 02-01-2023 06:08 AM
Sorry if this is a dumb question, but can you explain why disabling the update watcher might matter?
Posted on 01-31-2023 06:28 PM
I'd like to know this as well
Posted on 02-01-2023 06:09 AM
@JustinV or @david_engum, can you address this?
Posted on 02-03-2023 06:13 AM
I believe (and I could be wrong) but for every major upgrade , Jamf connect login gets disabled. And you need to run a script to enable it. We have a Ext attribute to look for which login is primary and if it hits the OS login primary smart group, the policy to re enable the Jamf Connect Login gets run and they they are authenticating again with, for us, Azure and JC.
If your not looking for it, you wouldn't even know it was happening and end users aren't going to mention it. Sounds like this can mitigate this issue with this setting.
Again , i could be wrong in this. But that is how i am viewing it.
02-03-2023 06:21 AM - edited 02-03-2023 12:37 PM
Y'know, that does sound kind of familiar. We only require users to login via Connect for the initial login to the computer because we didn't want users to have to enter their passwords twice after rebooting (FileVault and Connect/SSO). Interestingly, after updating to Ventura, users have been getting prompted for the Connect login when the process is complete (and not FileVault, but I understand that to be normal).
Posted on 02-03-2023 06:26 AM
I have seen that as well, not getting prompted for Filevault after upgrade. and i do agree, that is normal.
Posted on 02-06-2023 12:46 AM
@Bretterson how do you require your users to only login via JC and avoid entering their credentials twice !!
I asked this question before and no one said that I can, I either have to live with the double authentication (FV and Connect) or not to enable "DenyLocal" or require a network authentication so basically I had to disable it.
i'm still in the process of testing Jamf Connect, didn't deploy it yet so if you can shed more light on this point that would be great.
Posted on 02-06-2023 05:49 AM
@MacJunior - It's the other way around: for the very first login we require Jamf Connect, but after that it's only the FileVault login. The bit where it prompts for JC but not FV is only for the restart when the Ventura install is complete. Sorry for the confusion, I see how what I wrote could be misinterpreted.