Jamf Connect 2.19.0 Now Available

JustinV
Contributor
Today we released Jamf Connect 2.19.0. This release includes the following changes and improvements:
 
• The Jamf Connect menu bar now reports to Jamf what settings are configured on computers.This data is used to assist our development teams and align with customer interests. This data does not include any Personally Identifiable Information (PII).
 
• The Disable Update Watcher key for the Jamf Connect login window has been added to allow for the Update Watcher to be disabled. When the key is set to true, the login window will remain installed during any macOS updates rather than being uninstalled then reinstalled automatically after the update. The key is now available in Jamf Connect Configuration and the Application & Custom Setting configuration profile payload in Jamf Pro.
 
To access new versions of Jamf Connect, log in to Jamf Account with your Jamf ID. The latest version is located in the Products section under Jamf Connect.
 
Product Documentation
 
See the Jamf Connect Documentation for more information, including Release Notes.
 
Thank you!
The Jamf Connect team
10 REPLIES 10

vladweinstein
New Contributor II

Hi Justin,

Could you elaborate on which settings Jamf is collecting information on?

I understand this does not include any PII but still need to know this for information security purposes.

Feel free to let me know via email as well v.weinstein@drurydesign.com

-Vlad Weinstein

IT Manager

Drury Design Dynamics, Inc.

david_engum
Contributor
Contributor

Vlad,

Thank you for your question. The information being collected with this change is a listing of Jamf Connect specific preferences which have been set for the user.  The values corresponding to the keys are not collected. As an example if the configuration included the below settings, Jamf Connect would be reporting back to Jamf that the preference "WindowTitle" had been set, but the value "Company Login"associated with the key would not be collected.

<key>WindowTitle</key>
<string>Company Login</string>

 This change aims to help prioritize future Jamf Connect development work on the features most important to our customers. 

Thank you for reaching out,

David Engum

Product Owner - Jamf Connect

Bretterson
Contributor

Sorry if this is a dumb question, but can you explain why disabling the update watcher might matter?

noobody
New Contributor III

I'd like to know this as well

@JustinV or @david_engum, can you address this?

I believe (and I could be wrong) but for every major upgrade , Jamf connect login gets disabled. And you need to run a script to enable it. We have a Ext attribute to look for which login is primary and if it hits the OS login primary smart group, the policy to re enable the Jamf Connect Login gets run and they they are authenticating again with, for us, Azure and JC. 

 

If your not looking for it, you wouldn't even know it was happening and end users aren't going to mention it.  Sounds like this can mitigate this issue with this setting. 

 

Again , i could be wrong in this. But that is how i am viewing it. 

Y'know, that does sound kind of familiar. We only require users to login via Connect for the initial login to the computer because we didn't want users to have to enter their passwords twice after rebooting (FileVault and Connect/SSO). Interestingly, after updating to Ventura, users have been getting prompted for the Connect login when the process is complete (and not FileVault, but I understand that to be normal).

I have seen that as well, not getting prompted for Filevault after upgrade. and i do agree, that is normal. 

@Bretterson how do you require your users to only login via JC and avoid entering their credentials twice !!

I asked this question before and no one said that I can, I either have to live with the double authentication (FV and Connect) or not to enable "DenyLocal" or require a network authentication so basically I had to disable it.

i'm still in the process of testing Jamf Connect, didn't deploy it yet so if you can shed more light on this point that would be great.

 

@MacJunior - It's the other way around: for the very first login we require Jamf Connect, but after that it's only the FileVault login. The bit where it prompts for JC but not FV is only for the restart when the Ventura install is complete. Sorry for the confusion, I see how what I wrote could be misinterpreted.