Jamf Nation Community

danlaw777 · 2 weeks ago

I Have updated my instance to 11.16 and here are some quick hits that are bugging me.

theres an option of monitor, and monitor and enforce. However there is no switch available to go from 1 to the other, you need to create a whole new set of rules, make your changes, then send it out. this needs to be looked at.
once the monitor has been set (I didnt enforce quite yet) you get the results, how many machines pass or fail, there is NO WAY to see what machines fail, OR WHY they failed certain standards, this too needs to be looked at.
using the advanced search fails to yield any results as there is no way to point to these standards in the search function
when using JCE, profiles were added in the device management tab, using Jamf's CE, I dont have a CLUE where they're stored at
the documentation contains NONE of the items i've listed above

Tomas_Lukl1 · a week ago

Hi @danlaw777 . Thanks for your interest in compliance benchmarks and your feedback. Let me comment those:

Ability to switch between monitor and enforce mode will come in very near future. We are actively working on it.
We understand the need to easily see what machines are out of compliance. This is also under development and will come in near future. In the meantime, there is a workaround to get this information - please see this post. Please let us know if this helped.
"using the advanced search fails to yield any results as there is no way to point to these standards in the search function" - could you please elaborate a bit more? Do you mean that the workaround does not produce what you need or that it does not work at all?
Compliance benchmarks creates and manages profiles, scripts and other artefacts that are stored under device management tab. They are organised into a category that is named after your compliance benchmark configuration name.

danlaw777 · a week ago

ability to switch coming-EXCELLENT

workaround worked!

and I still dont see the profiles in device management

Tomas_Lukl1 · a week ago

@danlaw777 Do you mind sharing your compliance benchmark configuration as well as the profiles section under device management (screenshots incl. rules, if that is ok)? If you can't share it publicly for privacy reasons, please share it via DM to me or open a support ticket. Thank you.

danlaw777 · a week ago

if you have time, send me a calendar req and I can show you live

Tomas_Lukl1 · Tuesday

Hi@danlaw777 . Here is my Calendly link. Feel free to pick a time that suits you the best! Thank you.

mattjerome · Thursday

I was just looking and is there no way to edit the scope of compliance readiness after it is created? I saw I can edit which rules are enforced but not any scoping.

Tomas_Lukl1 · Thursday

Hi @mattjerome . Thank you for your feedback. We are actively working on many improvements to the compliance benchmarks capability - allowing to change the smart group (scope) is one of the items that are on our near-term roadmap. Please stay tuned for updates. In the meantime, as a workaround, you could potentially use nested smart groups feature in Jamf Pro to achieve what you need.

Could you please describe the use case for which you need to edit the scope?

danlaw777 · yesterday

scoping feature is NEEDED!
1. pilot this configuration

2. post pilot, rescope to all devices

3. pilot next macOS

these are 3 but there are more I know

Jamf Nation Community

11.16 compliance features