Jamf Nation Community

GabeShack · ‎08-18-2021

Hey all,

Has anyone started using the new command in 11.5 as shown here:

https://developer.apple.com/documentation/devicemanagement/set_recovery_lock_command

It looks like its been set up on Apple's side, but I don't see any documentation in the Jamf Admin guide related to it? Looks like this is the closest we will get to having a firmware password on M1's.

Gabe Shackney
Princeton Public Schools

boberito · ‎08-18-2021

Not support by Jamf...yet.

View solution in original post

GabeShack · ‎08-18-2021

Looks like its in the 2nd Beta of 10.32 so hopefully hits soon.

Gabe Shackney
Princeton Public Schools

View solution in original post

boberito · ‎08-18-2021

Not support by Jamf...yet.

GabeShack · ‎08-18-2021

Is this in the next beta or should I be making a feature request?

Gabe Shackney
Princeton Public Schools

GabeShack · ‎08-18-2021

Looks like its in the 2nd Beta of 10.32 so hopefully hits soon.

Gabe Shackney
Princeton Public Schools

taochunhua · ‎11-03-2022

Can this Set Recovery Lock Command be used in jamf10.4.2 version?

taochunhua · ‎11-03-2022

Can this Set Recovery Lock Command be used in jamf10.4.2 version?thanks😁

AJPinto · ‎11-04-2022

No, not a chance in heck. The MDM command was not added for years after the release of 10.4.

If you are seriously still running JAMF 10.4, it's time to do some deep thinking and considerations on the viability of managing you Mac environment.

taochunhua · ‎11-09-2022

If I upgrade to 10.42.1 can I use the no mdm command or not😭

cboatwright · ‎08-19-2021

So much for zero-day feature implementations - we hounded Apple for this addition, they rushed it into a patch, and yet we still have no way of utilizing...

boberito · ‎08-19-2021

I think what they mean by zero day support is that jamf works on the platform same day. They’ve never said zero day feature I believe. There’s feature requests going back 3-4 years for things Apple has supported that aren’t in jamf.

AJPinto · ‎11-10-2021

zero-day feature implementations is just a sales pitch. It typically takes JAMF 3-6 months to fully support something new Apple implements. It is extremely common for JAMF to take 5+ years to add new functions (softwareupdate MDM commands anyone?).

Even nearly 3 months later JAMF is still having issues with DeviceLockAndRemovePasscode. I will not even try to implement this until mid to late 1st quarter next year. Let the kinks get sorted out.

dep · ‎01-23-2022

Here is how you can set the recovery lock key for Jamf computers - https://github.com/shbedev/jamf-recovery-lock

ele_hache · ‎02-04-2022

Dep,

I was able to adapt and use your code and it does set a recovery code. However, I'm noticing that it won't enable the recovery lock. That is, under the device's Security tab in JAMF you can see that the security lock password is set, but right above it where it says 'Recovery Lock' it says 'Not Enabled'.

I couldn't find in the API documentation what's the method used to enable or enforce a recovery lock. Do you have this information?

EDIT: After more reading on this it looks like the recovery lock status should change to Enabled after the next inventory collection. I'll wait.

L-plateAdmin · ‎03-04-2022

Ive been able to make my own bash script to set this up using two curls so i can have this as a build item, annoyingly getting a Forbidden result even with :"Send Set Recovery Lock Command" enabled on our API account, anyone know what other perms might be needed.. we only have a few permissions set as we only really use api for one or two items

L-plateAdmin · ‎03-07-2022

just incase anyone is wondering I realised i was missing the below perms:

Endpoint Operation Privilege Requirements Deprecation Date

/preview/mdm/commands

post

View MDM command information in Jamf Pro API

N/A

taochunhua · ‎11-10-2022

/preview/mdm/commands post This command is deprecated no？？😱😱😱

Jamf Nation Community

Anyone using the M1 "Set Recovery Lock" Command