Auto Lockdown if on Unapproved subnet

New Contributor

Good Day all, I am looking for a way to utilize Jamf to add an additional layer of security to my laptops. I already use Jamf for nearly everything but I am stumped on how to implement my latest project. we have Laptops that have confidential data on them and cannot/should not leave the office. What I am hoping to do is to have jamf once it checks in, or on Network Change, validate that it is on the correct IP subnet. if It is on a non corporate subnet it would auto firmware lock with a 6 digit code which would be retrievable via the JSS. anyone out there have any ideas where I can start?


Legendary Contributor II

Is your JSS externally accessible, like a Limited Access JSS in the DMZ? If so, I imagine it could be done via Network Segments, a policy that gets called on Network State Change and a script that uses the API to send a command to APNs to lock the device. It is possible to send remote management commands directed to a device over the Jamf API. I would look at that, since I don't think something like this could be done with a regular policy or command of some kind.

If your JSS is not on the outside, it might be tricky to accomplish this, but there may still be a way. Nothing is coming to me at this moment on how to do that though.