Jamf Nation Community

Service Management - Managed Login Items in iMazing Profile Editor will help to create the profile. 
"sudo sfltool dumpbtm" will list all the login items and details to add it in the profile.

Thanks

Here's what I got to finally work. Save the below as a .mobileconfig file, and then upload it to Jamf after updating your org name. You'll have to generate new PayloadUUID's with uuidgen in terminal if you use this as a template for other applications. 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>PayloadDisplayName</key>
			<string>Service Management - Managed Login Items</string>
			<key>PayloadIdentifier</key>
			<string>com.apple.servicemanagement.1ED2CC51-41E0-49EB-A8D1-E6B5C3A283CC</string>
			<key>PayloadType</key>
			<string>com.apple.servicemanagement</string>
			<key>PayloadUUID</key>
			<string>1ED2CC51-41E0-49EB-A8D1-E6B5C3A283CC</string>
			<key>PayloadVersion</key>
			<array>
				<dict>
					<key>Comment</key>
					<string>Zoom</string>
					<key>RuleType</key>
					<string>Label</string>
					<key>RuleValue</key>
					<string>us.zoom.ZoomDaemon</string>
				</dict>
			</array>
		</dict>
	</array>
	<key>PayloadDisplayName</key>
	<string>Zoom - Managed Background and Login Items</string>
	<key>PayloadIdentifier</key>
	<string>YOURORGHERE.87731DFF-DE49-482B-958F-0623F514D2AF</string>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>87731DFF-DE49-482B-958F-0623F514D2AF</string>
</dict>
</plist>

I had never tried iMazing before, thank you both that suggested it! Holy crap this is going to make things easier

Can't get this to work. I tried the profile created by naschenbrenner above. I changed the UUID codes and uploaded it to Jamf. It pushes out to the workstation, and the profile installs. However the toggles in LoginItems can be still changed. The computer I am testing with is Ventura 13.0.1. It was upgraded from the Beta... so maybe something is not working right? I also tried to add the team id, and the LabelPrefix:

<dict>
	<key>RuleType</key>
	<string>TeamIdentifier</string>
	<key>RuleValue</key>
	<string>BJ4HAAB9B3</string>
</dict>
<dict>
	<key>RuleType</key>
	<string>LabelPrefix</string>
	<key>RuleValue</key>
	<string>us.zoom</string>
</dict>

 I will try to re-install the computer with Ventura 13.0.1 from scratch to see if this fixes the issue...

Here is the Profile info from using Robert Hammen's info.  Used iMazing Profile Editor to build it and then upload it.  Works great...no more notifications.  Just scoped to enrollment for Smart Group "macOS 13."

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>NotificationSettings</key>
			<array>
				<dict>
					<key>BundleIdentifier</key>
					<string>com.apple.BTMNotificationAgent</string>
					<key>NotificationsEnabled</key>
					<false/>
				</dict>
			</array>
			<key>PayloadIdentifier</key>
			<string>com.apple.notificationsettings.12c05d0d-6231-4621-9ac6-a781a626951b</string>
			<key>PayloadType</key>
			<string>com.apple.notificationsettings</string>
			<key>PayloadUUID</key>
			<string>12c05d0d-6231-4621-9ac6-a781a626951b</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
		</dict>
	</array>
	<key>PayloadDescription</key>
	<string>Disable Background Task Management Notifications</string>
	<key>PayloadDisplayName</key>
	<string>Disable Background Task Management Notifications</string>
	<key>PayloadIdentifier</key>
	<string>com.apple.notificationsettings.5ea4543d-f0fe-4f19-9e5f-7fab2051b712</string>
	<key>PayloadScope</key>
	<string>System</string>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>5ea4543d-f0fe-4f19-9e5f-7fab2051b712</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
</dict>
</plist>

@scottb Thanks for sharing your solution Scott.  A general question regarding your solution and Robert Hammen. Once we deploy the Disable Notifications to our fleet will it block ALL Notifications from any software or just the titles related to the Managed Logins?
I already have notifications disabled for Qualys, Forescout, FireEye etc.  So wondering if I need to make more changes.

Thanks 

@scottb 

For the apps I mentioned I used Notification and the specific Bundle ID to block them.

You say the one above will silence them all.  Is that ALL notifications for ALL Apps or just  New Login Items as mentioned in the last line. It was not clear to me.

Login Item management is not built into the latest Jamf Pro version? We should continue to use Robert Hammen's solution? 

To block the "Managed Login Items Added" notification, use this simple procedure:

• Create a new Configuration Profile
  • Set to Computer level
• Select the Notifications payload
  • Leave App Name blank
  • Enter "com.apple.btmnotificationagent" into the Bundle ID field
  • Select Disable for Critical alerts
  • Select Disable for Notifications
• Scope to a test machine to test
• Save Profile

Another way to block the "Managed Login Items Added" notification is to:

• Create a new Configuration Profile
• Set to Computer Level
• Select Notifications payload
• Skip App Name field, leave it blank
• Enter "com.apple.btmnotificationagent" for the Bundle ID
• Select Disable for Critical Alerts
• Select Disable for Notifications
• Scope to test machine(s)
• Save Profile

I'm trying to grey out elastic-agent in the login items in Ventura but it still doesn't work!

after running this command "sudo sfltool dumpbtm" I got this about Elastic agent : 

#15:

                 UUID: F8A306A3-45BB-4B2B-A1CE-DD5824BB6D7A

                 Name: elastic-agent

       Developer Name: (null)

                 Type: legacy daemon (0x10010)

          Disposition: [enabled, allowed, visible, notified] (11)

           Identifier: co.elastic.elastic-agent

                  URL: file:///Library/LaunchDaemons/co.elastic.elastic-agent.plist

      Executable Path: /usr/local/bin/elastic-agent

           Generation: 1

    Parent Identifier: Unknown Developer

I built a profile like this one below but it still doesn't work ! any tips please?

Actually it worked by choosing LabelPrefix as the rule type and the value is co.elastic

Looks like Managed Login Items is a section in Jamf Pro in the built in Configuration Profiles section

@bootrec We had the same problem and ended up using a startup policy with a script to update inventory if the macOS is Ventura and scope the profiles to macOS Ventura smart group.

Thanks.

#!/bin/bash
#
# Run recon if the Mac is running macOS Ventura.
#
IFS='.' read osvers_major osvers_minor osvers_dot_version <<< "$(/usr/bin/sw_vers -productVersion)"
if [[ ${osvers_major} -eq 13 ]]; then
	echo "macOS Ventura $osvers_major.$osvers_minor.$osvers_dot_version"
	jamf recon
else
	echo "Device not running macOS Ventura. Inventory update not required at startup"
fi

I created the below, but I'm still getting the background notification message.

• Create a new Configuration Profile
  • Set to Computer level
• Select the Notifications payload
  • Leave App Name blank
  • Enter "com.apple.btmnotificationagent" into the Bundle ID field
  • Select Disable for Critical alerts
  • Select Disable for Notifications
• Scope to a test machine to test
• Save Profile