We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.
We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.
Real talk, real tools and real-time support from people who get it.
Get answers from fellow admins
Find your way around
Share your thoughts
Submit your idea
Hey All, We are working on determining the best way to manage our assets. We are a Mac/iOS only environment. So all of our equipment goes into Jamf Pro. We don’t do touchless deployment (management decision although its practically touchless). I’d imagine we’d need to get MUT involved to update purchase status. How do you handle new equipment or equipment that goes back into inventory? Also, we are looking to get physical asset tag stickers for the devices. Any suggestions on using Jamf as a complete solution? Or addition tools that people use for Asset Management to track items? Thanks!
I’ve got a weird issue with MS Defender Configuration Profiles applying/Un-applying intermittently. As part of our enrollment process we install MS Defender and apply Configuration Profiles. This has been working fine for close to 12months. Now for some reason even though the Configuration Profiles are still applying (You can see them in Device Management). The configuration doesn’t always apply even when it does apply the settings can stop taking affect shortly afterwards. Device Management still has the Configuration Policies applied. I’ve tried downloading fresh configurations, onboarding etc. from Microsoft with exactly the same result. Has anyone else seen this?
Updated 14SEPT2022 - I moved the GitHub link over to the official Jamf Github - https://github.com/jamf/jamfconnect/tree/main/azure_conditional_access will have the latest until the official Jamf Connect docs get updated. Updated 14JUL2022 - The github link below has been updated with some steps removed for version 2.13 or greater of Jamf Connect, details about custom ROPG scopes in the menu bar, notes on how the login may still show a failure after doing this but that's fine. https://www.jamf.com/blog/how-to-azure-conditional-access-and-jamf-connect/ will supersede instructions currently on the Jamf Blog. Updated 14JAN2022 - The github link below has been updated to simplify the setup of the application registrations in Azure and allows for full testing in Jamf Connect Configuration before deploying to a test machine. https://www.jamf.com/blog/how-to-azure-conditional-access-and-jamf-connect/ - Updated instructions posted to Jamf Blog. UPDATED: 10 December 2021 - Includes information
Hi folks, I'm looking to create a policy to do the following. Install AWS VPN Client Add Profile with provided .ovpn file. Pushing the AWS VPN Client is easy enough by pushing the .pkg file.Anyone have any experience/ideas for the second part? Thanks!
Basically we have disabled the screenshot feature for a certain group in my organization via JAMF Configuration Profiles, but recently we have found a loophole for users to take screenshots via enabling the “Show features for web developers” and then on Safari, going to Develop tab and “Show Web Inspector” > Elements tab and right click the html to show the option to “capture screenshot” and it will allow you to save the screenshot. We are trying to remediate this loophole by disabling the option to enable the web developers option. Anyone have any ideas? I have tried using Configuration Profile and using the Application & Custom Settings option, but could not get it to work using the plist I found online. https://www.geeksforgeeks.org/techtips/how-to-take-screenshot-apple-safari/
At some point in your career as an Apple Admin, you’ve (most likely) inherited a Jamf instance and said either to yourself or out loud, “Huh, I wonder why they did that. I certainly wouldn’t do it that way” or “That’s not the best practice I was taught”. Caveat: There’s no such thing as best practice. The better concept is defining the best practice for your environment . This is where you get to step in and be the hero. It’s your job to take the environment, back it up first. Make sure you backup your instance and sync it to your free Jamf sandbox (If you don’t have one, talk to your rep). Once you’ve backed up and sync’d to the sandbox, I hope you’re noticing the theme here…you can get started with the H.E.R.O. process. Something not mentioned is the process of writing documentation. DOCUMENT, DOCUMENT, DOCUMENT. Write down everything from the current state, proposed changes, changes you made (with dates), how configs work, workflow processes, and everything else. The 1st thing after
Hi, We'd like to create an app/script that when run prompts the user to enter an asset tag and then automatically renames the device. I.e. asset tag 12345 renames the device to AG-MAC-12345 so that "AG-MAC-" is already predefined? Is this something that can be done with DEPNotify? TIA.
I have been getting requests to provide all managed phones with a contact list. The config page allows me to access a CARDDAV server. I would like some suggestions on how to best set one up, perhaps a cloud solution. Thanks
Our department is rolling out 500 new iPhones and we’ve been asked to provide an “address book” to each phone that will display the caller’s name on the phone receiving the call. These assumes that both the caller and the callee will be using our managed, and supervised, phones. Most of the en users are using Office 365. We also have the option of creating our own address book data entries and hosting them “someplace”. I can see that Casper can push out settings for a CardDAV server, but am not sure if that will do what we need or if there are better approaches. Any ideas appreciated. Thanks. Seth
Hello, So I’m curious about whether we need to have either an LDAP server setup or issue managed AppleIDs in order to utilize user-initiated enrollment. I made a user and user group in JAMF Pro thinking it would allow for enrolling a device and that I could give my end users a single set of credentials to then get the MDM profile and configuration to everyone. However during the enrollment, I get stuck on a page which mentions “Assign to User” with a blue magnifying glass and Enroll button which don’t seem to react, no matter what I enter. Perhaps this is not possible, but it’s what I’m hoping to find out here. Can I use a single JAMF Pro user to log in all my end users for user-initiated device enrollment? Or must we set up an LDAP server/get managed IDs? Context: We are doing a big push for new devices soon, and currently we have no self-enrollment, meaning our IT department would have to manually enroll every phone. We are looking for an alternative solution to avoid that. We do not
Was upgrading my on prem dev Jamf pro instanace today and was looking into Important notices for the last few releases. I noticed this: 11.14.0 Apple announced upcoming changes to the Apple Push Notification service (APNs) Certificate Authority (CA). Organizations using APNs will be required to update their application's trust store to include the new server certificate before 24 February 2025 to prevent communication disruption. For cloud-hosted environments, the root certificate is already trusted and validated. For on-premise environments, you may need to download and install the new SHA-2 Root USERTrust RSA Certification Authority certificate to your server's certificate trust store if it is not already trusted on your hosting infrastructure. For more information, see How to Download & Install Sectigo Intermediate Certificates - RSA documentation from Sectigo per Apple's announcement. Apple has a test server available to allow organizations to send push certificates to verify the c
Hi all, I'm fairly new to Jamf and recently completed the Jamf 100 course. I want to start testing to learn more, and I have a loaner Mac to use but I want to make sure I don’t accidentally affect anything in production. What’s the best way to safely test? Should I ask for a separate test instance from Jamf, or use VMs? Any tips or lessons from those who’ve been in a similar spot would be super helpful.
Hi All, Does anybody know if InTune Cloud PKI integration with JAMF works instead of the legacy setting up NDES on prem?
Submit and vote on product ideas.
23 likes
14 likes
13 likes
11 likes
Learn about our customer advocacy program that celebrates our most passionate customers.
Join the community to receive product updates, and share feedback.
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.
