9 hours ago
Hi Jamf Community,
I’m working on setting up an Extension Attribute (EA) to automatically detect devices with stuck MDM commands (e.g., commands that are pending or failed for an extended period). The goal is to use this EA as a trigger for a self-healing policy that runs once daily for affected devices.
Here’s what I’ve considered so far:
1. API Approach:
• I explored the Jamf API but haven’t found an endpoint that provides detailed or reliable information about stuck commands.
• If there’s a way to identify such commands via the API, I’d love some pointers or examples!
2. Local Machine Logs Approach:
• This seems like the most promising path. My idea is to check logs on the local machine for the last executed MDM command and flag devices where no command has been executed in the past 24 hours (or based on statuses).
• Are there specific logs or methods Can I extract this information programmatically?
If anyone has experience implementing a similar solution or insights into logs, commands, or API usage for this purpose, I’d greatly appreciate your help.
Thanks in advance for sharing your expertise!
6 hours ago
I don't believe we have the option to create an EA to find devices with pending or failed MDM commands. Instead, you can issue remote commands to cancel all pending and failed MDM commands. To do this,
7m ago
The command you are looking is
curl -X 'GET' \
'$yourjssurl/JSSResource/computerhistory/id/cmpJSS_ID(you can get ths with another query)/subset/Commands' \
-H 'accept: application/xml' \
-H 'Authorization: Bearer $yourtoken'
This will give you all commands history computer has, completed, failed and pending. Then you can filter pending and failed ones using jq or grep/sed