Due to the recent iOS 14.8 update scare, we asked our staff to update their devices yesterday. I created a Smart Device Group with the criteria to search for devices where iOS Version is not 14.8. When I viewed the results, devices that already updated to 14.8 were still showing up. I know this because under Settings->Device Management->Inventory Display I have iOS version checked off.
My issue is why are devices that got updated to 14.8 per the inventory display still showing up when my criteria is searching for not 14.8
I found this, one user commented they needed to clear the passcode and that cleared it. I did not have passcodes when I sent the Update Inventory command.
Not a fix but the workaround is to do an Inventory update. I've tested this myself by updating an iPad, then going into JAMF to confirm the device still showed up in the Smart Device Group, and finally doing the inventory update.
This is still bad though. Due to the critical update to 14.8, I had to provide reporting to the business on who did not update their devices yet so management would get on people's cases so if the reporting is inaccurate the information exported out of JAMF needs to be fixed so I'm only sending to management the true devices that never updated.
Hey, I ran into the same issue and contacted JAMF support about this, their response was:
A background on what might have caused is :
- when a passcode is set on an iOS device, only some commands can go through (listed here: https://developer.apple.com/documentation/devicemanagement/implementing_device_management/handling_n...)
- a command called SecurityInfo is required for Jamf to complete an inventory update and have ALL data up-to-date, such commands can go through ONLY when a user has unlocked their device and the command lands on the machine when the user uses it while being unlocked.
- if the SecurityInfo command is received by a device without passcode or currently unlocked, alongside with the update inventory command, ALL the required informations will be forwarded to Jamf Pro.
- on another hand, if the SecurityInfo command is sent to a device that is passcode protected, only some informations will be forwarded to Jamf Pro.
It's just that the information is pulled from 2 different tables, one that updates ONLY once ALL the commands are completed (inventory display) and one that does not need the security info command to complete to display the iOS version (advanced search and smartgroups iOS version column).
If you pick an affected device, unlock it, send an update inventory command or a blank push to let the pending SecurityInfo go through, you'll see that the correct version will be reported in the inventory.
There are 2 different tables, one only gets updated when the inventory update runs and the device is unlocked, the other always gets updated. The iOS version in the UI is pulled from the one that always gets updated and the iOS version used by the smart group is pulled from the one that only updates under certain conditions, which can lead them to be out sync, leading to the behaviour described in this thread...
🤦🤦 🤦🤦 🤦