Posted on 02-15-2022 06:58 AM - last edited on 02-22-2022 03:50 PM by CalleyO
Good morning Jamf Nation!
Today we released Jamf Pro 10.36 which includes an exciting integration with Google BeyondCorp, password policy enhancements and a few important notices, including information about Basic Authentication with Classic API.
Integration with Google BeyondCorp
You can now integrate with Google BeyondCorp Enterprise to ensure that only trusted users, from compliant computers, are accessing organizational resources. This integration enables admins to build a compliance and security framework around end-user devise rather than using a network perimeter. To learn more about this integration, please check out our blog.
Enable or Disable Basic Authentication for Classic API
You can now enable the use of Basic authentication in addition to Bearer Token authentication in the Classic API within the Jamf Pro interface. Enabling this could break API integrations still using the less secure authentication mechanism. Please check with your vendors and have them reach out to Jamf with any questions. As a reminder, Jamf will discontinue support for Basic authentication in the Classic API in a future release of Jamf Pro for enhanced security (estimated removal date: Aug-Dec 2022). For more information on using Bearer Token authentication see the Jamf Developer Resources.
NOTE: Basic authentication is enabled by default so if you are not using this feature, we recommend that you disable before support is removed.
Support ending for hosting Jamf Pro Server on macOS: Starting with the release of Jamf Pro 10.37.0, hosting the Jamf Pro server on macOS will no longer be supported. Mac computers with Apple silicon are not supported by the Jamf Pro Installer for macOS. In addition, the Jamf Pro Installer for macOS will not be available for download. The Jamf Pro utilities that were included in the Jamf Pro Installer for macOS—Composer, Jamf Admin, Jamf Recon, and Jamf Remote—will be made available as a separate download.
If you want to migrate your Jamf Pro server from macOS to Jamf Cloud, contact Jamf Support. If you want to keep your server on premise, you can migrate your Jamf Pro server from macOS to one of the following servers: Red Hat Enterprise Linux, Ubuntu, or Windows. For more information, see the Migrating to Another Server article.
New Recommended Versions of MySQL: Starting with Jamf Pro 10.36.0, MySQL 8.0.27 is the recommended version. MySQL 8.0.27 addressed several security issues involving OpenSSL. For more information, see the “Security Notes” section of the MySQL 8.0 Release Notes. If you are using MySQL 8.0.26 or earlier, see the following MySQL documentation to upgrade: Upgrading MySQL
If you are using the MySQL 5 series, the recommended version is now MySQL 5.7.36. If you want to upgrade to MySQL 8.0 (recommended), see the instructions in the following article: Upgrading to MySQL 8.0
Jamf Pro Security Issues
Jamf provides the CVE-ID for security issues with high or critical severity when possible.
[PI-008898] Removed an Insecure Direct Object Reference in Jamf Pro.
[PI-010464] The Jamf Pro installers have been updated to include Apache Log4j 2 version 2.17.1, which remediated vulnerability CVE-2021-44832.
To learn more about new features, such as new password policy enhancements, and additional resolved issues please read full release notes here.
Cloud Upgrade Schedule
Your Jamf Pro server, including any free sandbox environments, will be updated to Jamf Pro 10.36 based on your hosted data region below.
Need assistance identifying the Hosted Data Region of your Jamf Cloud instance? Check out this guide to find out how.
|March 4th 1300 UTC||
March 4th 2200 UTC
|March 4th 1500 UTC||
March 4th 2300 UTC
|March 4th 2300 UTC||March 5th 0900 UTC|
March 5th 0000 UTC
March 5th 0700 UTC
March 5th 0100 UTC
March 5th 1000 UTC
March 5th 0500 UTC
March 5th 1700 UTC
March 5th 0800 UTC
March 5th 2100 UTC
For real-time messages about your upgrade, subscribe to alerts.
For information on what's new in Jamf Pro 10.36, please review the release notes.
Posted on 02-15-2022 07:24 AM
For us, moving Jamf Pro from a Mac server to Linux was painless. We did this in December 2018. I think the most difficulty I had was my fault. I had never done a migration like that before so I assumed the worst. I created the new Linux VM running in Hyper-V and installed the prerequisite software and Jamf Pro. I restored a current database backup from the old server. That was about it. I changed the firewall to point all of the Jamf Pro traffic to the new server and then sat back and watched to make sure that all of the managed systems were checking in. The only help I needed from Jamf was just to tell me the proper method for making the migration.
Posted on 02-17-2022 09:39 PM
100% with you. Ubuntu FTW
Posted on 02-15-2022 07:31 AM
Hello, performance degradation (we only have 50 SITES!) is restored. Seems all is back to normal in 10.36.0, except Jamf Admin which still has the issue not saving packages when uploading. As in 10.35.0. Went back to 10.34.2 again to make it work. May you fix this too.
Posted on 02-15-2022 07:35 AM
I'm very concerned that the saving issue with Jamf Admin 10.35 is not fixed yet. Really? Why would this not be given priority? I will just keep my apps on 10.34.2. Someone at Jamf needs to step up and resolve that problem.
Posted on 02-21-2022 03:02 AM
I've update Jamf Admin 10.35 (and 10.36 soon) and I simply keep the 10.34 dmg in order to mount it and launch Jamf Admin from it when I need to upload stuffs.
Posted on 02-15-2022 09:31 AM
@mbracco Can you expand on the performance issues you were having? We are currently on 10.34.2 and we also have 50+ sites and are having a ton of performance issues that Jamf Support hasn't been able to resolve for us yet. Before we decide to upgrade to 10.36 I first wanted to know if we are seeing the same issues that you are.
Posted on 02-15-2022 10:31 AM
We were on all Versions for some years without performance issues. Since updating to 10.35 we saw an incredible loss of performance. Investigating also on our side due to internal changes, opening a ticket at jamf helping out what they could to clean up DB, we see now in 10.36 again the initial performance as used for years. We are on Prem. DB Server updating to real mysql server, giving it lots of memory and good my.cnf config and a jamf pro server with lots of memory and cpu made us performant for years in a vmware environnement.
Posted on 02-20-2022 06:35 PM
I feel so relieved to know this Jamf Admin problem isn't caused by my computer's problems, which I originally thought it was. Downgrading back to 10.34.2 (at the advice of Jamf support) worked for me too.
Posted on 03-09-2022 09:55 AM
Jamf Admin still bugged in 10.36.1 as well; still have to use 10.34.2 Jamf Admin. Fingers crossed for a fix in 10.37.0.
Posted on 03-09-2022 10:28 AM
02-15-2022 08:04 AM - edited 02-15-2022 08:24 AM
Will Google BeyondCorp integration also be available for Jamf Pro On-Prem instances in the future..?
Posted on 02-15-2022 08:20 AM
It already is available, go to account.jamf.com and products, select OS and download.
Posted on 02-15-2022 08:25 AM
I have corrected my sentence, I found out I missed the main topic of it...sorry, mistake..!
Posted on 02-15-2022 10:40 PM
RE: Integration with Google BeyondCorp
Can you please provide further detail as to how each of these the groups Applicable Group & Compliance Group are utilised? It's not clear what computer object data is being sent to Google and whether Jamf is able to determine compliance or not.
Posted on 02-16-2022 05:02 AM
Script Window has gotten a refresh. Back to only 10 lines...... with a nice find feature ;)
Hopefully jamf fixes this quickly.
Posted on 02-16-2022 09:58 AM
Jamf Remote?Jamf will stop distributing Jamf Remote in a future release of Jamf Pro (estimated removal date: May-July 2022). Disclaimer: Screen Sharing workflow using Jamf Remote has been deprecated. It is recommended to use TeamViewer for remote administration. For instructions on how to integrate TeamViewer with Jamf Pro, see "TeamViewer Integration" in the Jamf Pro Documentation.
What, why!? I literally use Remote all the time to force policies and push out software.
ARD support is present in most of the open source VNC libraries, so you could even start making the software for Windows and Linux.
The MDM capabilities are %75 successful for my setup for whatever reason (looking at you MDM software updates) so being shoehorned in to an MDM only management style will be very impactful.
Posted on 02-17-2022 12:29 AM
I did the update yesterday and notice, that the script editor shows always only 11 lines. I am excited, when this bug will be patched. Or should it be a feature meanwhile...?
Posted on 02-17-2022 07:23 AM
maybe I found another bug:
When I want to change the messages in "Global Management | User-Initiated Enrollment" and there in the register "Messaging", The chosen language (in my case German) does not save after pressing the "save" button.
Far worse is, that if a language is already configured, it is deleted after pressing the "save" button.
Posted on 02-20-2022 05:45 PM
Hi @Anonymous - have your reported this to Jamf Support?
02-23-2022 01:14 AM - edited 02-23-2022 01:14 AM
Hi dlondon, not yet, because I wanted to ask here, first. Maybe I am the only one with this issue.
The next issue, I faced today is, that the "Configurations" are no more available. (https://<URL to your Jamf Pro® Server>/configurations.html or in the Backend: https://<URL to your Jamf Server/view/settings/computer/configurations"). The site does not load and if the site is loaded, it is empty.