Help

Jamf Sometimes Randomly Stops Blocking Apps

124026
New Contributor

Posted on ‎10-17-2024 06:35 PM

Hello! I am a student at a school, so I'm not sure how much help the Jamf community will give me but my school laptop's Jamf sometimes will stop blocking apps that are meant to be blocked, e.g. Terminal, Activity Monitor, App Store, Messages and Facetime. I am not sure why it seemingly at random sometimes stops blocking apps. My school had an issue similar to this 2 years ago where after a few days without a restart or shutdown, it would stop restricting apps but that was fixed. It seems something similar happened 2 days ago to me. Late yesterday my jamf was finally fixed via a periodic MDM profile refresh.

I am not asking for a way to do this as I do not plan to do this as I follow the rules that are set but I am intrigued by how my school's IT could fix it and if it is fixable so I can forward them the issue and the fix for it.

0 Kudos
Reply
2 REPLIES 2

Shyamsundar
Contributor

Posted on ‎10-18-2024 01:30 AM

There could be various reasons for this issue. Your school’s IT team (JAMF Admin) may be aware of this problem and is currently working on a solution.

0 Kudos
Reply

AJPinto
Honored Contributor III

Posted on ‎10-18-2024 05:33 AM

App Restrictions are a function of Jamf Pro and Jamf School. Its more or less something called Application Blacklisting, and its anything but random. Basically, your school's admin specifies a path or process name and scopes out the restriction and that thing is blocked on all devices within the scope. 

If it appears inconsistent, its likely due to poor testing on your school's IT department and they did not flesh out the experience. My gut says the scope is bad.

 

The scope can make it appear random, for example if they have it scoped to a network segment then when you are not at that location the block won't apply but will suddenly apply when you are at that location. Say they wanted the block to apply when you are at school but not at home, that would be network segment dependent. All of this is check-in based and dependent on the Jamf Framework updating (not MDM profiles) so it is a bit delayed. 

0 Kudos
Reply