List of Configuration Profile payloads and MDM commands not implemented by Jamf

bpavlov
Honored Contributor

The purpose here is to compile a list of Configuration Profile payload/preferences or MDM commands that are not currently implemented by Jamf. I have trouble keeping track of the ones I vote for (although that's a separate Feature Request being worked on for JN). Having a public list like this will hopefully help keep track whenever I want to check up on the status of some of these requests.

https://www.jamf.com/jamf-nation/feature-requests/7272/support-for-new-macos-10-13-4-payloads

https://www.jamf.com/jamf-nation/feature-requests/7511/add-support-for-mdm-payload-securetokenauthby...

https://www.jamf.com/jamf-nation/feature-requests/5555/addition-of-mdm-identity-preference-payload-t...

https://www.jamf.com/jamf-nation/feature-requests/7516/add-ability-to-suppress-display-of-the-fileva...

https://www.jamf.com/jamf-nation/feature-requests/6626/configuration-profile-for-firmware-efi-passwo...

If you got other examples, I'd recommend making a Feature Request (if one doesn't already exist) and then adding the link back here. If you do end up creating one from scratch, provide a link to documentation from Apple's page if possible in that request.

Note: To keep things in scope, this is not meant for other MDM-related features (DEP, VPP, etc.). It's specifically just about Configuration Profile and MDM commands.

40 REPLIES 40

Kaltsas
Contributor III

You have a duplicate listed above but the below FR predates the one you posted.
https://www.jamf.com/jamf-nation/feature-requests/6831/add-showrecoverykey-to-require-filevault-2-in-security-privacy-payload

bpavlov
Honored Contributor

Good catch. I voted it up. And also made a comment in that FR so that the one I posted gets marked as a duplicate.

bpavlov
Honored Contributor

https://www.jamf.com/jamf-nation/feature-requests/7753/ability-to-skip-true-tone-setup-assistant-on-...

11/6/18 EDIT: Although not marked as implemented as of this edit, apparently it made it into Jamf Pro 10.8. Striking this one off the list.

gregneagle
Valued Contributor

I may have missed it, but does this list have "InstallApplication" and "InstallEnterpriseApplication"?

EDIT:
Here's the latter: https://www.jamf.com/jamf-nation/feature-requests/7699/add-support-for-installenterpriseapplication-...

Support for the former might be nice for environments that cannot upgrade to 10.13.6, but I doubt we'll see it.

bpavlov
Honored Contributor

milesleacy
Valued Contributor

An open framework for constructing payloads and commands similar to the FR below would solve most, if not all of these issues.

Break Up Multi-MDM-Payload GUI Payloads

bpavlov
Honored Contributor

@milesleacy While that FR has my vote, it's not really going to solve the fact that Jamf hasn't implemented and/or supported these MDM payloads/commands. Jamf already provides the ability for people to upload their own custom profiles. Your FR would make that easier, but that's not really the point though (of this list anyways). Jamf should have these MDM features already built into Jamf. How they see fit to best do that, I'll leave up to them. And there's also the fact that some of these MDM features require just a bit more support than just filling in a payload domain, key and value.

All that to say, I'd like to keep this list specific to MDM features that aren't implemented by Jamf. Not MDM improvements that Jamf could make of which there are a ton.

milesleacy
Valued Contributor

@bpavlov , I agree. Jamf needs to be quicker with deploying their “easy button” of GUI checkboxes, etc. Thats a perennial problem. We’re still waiting for all 10.13 MDM functions to be natively supported here on the eve of 10.14. Given that timeline is a proven bugbear, I’m looking for an alternative.

Providing an open framework to enter commands, payloads, settings, and values semi-manually would provide those of us who provide zero-day support for Apple operating systems within our organizations with the ability to use any and every command, payload, and setting as soon as Apple release them into the wild.

We can write profiles by hand, manually sign them and upload them to Jamf, but that is not scalable or delegable to junior staff. As for commands, AFAIK, Jamf does not provide any provision for hand-writing and uploading an MDM command.

I understand this list/discussion is about GUI support in the Jamf web app, however I’m proposing something flexible and a bit more manual vs nothing at all.

Not applicable

Great information..This will be useful for online dot net course studies

cgolebio
New Contributor III

hi @bpavlov , would you consider the following implemented now? Just checking in case you want to cross it off...
https://www.jamf.com/jamf-nation/feature-requests/7699/add-support-for-installenterpriseapplication-in-10-13-6-and-later

cgolebio
New Contributor III

Thought I'd contribute 1 (or 2) to the list:

https://www.jamf.com/jamf-nation/feature-requests/8367/add-payload-for-managed-unmanaged-contacts-to...

edit: Now I see this is a duplicate for @bpavlov . Sorry, buddy.

dgreening
Valued Contributor II

With Apple moving many "previously able to be scripted" Management Actions to MDM (thank goodness... long overdue!), we are going to need beta and then zero-day support for these payloads. :)

gachowski
Valued Contributor II

I wonder if this thread should be moved to the same location as "known issues"? A master list inside of everyone's accounts page?

C

bpavlov
Honored Contributor

@gachowski Why? I'm just linking to feature requests (which are publicly available for anyone to read) related to payloads and/or MDM specs that are not implemented by Jamf. And it seems to have had some sort of effect because if you've noticed, a lot of these have a strike now which means they've been implemented. Not too shabby for a list that's only been around one year.

gachowski
Valued Contributor II

I was just thinking out loud... a Jamf managed list would look more professional and a little easier to read. Not married to it, just an idea. As typed that out, I realized it takes something simple and complicates it... : )

C

PS I would bet that there is some manager someplace that has used this thread to push back against getting Jamf in their organization.

lbm5
New Contributor III

Please consider up voting: Add the ability to do a Remote and immediate restart OR shutdown for macOS devices via MDM commands:

https://www.jamf.com/jamf-nation/feature-requests/8800/macos-remote-restart-and-shutdown-via-mdm-commands