Posted on 04-26-2022 08:52 AM
Just wondered if anyone knows of any way to get reports (that could be used in an audit for example) to verify MacOS device wipes initiated from within JAMF Pro? It doesn't look like this functionality exists within the product but wanted to check.
We also tested device wipe using a solution from Blancco, however, while it does generate comprehensive reports, it does so prior to the wipe actually executing, meaning the report cannot be relied upon. It wasn't worth the additional effort to deploy a separate solution in that case.
Many thanks.
Solved! Go to Solution.
Posted on 04-26-2022 10:04 AM
If you want it in a pretty-ish form for a particular device with a bare minimal of additional work, find the page for the device in the webUI, collapse the menu, print the device management command history page, and attach it to the disposal report.
For more detailed work, the information is in there, but it'll require a dive into the API and parsing the results into something presentable. Hopefully the following will point you in a useful direction:
If you want the just an acknowledgment of erasures for a batch of devices, pull the info on all uses of the EraseDevice command from the API and parse out what you want.
curl -u ${username}:${password} -X GET "https://yourjss.url:8443/JSSResource/mobiledevicecommands/name/EraseDevice" -H "accept: application/xml"
If you want acknowledgement of erasure for a particular device, pull its command history. There are separate timestamps for the command being sent and acknowledged.
curl -u ${username}:${password} -X GET "https://yourjss.url:8443/JSSResource/mobiledevicehistory/id/${device_id}/subset/ManagementCommands" -H "accept: application/xml"
${device_id} will be the numeric id of the device object in Jamf. Getting that from the device name will require a separate MDM command.
The above are for the "Classic" API, which will be sunset at some point in favor of the modern complex and modern UAPI, but I don't know of any date for that having been set yet.
Posted on 04-26-2022 10:04 AM
If you want it in a pretty-ish form for a particular device with a bare minimal of additional work, find the page for the device in the webUI, collapse the menu, print the device management command history page, and attach it to the disposal report.
For more detailed work, the information is in there, but it'll require a dive into the API and parsing the results into something presentable. Hopefully the following will point you in a useful direction:
If you want the just an acknowledgment of erasures for a batch of devices, pull the info on all uses of the EraseDevice command from the API and parse out what you want.
curl -u ${username}:${password} -X GET "https://yourjss.url:8443/JSSResource/mobiledevicecommands/name/EraseDevice" -H "accept: application/xml"
If you want acknowledgement of erasure for a particular device, pull its command history. There are separate timestamps for the command being sent and acknowledged.
curl -u ${username}:${password} -X GET "https://yourjss.url:8443/JSSResource/mobiledevicehistory/id/${device_id}/subset/ManagementCommands" -H "accept: application/xml"
${device_id} will be the numeric id of the device object in Jamf. Getting that from the device name will require a separate MDM command.
The above are for the "Classic" API, which will be sunset at some point in favor of the modern complex and modern UAPI, but I don't know of any date for that having been set yet.
Posted on 05-03-2022 06:50 AM
Thank you, this is exactly the kind of thing I was looking for. The API commands look to be working well, only change required was to substitute "mobiledevicehistory" for "computerhistory" to return the MacOS records. Can now work to refine a process around this (and the screenshot/print of the command history is good in the interim).
Posted on 08-30-2022 11:30 AM
Hi, I tried running this exact string in Terminal (swapping out credentials and URL) and got some errors.
Response:
zsh: command not found: -X
curl: no URL specified!
curl: try 'curl --help' or 'curl --manual' for more information
----------------
I changed it to this and got a response, but the response says "This request required user authentication" even though I am providing admin account details and do not have SSO enabled.
curl --request GET --url https://[url].jamfcloud.com/JSSResource/computercommands/name/EraseDevice --header "Accept: application/xml" -u api:[password]
Response:
<html>
<head>
<title>Status page</title>
</head>
<body style="font-family: sans-serif;">
<p style="font-size: 1.2em;font-weight: bold;margin: 1em 0px;">Unauthorized</p>
<p>The request requires user authentication</p>
<p>You can get technical details <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2">here</a>.<br>
Please continue your visit at our <a href="/">home page</a>.
</p>
</body>
</html>
-----------
Any ideas?
Thanks,
Jon