Hi
We are looking into various MDM solutions.
Is anyone able to tell me if in JAMF it is possible to restrict access to location information of iOS devices to certain administrators?
Thanks in advance
Question
Restrict access to location information
+2You would have to restrict access to the whole object. You cant restrict access to only location info. I am unsure why this would be needed though if they are administrators. Why wouldnt you want your admins to be able to see location info?
+2From a data protection / GDPR point of view we are now only allowed a limited number of management staff to see location information of staff devices.
We still need administrators to carry out day to day tasks, but only allow say 2 of them to see location information.
You would have to block the whole Mobile Devices object. They would not be able to issue commands to the devices or edit inventory information etc.
+23Hello @tomnorton ,
This is something that Jamf Pro can do. Here is a video by our very own @dave.saltmarsh talking about how we can build delegated access within Jamf Pro.
https://youtu.be/K-bcBv1RPgw?t=394
You can separate the ability to enable lost mode and the ability to see the reported coordinates. You are absolutely right, from a security perspective this makes a lot of sense. In Jamf Pro, that permission is called "View Mobile Device Lost Mode Location".
Hope that helps!
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.