We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.
We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.
Real talk, real tools and real-time support from people who get it.
Get answers from fellow admins
Find your way around
Share your thoughts
Submit your idea
I dunno know who this will help out, but here it be ……… We normally do screen recordings of macOS enrollments. This does several things for us. We provide it to our Support Team so that they can see the new[er] enrollment flow. Become familiar with it. As it sometimes changes from time to time. We share it out with our Security Team as well. So that they can see the enrollment process as well. In case they have a question or request a change that they would like to change. Lastly, we do it for training as well. We show the process of beta’s [macOS 26b3]. So that the team can see the process & changes that have been made or are coming down the pipeline. This has been & continues to be a helpful tool we continue to provide to our teams. However Apple has made some changes with how this process was done in the past. No matter what I tried we were not able to capture any video output until it got to the desktop. This just sux’d, we could no longer provide this service. Sure we could take s
What is the best way to export Management History and the "Inventory Update" log, given that we do not have JAMF Protect yet Instead of having to open each iPad entry and review its log individually, is there a way to export that data?
Hi everyone, I have a user who's been consistently unable to connect to American Airlines inflight Wi-Fi. The device behaves as if there's no internet connection at all—it doesn’t redirect to the login portal, and nothing loads. What’s strange is that this issue only occurs with American Airlines; the user has no problems connecting on other airlines' Wi-Fi networks. What I’ve Tried So Far: Excluded the user from the Jamf Radar profile: This has resolved similar inflight Wi-Fi issues in the past, but it didn’t help in this case.( Once I fixed it I would add it back) Confirmed there are no VPNs or DNS filtering tools active at the time of connection. Had the user try multiple browsers (Safari, Chrome) – no success. Attempted manual navigation to common captive portal triggers like: Captive.apple.com Wi-Fi does show as connected, but again, there’s no redirect and no actual connectivity. Questions: Has anyone else seen this specific to American Airlines Wi-Fi? Are there any other payload
Since moving to JAMF Cloud, we’ve noticed that some time appears to be off. For example, I ran an Inventory Update manually on a computer, and the record in JAMF console shows that it was run 1 hour earlier than it actually was. Also, with Apple TVs we have records that say that the Inventory Update occurred up to an hour in the future. I’m not sure that this is causing an actual problem yet, but concerned that it could. Are there time zone settings we should see or anything? All of our client devices are in the same time zone (unless a client goes on a temproary trip or something).
Join us at the Central Texas Food Bank for some volunteering! We’ll be in the warehouse helping to clean, sort, and box donated food for distribution. Monday, August 25th - Morning Monday, August 25th - Afternoon Monday, September 22nd - Morning Monday, September 22nd - Afternoon Everyone is registering as an individual, so sign up ASAP before the spots fill up!
Hello All, We’ve just started to implement Jamf Pro in our company. Nearly all configurations are completed except sending compliant information to Microsoft Intune. We have to do this because we’re using Azure (Entra) Conditional Access rules in our company. If a macOS device is not compliant it cannot reach internal company resources. Just a simple rule. Steps Completed Jamf <> Intune compliance partner connector connected successfully. Microsoft Device Compliance configuration policy prepared in Jamf Policies -https://learn.microsoft.com/en-us/intune/intune-service/protect/jamf-managed-device-compliance-with-entra-id Problem Summary After enrolling to jamf, we are trying to sign in to Company portal and jamf compliance popup appears. Then we are entering our user account details again but somehow Microsoft login page shows that “get app”. It behaves like Company Portal is not installed. Briefly some of our computers are being Compliant without any problem, but some of others cannot
We’ve been getting a lot of feedback that you need to see the compliance status of specific computers to take corrective actions - so here it finally is! Available now in all Jamf Pro 11.18 and newer instances, you are now able to click on each rule of your benchmark to get a list of computers in scope, with their compliance status against this rule, and a link to computer inventory for further investigations. Let us know what you think of this and how it helps you in your workflows. Availability of the data via APIs and exports is the next on our list, so stay tuned!
Hi All. I’ve tried searching but haven’t found any hits based on the search queries I’ve given, so i’ll try posting instead. I’ve been tasked with writing a script that can be run from a Jamf Self Service action to add users to a specific Azure AD group. My script should work, but seems to be failing. I’m getting a repeated error HTTP Error 411. The request must be chunked or have a content length. even when passing a flag to chunk it. I’m not great at API, and Azure API is new to me. Anyone out there have experience with that? I can share my script, but wanted to make sure I’m not trying to do the impossible first. #!/bin/sh # Add a user to an Azure AD group.sh # # # Created by Ed on 2/28/23. # ## Read the KerberosSSO plist to get shortname of signed in user plistLoc="/Users/Shared/.KerberosSSO/" plistName="com.apple.KerberosSSO.attributes.plist" valueName="user_name" foundItem=$(defaults read ${plistLoc}${plistName} ${valueName} | /usr/bin/awk -F '@' '{print $1}') email=$foundItem@co
Hi everyone, Context I’ve encountered several machines where multiple Teams accounts (professional, personal, etc.) were registered, and removing them from the system proved to be quite difficult. I looked into various solutions, but many of the recommended methods didn’t work in my case. Every time I opened Microsoft Teams, the accounts would reappear. Here are some of the resources I consulted: https://support.microsoft.com/en-us/office/sign-out-or-remove-an-account-from-microsoft-teams-a6d76e69-e1dd-4bc4-8e5f-04ba48384487 https://learn.microsoft.com/en-us/answers/questions/2202933/how-do-i-delete-an-old-teams-account-on-mac etc. What actually worked for me I manually removed the following items from Keychain Access: OneAuthAccount login.windows.net authority_map Another effective solution was using a script that I adapted to fit my needs. Hopefully, this can help someone. #!/bin/zsh # Original by PAUL BOWDEN - Completely remove Microsoft Office# Change to remove credentials only - k
Hello, We have two instances of JAMF, School and Pro. The organization I am working for has attempted to move from School to Pro by reassigning all devices from the School MDM to the Pro MDM in ASM and slowly wiping them. The issue that I am coming to face is that the licenses were left assigned to these phantom iPads still in School, and from what I can tell I won’t be able to revoke any of them because they aren’t going to check in. Has anyone else had experience with this or know what would be the best course of action? I have refrained from revoking the VPP token, I am not sure that would do much. Ideally I would be able to move all license to the new JAMF Pro location in ASM. Thanks
Hi everyone, I’m exploring whether it's possible to allow only certain Bluetooth services—for example, allow HID (keyboard/mouse) and A2DP (audio), but block OBEX (file transfer). On Windows, we can achieve this via Intune using Bluetooth service GUID filtering, but I couldn’t find an equivalent method for macOS. Does macOS support this: Restricting or filtering Bluetooth services/profiles individually? Controlling OBEX, SPP, A2DP, HSP, or HID over Bluetooth? Any workaround using scripts, profiles, or TCC/PPPC configurations? If anyone has done this or can confirm that it's not possible, I’d really appreciate your input or any official Apple documentation to back it up. Thanks in advance!
Hi, I noticed that rather many of my Mac clients are not FileVault encrypted even though I have configured a configuration that should take care of that. Now I wanted to ask what is the best practice to enable FileVault on all my Macs. As far as I know there is an option to enable it via Policy and one via Configuration Profiles. What is the difference there and what is recommended?
Does anyone need App Config settings for the following mobile apps? CyraCom Interpreter Axon Device Manager Workday Mobile Heartbeat (MHB) If so, please let me know. If anyone has an App Config for “TrayinMotion Plus 6.1”, that would be extremely helpful. --Jack
Hi Jamf Community, We're experiencing an interesting DNS registration issue with our Mac fleet that I'm hoping someone might have encountered before. Issue Description When our Mac devices connect to our corporate WiFi network, they register in DNS (Infoblox) with generic names like mac.domain or macbook.domain instead of their proper hostnames (e.g., mbp-dav.domain). However, when these same devices connect via Ethernet cable, they register correctly with their actual hostnames. Environment Details DNS/DHCP: Infoblox Mac devices: Various models running macOS All Mac devices have proper hostnames configured What I've Verified I've confirmed the hostname settings are correctly configured on the affected devices: scutil --get HostName mbp-dav.domain scutil --get LocalHostName mbp-dav.domain scutil --get ComputerName mbp-dav.domain System preferences show the hostname is correctly set in the Mac's configuration, and I've checked the DHCP packets which don't seem to include any hostname op
Hello Everyone, We are setting up jamf pro in our org and are going to be managing iOS devices. We are going to be using Cisco anyconnect for our vpn. We have a configuration profile sending the vpn configuration and the certs. The user certs have made it through ise successfully and the app is getting the vpn settings. The issue is every time we go to connect we get the “connecting…” spin until it times out or sometimes we would get the azure sso window and it would just close. Are we missing a configuration somewhere? Thanks for any help
Has this ever happened to anyone else or do you know why this might occur. Our Jamf Connect config profiles like menu bar, login and license installed before the users start date and then it appears that when the user tried to turn on the laptop and sign in they uninstalled which left them with the message in the image below that their version of Jamf Connect was unlicensed.
Earn a cool badge and Jamf Nation Reward Bytes for your published articles. We’re looking forward to your submissions!
216 Questions Answered
30 Questions Answered
17 Questions Answered
15 Questions Answered
24 likes
20 likes
17 likes
15 likes
14 likes
Learn about our customer advocacy program that celebrates our most passionate customers.
Join the community to receive product updates, and share feedback.
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.