Jamf Nation Community

Michael_ABN · ‎12-06-2024

In Apple's macOS Sequoia 15.0 release notes the following is mentioned:

"Executables, scripts, and launchd configuration files can be installed using MDM and stored in a secure and tamper-resistant location."

How does this work in Jamf? I have searched but could not come up with the answer. Has anyone been using this and if so how do I configure a tamper resistant location?

Shyamsundar · ‎12-08-2024

This feature is not yet available in JAMF, you need to wait for Blueprint to be publicly released by JAMf

View solution in original post

AJPinto · ‎12-06-2024

MacOS has something called System Integrity Protection or SIP for short, pretty much everything MDM does is protected by SIP and there are tons of SIP protected directories on the disk. I am going to assume they are referring to this.

https://support.apple.com/en-us/102149

sdagley · ‎12-06-2024

@Michael_ABN You're talking about the following Declarative Device Management feature added in macOS Sequoia: https://support.apple.com/guide/deployment/background-task-management-declarative-dep931381403/web

AFAIK Jamf hasn't announced exactly when this will be available in Jamf Pro, but if you look at the JNUC 2024 Keynote they demonstrated "Blueprints" which will be the feature which will bring more support for DDM to Jamf Pro.

And to be clear, directories normally protected by SIP are not writeable via MDM unless SIP has been disabled. In the description of this new capability Apple references the earlier introduction of service configuration files which also use tamper-resistant locations which were not under SIP.

Shyamsundar · ‎12-08-2024

This feature is not yet available in JAMF, you need to wait for Blueprint to be publicly released by JAMf

Jamf Nation Community

Tamper resistant location