We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.
We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.
Real talk, real tools and real-time support from people who get it.
Real answers from Apple Admins like you
Find your way around
Share your thoughts
Submit your idea
Today we released Jamf Connect 3.2.0; this release includes the following changes and improvements: Identity Provider Support for RapidIdentity Jamf's RapidIdentity is now available as an officially supported cloud identity provider (IdP) for the Jamf Connect login window and Jamf Connect Configuration. For more information about configuring RapidIdentity as your cloud IdP, see Integrating RapidIdentity's Identity Automation with Jamf Connect. To access new versions of Jamf Connect, log in to Jamf Account with your Jamf ID. The latest version is located in the Solutions section under Jamf Connect. Product Documentation For additional information on what's included in this release, review the release notes via the Jamf Learning Hub.
Did the mission of Jamf Nation change with the recent update? The recent activity feed is full of volunteer stuff, did I miss a memo somewhere?
Hello all, I am in the process of rolling out OneDrive to our Mac environment. I assigned the app from the Jamf app catalog and put together a plist with all of our settings. I discovered that OneDrive has to have full disk access in order to automatically back up the desktop folder. I used the Jamf PPPC tool to grant onedrive full disk access, however it does not seem to take. I check in system settings → general → device management and I see the config profile, however when I run sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db \ 'select client from access where auth_value and service = "kTCCServiceSystemPolicyAllFiles"' in Terminal, onedrive is not listed as one of the apps that has full disk access. Any ideas?
Hey Jamf Nation! Jamf Pro 11.20.0 features new keys and updates for Apple’s new Operating Systems coming this fall. There are also great updates to SSO features and functionality, updates to new APIs, and more! How to join the beta: Enroll in the Beta Program under Product Feedback at account.jamf.com. Click “Join Community” to join the beta forum once enrolled. Please also check out this recent blog on Configuring SSO in Jamf Account prior to testing Compliance Benchmarks, Blueprints, and App Switcher. Email beta@jamf.com with questions.The beta program is covered by the Jamf non-disclosure agreement; please do not share any information regarding your testing on any public forum, including the non-beta areas of Jamf Nation. Use the Jamf Nation Beta Forum or contact Jamf via beta@jamf.com with any questions. Thank you to all who participate in this program!
Greetings everyone! I am working with the Jamf Pro API and cannot for the life of me figure out how to obtain a list of every title which is available in the Jamf App Catalog, even if I am not currently deploying it. I have experimented with several existing endpoints including /api/v2/patch-software-title-configurations, but only ever seem to get titles which are currently being deployed or patched. What I am trying to get is the FULL list of apps which would be present in Computers → MacApps → Jamf App Catalog → New → Jamf App Catalog, which (as of this posting) lists 265 titles. In Context, I am creating a Python script to acquire, analyse, normalize and update data which resides across a number of data sets (Excel, SQL etc). When we are deploying a new app, I effectively want to know if that title is available in the Jamf App Catalog. If someone could point me to the correct Classic or Jamf Pro API endpoint, it would be much appreciated! Thank you all in advance!
We’re thrilled to share that the Mac Admins India Conference was successfully organized as a vibrant community event bringing together Mac admins from across the country! From insightful discussions to collaborative brainstorming, the day was filled with energy, innovation, and connection. It was incredible to see so many passionate professionals come together, share ideas, and build stronger ties within the Apple admin ecosystem in India. 💬 Ideas were exchanged🤝 Collaborations were formed🌟 Community was celebrated #MacAdminsIndia #CommunityConnect #AppleAdmins #TechCommunity #IndiaTech #MacAdminsConference Thanks @JAMF as Platinum Sponsor and @JAMF Nation for Sponsoring the Evening Network event
Hi, We are working on implementing Managed Blocking of Macros in Office365. My task was to to have every user (not computer) have the Macro Security locked to "Disable all macros without notification" There was also to be an exclusion group for users who would not be controlled by the above lock. For the exclusion group, we wanted if possible for them to be locked instead to "Disable all macros with notification" as that setting allows a user to enable macros on a document by document use I also had to make this work with Entra or our On Premises Active Directory (to which the Mac's are bound). As there's no linkage yet with Entra I've focused on Active Directory (AD) I found that the settings for this in the Configuration Profile only work on a "Computer Level" even though they seem to be User settings My Configuration Profile looks like this: This works but generally takes a few minutes for the machine to pick up a change in the group from AD If I try and make a second Config Profile
Hey everyone! I'm reaching out for guidance on a complex issue I've encountered with integrating Jamf Pro and Microsoft Entra ID for SSO, specifically regarding user attribute mappings and device enrollment processes. Despite a successful setup of Single Sign-On and Cloud Identity Providers for new macOS device enrollments with corporate credentials, I've hit a stumbling block with more detailed configurations. Core Issues: User Attribute Mappings: My goal is to map the User Name attribute to the onPremisesSamAccountName (essentially, the UPN without @domain.com) for a more intuitive username representation. Additionally, I aim to map Phone attributes to mobilePhone and Position to jobTitle, enhancing user profile completeness within our system. Device Enrollment Customization: During the Setup Assistant phase of Automatic Device Enrollment (via ABM), I intend to pre-fill the primary account information with the device owner's details. However, the system defaults to using the UPN/emai
I was wondering if it was possible to make the footnote under "Lock Screen Message" (section for the configuration profiles) bigger as we have users who cannot read text as small as it is.Alternatively is it possible to in some way (maybe a script) push a lock-screen/pop-up notification with a message if a user enters their pass code wrong too many times and gets locked out? Thanks!
We’re Trying to force OneDrive to sync Desktop and Documents on our Macs using Jamf. machines aren’t domain-joined. They’re already signed into Outlook/Teams with their work accounts. Here’s what I’m trying to do: Auto sign users into OneDrive Turn on Known Folder Move (KFM) for Desktop/Documents Avoid macOS prompts asking for folder access What I’ve done so far: PPPC profile – I used the correct code signature from the OneDrive app (verified with codesign). Gave access to Desktop, Documents, and Downloads. But the profile fails to apply in Jamf with a status of “Failed”. Script – I’ve got a script that reads the signed-in email from Office apps and uses the odopen:// URL to trigger OneDrive login. It runs, but OneDrive either doesn’t sign in or doesn’t start syncing unless the user manually clicks through prompts. Where I'm stuck: PPPC profile won’t install, even though the code signature looks right. Even if OneDrive opens, syncing doesn’t start unless the user allows folder access m
I’ve got a weird issue with MS Defender Configuration Profiles applying/Un-applying intermittently. As part of our enrollment process we install MS Defender and apply Configuration Profiles. This has been working fine for close to 12months. Now for some reason even though the Configuration Profiles are still applying (You can see them in Device Management). The configuration doesn’t always apply even when it does apply the settings can stop taking affect shortly afterwards. Device Management still has the Configuration Policies applied. I’ve tried downloading fresh configurations, onboarding etc. from Microsoft with exactly the same result. Has anyone else seen this?
I am trying to test out Single App Mode so we can fulfill a request a user has when their new Ipad comes in. They want it to only allow access to Safari and not allow any websites except the sign in page they set up. I have been able to restrict other sites with no issues, but the Single App mode is causing me issues. I created a Configuration Policy and selected Safari from the Lock to App drop down. When I scope it to my test group, it does attempt to apply, but fails due to "The field “Identifier” contains an invalid value.". Even when I chose "Specify Build ID" and enter "com.apple.mobilesafari" as the build ID, I get the same error. This happens for all apps in the drop down. I have confirmed the Ipad is supervised and all other settings I set up have applied with no issues. It is just this one thing that will not apply. Any assistance anyone can provide would be appreciated.
Suggestions needed for this query...
Hello All, We’ve just started to implement Jamf Pro in our company. Nearly all configurations are completed except sending compliant information to Microsoft Intune. We have to do this because we’re using Azure (Entra) Conditional Access rules in our company. If a macOS device is not compliant it cannot reach internal company resources. Just a simple rule. Steps Completed Jamf <> Intune compliance partner connector connected successfully. Microsoft Device Compliance configuration policy prepared in Jamf Policies -https://learn.microsoft.com/en-us/intune/intune-service/protect/jamf-managed-device-compliance-with-entra-id Problem Summary After enrolling to jamf, we are trying to sign in to Company portal and jamf compliance popup appears. Then we are entering our user account details again but somehow Microsoft login page shows that “get app”. It behaves like Company Portal is not installed. Briefly some of our computers are being Compliant without any problem, but some of others cannot
I created an EA to tell me the last time Adobe Acrobat was used. The issue I am facing is that i have gotten a lot of results showing as NULL. From what I can tell this happens if the user has not launched Adobe Acrobat since it has been updated. Any ideas or a better way to report the last time it was used? #!/bin/bash # Define the path to Adobe Acrobat acrobatPath="/Applications/Adobe Acrobat DC/Adobe Acrobat.app" # Adjust path if needed # Check if Adobe Acrobat is installed if [ -d "$acrobatPath" ]; then # Get the last used date using mdls lastUsedDate=$(mdls -name kMDItemLastUsedDate -raw "$acrobatPath") # Check if a date was returned (meaning it was opened at least once) if [ -n "$lastUsedDate" ]; then echo "<result>$lastUsedDate</result>" else echo "<result>Never Opened</result>" # Or a default date like "2001-01-01" fi else echo "<result>Not Present</result>" fi
Hi all - Trying to install Adobe Creative Cloud through Jamf School. I have had success with other .pkg files, but the installer file generated from our Adobe Admin Console is opening up like a folder and not a simple .pkg file. I've scanned the posts here for answers. Tried to send it as a zip, tried to generate a file with Compressor. No luck. Anyone have any suggestions? Thank you!
Hi everyone, I’m Ajay Hinduja, a Geneva Switzerland (Swiss) a travel enthusiast who’s recently been exploring Apple device management through Jamf Pro. I’d like to deploy an app across all managed Macs in my environment, and I’m wondering what the best practice is for doing this efficiently. Should I use a policy with a custom trigger, Self Service, or is there a better approach you’d recommend? Also, any tips on dealing with app updates or version control would be greatly appreciated. Thanks in advance for your guidance! Best,Ajay Hinduja, Geneva Switzerland (Swiss)
Earn a cool badge and Jamf Nation Reward Bytes for your published articles. We’re looking forward to your submissions!
216 Questions Answered
30 Questions Answered
17 Questions Answered
15 Questions Answered
39 likes
29 likes
18 likes
17 likes
11 likes
Learn about our customer advocacy program that celebrates our most passionate customers.
Join the community to receive product updates, and share feedback.
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.
