Jamf Nation Community

SteveS · ‎11-24-2023

I need to setup a new config for single app mode kiosks. These will be locked into a single app. I need to build in this config a process for performing maintenance, App update, OS update etc.

In the past I ran into issues with apps not updating if locked into single app mode or not upgrading the OS pretty much ever. I would like this to be as automated as possible. Any recomendations?

Is it possible to have a smart group based on time of day? Maybe it removes and readds the app lock profile based on time of day?

mdp · ‎11-25-2023

Here's a script that I wrote to solve that issue for us:

https://github.com/MatthewPrins/Jamf/blob/main/Temporary_Group_Membership.py

Basically, the script switches the membership in a mobile device smart group from no devices to all devices, for whatever amount of time you want (an hour for us). I put the aforementioned smart group in the exclusions for the kiosk config profile, and then I set up a cron job to run the script on Saturday night, so for an hour a week all devices are excluded from the kiosk profile and can get their OS and app updates.

---
Matthew Prins -- Jamf Scripts @ Github

AlexHoffman · ‎11-27-2023

I use an extension attribute to descope individual devices out of single app mode for my help desk team to troubleshoot. When I need to run maintenance on the entire fleet, I'll make a smart group with the scope of devices I need to do maintenance on, then set that group as an exclusion to single app mode profile. I restart the group to pull them out of single app mode and kill the app that's running. I do my maintenance and then if you make your group correctly, they should drop out of scope of the exclusion group and go back into Single App Mode. I will descope the exclusion group for good measure when I'm done to ensure everything goes back into Single App Mode. Once the profile hits, it will launch the app for you.

Jamf Nation Community

iOS Kiosk - Single Application - Maintenance mode