Security Settings

The Security settings in Jamf Pro allow you to do the following:

  • Enable certificate-based authentication.

  • Enable push notifications.

  • Automatically install the Privacy Preferences Policy Control profile.

  • Configure SSL certificate verification.

  • Specify the condition under which the checksum will be used to validate packages. If you choose to validate packages, the validation occurs after the package is downloaded.

  • Specify a maximum clock skew between managed computers and the Jamf Pro host server.

  • Require login authentication when retrieving PreStage imaging and Autorun imaging information.

When a Mac computer attempts to communicate with the Jamf Pro server and the security requirements specified in Jamf Pro are not met, communication is blocked.

Automatically Installing the Privacy Preferences Policy Control Profile

When you enroll a computer with Jamf Pro, the computer automatically becomes managed by Jamf Pro. This allows you to perform remote management tasks on the computer. To perform some tasks on computers with macOS 10.14 or later, you must allow the Jamf management framework to access the target computer's system files and processes by installing the Privacy Preferences Policy Control profile.

Note: The Privacy Preferences Policy Control profile is part of a security feature introduced in macOS 10.14. For more information about the Privacy Preferences Policy Control profile, see the following website:
https://help.apple.com/deployment/mdm/#/mdm38df53c2a

This option is enabled by default and allows Jamf Pro to automatically install the Privacy Preferences Policy Control profile on computers with macOS 10.14 or later that have a User Approved MDM status. This allows the Jamf management framework to be installed on computers to access the necessary system files and processes for managing computers and performing the remote management tasks on the computers.

The Enable certificate-based authentication and Enable push notifications settings must be enabled to access this feature.

For more information about the contents of the Privacy Preferences Policy Control profile, see the "Privacy Preferences Policy Control Profile Contents" section of the Preparing your Organization for User Data Protections on macOS 10.14 Knowledge Base article.

Configuring SSL Certificate Verification

Configuring the SSL Certificate Verification setting in Jamf Pro ensures that computers only communicate with a host server that has a valid SSL certificate. This prevents computers from communicating with an imposter server and protects against man-in-the-middle attacks.

Consider the following when configuring SSL certificate verification:

  • If you are using the self-signed certificate from Apache Tomcat that is built into Jamf Pro, you must select "Always except during enrollment".

  • If you are using an SSL certificate from an internal CA or a trusted third-party vendor, select either "Always" or "Always except during enrollment". It is recommended that you use "Always" if computers in your environment are configured to trust the certificate before they are enrolled.

For more information, see the following Knowledge Base articles:

Requirements

To enable push notifications, you must have a push certificate in Jamf Pro. For more information, see Push Certificates.

Configuring Security Settings

  1. Log in to Jamf Pro.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/19534325/Icon_Settings_Hover.png .

  3. Click Computer Management.

  4. In the ”Computer Management–Management Framework” section, click Security images/download/thumbnails/19534325/Security.png .

  5. Click Edit.

  6. Configure the settings on the pane.

  7. Click Save.

Related Information

For related information, see the following sections in this guide:

  • Certificates
    Learn about device certificates and the SSL certificate.

  • SSL Certificate
    Find out how to create or upload an SSL certificate that Mac computers can use to verify the identity of the Jamf Pro server.

  • Calculating a Checksum
    Learn about using the checksum to validate a package and how to manually calculate the value.

  • PreStage Imaging
    Learn about using PreStage Imaging.

  • Autorun Imaging
    Learn about using Autorun Imaging.

For related information, see the following Knowledge Base articles:

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2018 Jamf. All rights reserved.