What's New

Computer Management Capabilities

Configuration Profile Enhancements

Privacy Preferences Policy Control Payload (macOS 10.14 or later)

You can now configure settings to allow or deny access to applications and services within a target computer's Security & Privacy preference pane as part of the Privacy Preferences Policy Control profile.

Note: The Privacy Preferences Policy Control profile is part of a security feature with macOS 10.14. For more information about the Privacy Preferences Policy Control profile, see the following website:
https://help.apple.com/deployment/mdm/#/mdm38df53c2a

For more information, see the Preparing your Organization for User Data Protections on macOS 10.14 Knowledge Base article.

Content Caching Payload (macOS 10.13.4 or later)

You can now configure the Content Caching payload for computers with macOS 10.13.4 or later. This payload allows you to control the content that is cached on target computers.

Package Deployment via a PreStage Enrollment

You can now add a package to a computer PreStage enrollment. This allows you to deploy the package to computers with macOS 10.14 or later during enrollment with Jamf Pro. The package is installed on computers before the user completes the Setup Assistant.

To deploy an enrollment package to computers, you must have a cloud distribution point configured as the master distribution point in Jamf Pro.

Computer Inventory Reporting Capabilities

macOS Intune Integration Logs

You can now view the inventory data sent to Microsoft Intune for each username associated with a computer when the macOS Intune Integration is enabled.

To view which inventory attributes were sent to Microsoft Intune, navigate to a computer's history and click the macOS Intune Integration Logs category.

Added Criteria for Smart Computer Groups and Advanced Searches

You can now create a smart computer group or an advanced computer search with the Passcode History criteria.

You can use the Passcode History criteria to determine the number of previous passwords to prevent the reuse of passwords. To view the status of this setting, navigate to the Local User Account category of a computer’s inventory information.

Mobile Device Management Capabilities

Additional Skip Step for Mobile Device PreStage Enrollment

You can now select the Add Cellular Plan (iOS only) skip step for mobile device PreStage enrollments.

Third-party Signing Certificate for User-Initiated Enrollment

You can now use a third-party signing certificate (e.g., from GoDaddy) for computers and mobile devices during user-initiated enrollment. Adding a trusted signing certificate ensures the MDM profile displays as "Verified” to users during user-initiated enrollment. If your Jamf Pro server uses a publicly-trusted SSL certificate, you may also choose to skip the installation of the CA certificate to further shorten the enrollment experience.

To add a signing certificate to user-initiated enrollment, navigate to Settings > Global Management > User-Initiated Enrollment.

Important: Due to a known issue with the third-party signing certificate in the Jamf Pro 10.9.0 release, it is not recommended to use this feature in macOS environments that rely on QuickAdd package-based or jamf binary-initiated MDM enrollments. For more information, see PI-006586 in the Known Issues section.

Introducing Engage

Engage sends usage analytics to Jamf to help us improve your Jamf Pro experience. In addition, Engage also displays helpful tool tips, highlights new features, and allows you to provide user feedback directly from your Jamf Pro environment.

Tool tips and new feature highlights are identified by a pulsing blue dot within the Jamf Pro interface.

Note: Using a browser with ad blocking software enabled may prevent Engage from displaying properly. To fully experience Engage, ensure that you are using a browser that does not have ad block enabled.

To access this setting, navigate to Settings > System Settings > Engage.

Note: Engage is enabled by default when upgrading to Jamf Pro 10.9.0.

For more information, see the Engage Overview and FAQ Knowledge Base article.

Jamf Pro Server Tools

The Jamf Pro 10.9.0 installers now include the Jamf Pro Server Tools software utility that you can use to perform the following server and database maintenance tasks:

  • Set up MySQL database connection information and test the MySQL database connection

  • Backup the Jamf Pro database

  • Restore Jamf Pro database backups

  • Start and stop Tomcat, and modify Tomcat web app memory settings

  • Start and stop MySQL, and modify MySQL settings

The Jamf Pro Server Tools GUI is installed automatically when you run the Jamf Pro Installer. It is located at:

  • Linux: /usr/local/jss/bin/server-tools-gui.jar

  • Mac: /Library/JSS/bin/server-tools-gui.jar

  • Windows: C:\Program Files\JSS\bin\server-tools-gui.jar

For more information, see the Jamf Pro Server Tools Overview Knowledge Base article.

Installing Apps Using a URL Scheme and Jamf Self Service for iOS

You can now configure a URL scheme to automatically install apps on a mobile device through Self Service for iOS. This allows you to quickly set up a new mobile device without your end users having to search for multiple apps in Self Service.

For instructions, see the Installing Apps on Mobile Devices Using a URL Scheme and Jamf Self Service for iOS Knowledge Base article.

Smart Group Validation

Jamf Pro now validates nested references in smart groups and advanced searches to ensure criteria does not reference non-existent smart groups.

Smart groups are validated on startup. If references to non-existent smart groups are found, calculations of affected smart groups are paused. An error icon and message will display on paused smart group pages and the list of smart groups page.

Saved advanced searches are validated on startup. If references to non-existent smart groups are found, the advanced search will return an error. An error icon and message will display on affected advanced search pages and the list of advanced searches page.

Affected smart groups and advanced searches will resume calculation after references to non-existent smart groups are removed from their criteria.

Note: Only nested references to smart groups in smart groups and advanced searches are validated.

Jamf Pro API Changes and Enhancements

The Jamf Pro API beta is open for user testing. The base URL for the Jamf Pro API is /uapi. To access the Jamf Pro API documentation, append "/uapi/doc" to your Jamf Pro URL. For example: https://jss.mycompany.com:8443/uapi/doc

Note: As the Jamf Pro API continues to be developed, changes will be made in future releases that may impact or break functionality. We strongly encourage that you test existing workflows using the Jamf Pro API before upgrading your production environment.

  • The Jamf Pro API Swagger documentation now includes example values in several endpoints to allow for easier use.

  • The PUT /self-service/branding/configurations/{id} endpoint has been added under the /self-service tag.

  • The GET /startup-status has been added under the /startup-status tag.

  • The following endpoints have been added under the /engage tag:

    • GET /engage

    • PUT /engage

    • GET /engage/history

    • POST /engage/history/notes

  • The SsoSettings, SsoKeystore, SsoKeystoreDetails, and SsoKeystoreWithDetails models now specify which fields are required.

  • "languageName" has been renamed to "name" in the LegacyEnrollmentProcessText and EnrollmentProcessTextObject models.

  • "isSigningMdmProfileTurnedOnByKnob" has been removed from the LegacyEnrollmentProcessText and EnrollmentProcessTextObject models.

  • "ldapServerName" has been removed from the LdapGroup model.

  • The /obj part has been removed from the /settings/obj/enrollment/settings endpoints.

Other Changes and Enhancements

  • The Jamf Pro 10.9.0 installers include the Jamf Pro Server Tools Command-Line Interface 1.2.2.

  • Customized Self Service branding icons now automatically display as the Self Service for macOS app icon in the Finder and the Dock after being configured in Jamf Pro. Previously, the customized branding icon would not display as the app icon until the user had logged in to Self Service for the first time.

  • Policies initiated by the enrollment complete trigger are now run in the background by the jamf binary instead of through the enroll script. This allows you to use the Privacy Preference Policy Control payload to suppress end user prompts.

  • Jamf Pro now uses Unix user paths by default to save space in the application details database table.

  • Jamf Pro now automatically renews Active Directory Certificate Services (AD CS) certificates for user-level macOS configuration profiles.

  • MDM commands at the macOS user level are no longer queued after an LDAP user logs out of the computer.

  • A Jamf Pro administrator no longer needs the "Update" privilege for Mobile Devices and Computers to send remote commands.

  • Renamed the "Microsoft Intune Integration" section to "Integrating with Microsoft Intune" in the Jamf Pro Administrator's Guide.

  • Added more details for Azure Active Directory ID, User Azure Active Directory ID, and Computer Azure Active Directory to the Viewing and Editing Inventory Information for a Computer section of the Jamf Pro Administrator's Guide.

Further Considerations

  • Privileges associated with new features in Jamf Pro are disabled by default.

  • It is recommended that you clear your browser's cache after upgrading Jamf Pro to ensure that the Jamf Pro interface displays correctly.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2018 Jamf. All rights reserved.