What's New

Computer Management Capabilities

Configuration Profile Enhancements

The following table provides an overview of the computer configuration profile enhancements in this release, organized by payload:

Setting

Key Included in Payload

OS Requirement

Notes

Smart Card Payload

Enable Screen Saver on Smart Card removal

FieldTokenRemovalAction

macOS 10.13.4 or later

You can automatically enable the Screen Saver on target computers when the Smart Card is removed.

For more information about the settings in the Smart Card payload, see the following Apple documentation:
https://support.apple.com/guide/mdm/smart-card-mdm731e6a3c4/1/web/1

Certificate Transparency (new payload)

You can now exclude domains and certificates from certificate transparency enforcement on target computers. This payload allows you to add the domains that you want to exclude from Apple's Certificate Transparency rules when the TLS certificate is not allowed.

Note: The Certificate Transparency payload is only available for computer level configuration profiles.

For more information about the Certificate Transparency payload, see the following Apple documentation:
https://support.apple.com/guide/mdm/certificate-transparency-mdmbafaa79ff/1/web/1

Excluded Domains

DisabledForDomains

macOS 10.14.2 or later

Domains to be excluded must be valid (e.g., “.example.com”, “.example.co.uk”, “.example.com” are valid; “.com” is not valid).

Excluded Certificates

DisabledForCerts

macOS 10.14.2 or later

The value entered should be set to the SHA-256 hash of the certificate's subject public key information.

Mobile Device Management Capabilities

Configuration Profile Enhancements

The following table provides an overview of the mobile device configuration profile enhancements in this release, organized by payload:

Setting

Key Included in Payload

iOS Requirement

Notes

Restrictions payload

Allow Screen Time (supervised only)

allowEnablingRestrictions

iOS 12 or later

This setting was previously named Allow modifying Restrictions (supervised only).

For more information about the restrictions for supervised devices, see the following Apple documentation:
https://support.apple.com/guide/mdm/supervised-restrictions-mdm54960f92a/1/web/1

Certificate Transparency (new payload)

You can now exclude domains and certificates from certificate transparency enforcement on target mobile devices. This payload allows you to add the domains that you want to exclude from Apple's Certificate Transparency rules when the TLS certificate is not allowed.

For more information about the Certificate Transparency payload, see the following Apple documentation:
https://support.apple.com/guide/mdm/certificate-transparency-mdmbafaa79ff/1/web/1

Excluded Domains

DisabledForDomains

iOS 12.1.1 or later and tvOS 12.1.1 or later

Domains to be excluded must be valid (e.g., “.example.com”, “.example.co.uk”, “.example.com” are valid; “.com” is not valid).

Excluded Certificates

DisabledForCerts

iOS 12.1.1 or later and tvOS 12.1.1 or later

The value entered should be set to the SHA-256 hash of the certificate's subject public key information.

Remote Commands

Clear Screen Time Passcode

This command allows you to remove the Screen Time passcode from a supervised device. This remote command was previously named Clear Restrictions.

This feature requires supervised devices with iOS 8 or later.

Apple Classroom Support for Student Mac Computers

You can now create Classes in Jamf Pro for student computers with macOS 10.14.4 or later. To do this, you must first assign the student to a computer in Jamf Pro. Then, you add the students to a class (either as an individual user or as a user group). You assign the teacher to an iPad or computer in Jamf Pro, and then add the teacher to the class (either as an individual user or as a user group).

Jamf Pro API Changes and Enhancements

The Jamf Pro API beta is open for user testing. The base URL for the Jamf Pro API is /uapi. To access the Jamf Pro API documentation, append "/uapi/doc" to your Jamf Pro URL. For example: https://jss.instancename.com:8443/uapi/doc

Note: As the Jamf Pro API continues to be developed, changes will be made in future releases that may impact or break functionality. We strongly encourage that you test existing workflows using the Jamf Pro API before upgrading your production environment.

  • The mobile-device-prestages endpoint is added.

  • The following tags now start with /v1 to ensure overall consistency:

    • client-check-in

    • departments

    • enrollment

    • inventory-preload

    • scripts

The original endpoints were marked as deprecated.

  • The /categories endpoint now starts with /v2 to ensure overall consistency. The original endpoint was marked as deprecated.

  • In the /buildings endpoint, the "pagesize" query parameter was renamed to "size" for most paginated GET requests.

  • The "sort" query parameter on selected GET operations now accepts a comma-separated list of criteria. They can be followed by a colon and the "asc" or "desc" sorting parameter.

  • In the /startup-status endpoint, the GET method can now return a new DATABASE_MYISAM_ERROR error code.

  • In the /v1/device-enrollment tag, the following endpoints were added:

    • GET /{id}/history

    • POST /{id}/history

For more information, see the Jamf Pro API documentation and the Jamf Pro Developer Portal.

Jamf Pro Server Tools 2.4.0

The following enhancements were made in Jamf Pro Server Tools 2.4.0, which is included in the Jamf Pro installers:

  • You can now use the command-line interface to view and edit the Jamf Pro database connection settings when executing the jamf-pro server config command.

  • You can now back up databases of any size.

  • On Windows, Jamf Pro Server Tools events are now logged in the Windows Event Viewer.

  • Unix (macOS, Red Hat Enterprise Linux, Ubuntu):

    • The default sysloglevel was changed from "info" to "notice" to make the events viewable with default configurations on both macOS and Ubuntu.

    • Sockets are now used instead of TCP when communicating with local MySQL instances.

    • Ports are no longer used when connecting to local database instances.

Device Enrollment Enhancements

Terms and Conditions Notification

A notification is now displayed in the Jamf Pro Notifications and for a Device Enrollment instance when Apple's Terms and Conditions are updated. The updated agreement must be accepted to modify or assign new devices to any associated PreStage enrollments. For more information about the updated agreement, see the following:
https://support.apple.com/HT203063

PreStage Enrollment Enhancements

You can now select all devices in the scope of a computer or mobile device PreStage enrollment. Previously, you could only select the devices on one page of the scope when selecting all devices.

App Notarization

On macOS 10.14 or later, Apple allows app notarization, which indicates the application was uploaded to Apple and passed their security check before distribution. The following applications are now notarized by Apple:

  • Composer

  • Jamf Admin

  • Jamf Remote

  • Recon

Disclaimer: Due to recent improvements in macOS security, hardware, management, and deployment, the Jamf Imaging app will not be notarized or receive further feature updates. Using Jamf Imaging to image computers with macOS 10.14 or later that have the Apple T2 Security Chip is not recommended by Jamf. Administrators may continue to use Jamf Imaging as an installation method for computers with macOS 10.13 or earlier that do not include the Apple T2 Security Chip. For more information, see the Imaging documentation in the Jamf Pro Administrator's Guide.

Webhooks Enhancements

You can now configure the DeviceAddedToDEP webhook to send an event when a computer or mobile device is added to the device enrollment (previously DEP) instance. The following information about the device is included with the event:

  • Serial number

  • Model

  • Description

  • Asset tag

  • Device Assigned Date

  • DEP Instance ID

Other Changes and Enhancements

The Jamf AAD now communicates with the Jamf management framework via XPC, which is the interprocess communication technology that is recommended by Apple. This will improve the security and stability of the Jamf AAD. For more information about XPC, see Apple's documentation: https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingXPCServices.html

Further Considerations

  • Privileges associated with new features in Jamf Pro are disabled by default.

  • It is recommended that you clear your browser's cache after upgrading Jamf Pro to ensure that the Jamf Pro interface displays correctly.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2019 Jamf. All rights reserved.