What's New

Computer Management Capabilities

Computer Inventory Reporting Enhancements

You can now create a smart computer group and an advanced computer search with "Remote Desktop Enabled" as the criteria.

Mobile Device Management Capabilities

Configuration Profiles Redesign Project

Jamf Pro 10.13.0 introduces the first iteration of the configuration profiles redesign project. The objectives of this project include:

  • Enhanced control over the settings defined in a profile

  • Streamlined user experience

  • Improved error handling and user input validation

  • Refined technical architecture to allow for better reporting capabilities

To achieve these objectives, a new approach to configuring payload settings and sending them to devices has been developed. In the new approach, switches allow you to enable the settings that will be sent to devices in scope. To ensure the desired setting value is installed on the device, you need to explicitly enable and configure the setting. Otherwise, Apple's operating systems enforce their defaults on devices. For more information about configuration profiles, see Apple's Using Configuration Profiles.

Note: The configuration profiles redesign project is incremental. It is structured based on payloads. In Jamf Pro 10.13.0, the improvements are introduced in the Passcode payload for mobile devices.

Passcode Payload for Mobile Devices

The Passcode payload for mobile devices is the first payload that you can configure using the redesigned user interface. To enable and further configure the settings, use the switches. Only the specifically enabled settings are sent to devices in scope. To remove the Passcode payload from a configuration profile, use the Clear All button which disables all settings.

Important: When upgrading Jamf Pro, any previously created configuration profiles that include Passcode payload settings are automatically migrated. Use the Jamf Pro user interface to review the settings. The migrated configuration profiles are not redistributed to devices.

The following table provides an overview of Apple's Passcode payload settings that are unique in Jamf Pro or are renamed in Jamf Pro 10.13.0:

Setting in Jamf Pro 10.12.0 or Earlier

Setting in Jamf Pro 10.13.0 or Later



(This setting was not explicitly displayed in the user interface.)

Require Passcode



This setting is automatically enabled in Jamf Pro 10.13.0 or later and deployed to devices if any other Passcode payload setting is enabled.

Allow simple value

Complex Passcode



Select the Require complex passcode checkbox to ensure the passcode cannot contain repeating, ascending, and descending character sequences.

If you do not select the checkbox, setting a simple passcode will be allowed on a device.

Require alphanumeric value

Alphanumeric Value



Select the Require alphanumeric value checkbox if the passcode must contain at least one letter and one number.

If you do not select the checkbox, the use of alphabetic characters ("abcd") along with numbers will not be required on a device.

For detailed information about each Passcode payload setting, see Apple’s documentation at https://developer.apple.com/documentation/devicemanagement/passcode.

Note: To configure Apple's allowFingerprint Modification key, use the Allow modifying Touch ID fingerprints (supervised only) setting in the Restrictions payload.

Remote Commands

The following table provides an overview of the mobile device remote command enhancements in this release, organized by command:

Remote Command

OS Requirement


Enable/Disable Personal Hotspot (new command)

iOS 7 or later

This command allows you to enable or disable the personal hotspot for mobile devices with iOS 7 or later.

In addition, "Personal Hotspot Enabled" is now a collected inventory attribute and is displayed in device inventory information with a returned value of "Yes" or "No". You can also create a smart mobile device group and an advanced mobile device search with "Personal Hotspot Enabled" as the criteria.

Note: This command can be sent to multiple devices at once using a mass action.

Update OS Version (enhancement)

tvOS 12.2 or later

You can now update the tvOS version to the latest version based on device eligibility or to a specific version. Updating to a specific tvOS version requires devices with tvOS 12.2 or later.

Note: This command is only available as a mass action.

Jamf Pro Server Tools 2.4.2

The following enhancements were made in Jamf Pro Server Tools 2.4.2, which is included in the Jamf Pro installers:

  • You can now edit and view the database connection settings from the GUI.

  • You can now add a custom MySQL installation path for finding the my.cnf or my.ini file by executing the following command:
    jamf-pro config set --mysql-home D:\example\path

  • You can now use environmental variables to override any variable in the configuration file, for example:

    • JAMF_MYSQL_HOME=/usr/local/mysql


Single Sign-On Enhancements

The Single Single-On (SSO) settings page in Jamf Pro has been redesigned to make configuring SSO easier to navigate. In addition, the following changes have been made to the SSO settings:

  • To enable Single Sign-On, you must now select the Enable Single Sign-On Authentication checkbox.

  • The Additional Login URL for Users with Privileges setting has been renamed to Failover Login URL.

  • The User Mapping: SAML setting has been renamed to Identity Provider User Mapping.

  • The User Mapping: Jamf Pro setting has been renamed to Jamf Pro User Mapping.

  • The Group Attribute Name setting has been renamed to Identity Provider Group Attribute Name.

  • The Allow bypass for all users setting has been renamed to Allow users to bypass the Single Sign-On authentication.

  • The Self Service for macOS setting has been renamed to Enable Single Sign-On for Self Service for macOS.

  • The User-Initiated Enrollment setting has been renamed to Enable Single Sign-On for User-Initiated Enrollment.

Jamf Pro API Changes and Enhancements

The Jamf Pro API beta is open for user testing. The base URL for the Jamf Pro API is /uapi. To access the Jamf Pro API documentation, append "/uapi/doc" to your Jamf Pro URL. For example: https://jss.instancename.com:8443/uapi/doc

Note: As the Jamf Pro API continues to be developed, changes will be made in future releases that may impact or break functionality. We strongly encourage that you test existing workflows using the Jamf Pro API before upgrading your production environment.

  • The /AppIntegrations endpoint was removed.

  • The following endpoints were added:

    • GET /v1/device-enrollment/sync

    • GET /v1/device-enrollment/sync/{id}

    • GET /v1/device-enrollment/sync/{id}/latest

    • GET /v1/mobile-device-groups

    • POST /v1/mobile-device-prestages

    • PUT /v1/mobile-device-prestages

    • DELETE /v1/mobile-device-prestages

    • GET /v1/mobile-device-prestages/{id}/history

    • POST /v1/mobile-device-prestages/{id}/history

    • GET /v1/mobile-device-prestages/{id}/attachments

    • GET /v1/mobile-device-prestages/scope

    • GET /v1/mobile-device-prestages/sync

    • GET /v1/mobile-device-prestages/sync/{id}

    • GET /v1/mobile-device-prestages/sync/{id}/latest

    • GET /v1/static-user-groups

    • GET /v1/static-user-groups/{id}

    • GET /v1/supervision-identities

    • POST /v1/supervision-identities

    • GET /v1/supervision-identities/{id}

    • PUT /v1/supervision-identities/{id}

    • DELETE /v1/supervision-identities/{id}

    • GET /v1/supervision-identities/{id}/download

    • POST /v1/supervision-identities/upload

  • In the DeviceEnrollmentPrestage object definition, the following fields were added:

    • locationInformation

    • purchasingInformation

  • In the MobileDevice object definition, the isPersonalHotspotEnabled field was added.

  • The following endpoints now have the permission corrected:

    • /ldap/groups

    • /ldap/servers

  • In the /startup-status endpoint, the GET method can now return a new DATABASE_PASSWORD_MISSING error code.

For more information, see the Jamf Pro API documentation and the Jamf Pro Developer Portal.

Additional Security for In-House Book Distribution

You can now configure a JSON Web Token (JWT) to control the distribution of iOS and tvOS in-house books from an external distribution server.

Shared iPad Enhancements

Jamf Pro now allows you to add up to 99 user accounts that can be stored with Shared iPad.

Note: Storing additional accounts limits the space reserved for each user account. For more information, see the Use Shared iPad section in Apple's Education Deployment Guide.

Smart Group Criteria Updates for New iMac Models

For information about updating smart computer groups to ensure that hardware model values are accurate after upgrading to Jamf Pro 10.13.0, see the Updating Jamf Pro Smart Groups to Reflect New Hardware Models Knowledge Base article.

Other Changes and Enhancements

  • APNs functionality was refactored to reduce performance issues. With these changes, you can send several mass actions or remote commands in a short period of time and expect to see a reduction in the sustained Java memory and CPU usage.

  • Improvements were made to how the Jamf AAD handles Azure Active Directory tokens. Every 15 minutes, the Jamf AAD checks to see if the last Azure token was gathered 12 hours ago. If the token was gathered over 12 hours ago, the Jamf AAD requests a new token and sends it to Jamf Pro. If the token was gathered less than 12 hours ago, the Jamf AAD does not request a new token.

  • The Application Key setting has been renamed to Client Secret in the Conditional Access settings.

Further Considerations

  • Privileges associated with new features in Jamf Pro are disabled by default.

  • It is recommended that you clear your browser's cache after upgrading Jamf Pro to ensure that the Jamf Pro interface displays correctly.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2019 Jamf. All rights reserved.