What's New

Updated 20 November 2019

Support for Spanish in Jamf Pro

Jamf Pro can now be displayed in Spanish and supports Spanish characters as values. To set Spanish as the preferred language in Jamf Pro, click the account settings icon at the top of the page, choose Account Preferences, and then choose Spanish as the default language. Translated documentation will follow in an upcoming release.

End of Support for MySQL 5.7.7 or Earlier

Starting with Jamf Pro 10.16.0, MySQL 5.7.7 or earlier is no longer supported. For more information, see the Upgrading to MySQL 8.0 Knowledge Base article.

PreStage Enrollment Changes

Pre-Fill Account Information

You can now pre-fill the primary account information on computers during enrollment. When users enroll their computers, the Full Name and Account Name will be pre-populated in the Setup Assistant. You can choose the following options to pre-fill this information:

  • Custom Details—This option allows you to enter the account full name and the account name for the computer. This information is applied to all computers enrolled via the PreStage.

  • Device Owner's Details—If you configure a PreStage enrollment to require authentication or you add an Enrollment Customization configuration that enables the user to sign in using their Identity Provider (IdP) credentials, this option pre-fills the account information with the credentials the user signed in with.

In addition, you can choose to lock the information so a user cannot change the information during the Account Creation screen in the Setup Assistant.

This option is available in the Account Settings payload of a computer PreStage enrollment. This feature requires macOS 10.15 or later.

Shared iPad Enhancements

Jamf Pro now prevents you from enabling Shared iPad in a mobile device PreStage enrollment if the associated Device Enrollment instance uses a token from Apple Business Manager.

Automatically Apply MDM Profile and Supervision

Computers with macOS 10.15 or later, devices with iOS 13 or later, and devices with iPadOS 13 or later automatically apply the following settings during enrollment with Jamf Pro:

  • Make MDM Profile Mandatory (computer and mobile device PreStage enrollment)

  • Supervise Devices (mobile device PreStage enrollment)

Note: For computers with macOS 10.14.4 or earlier and devices with iOS 12.2 or earlier, it is recommended that you manually enable these settings to maintain full management capabilities of devices.

Webhooks Enhancements

The following enhancements have been added to Webhooks:

  • "ComputerCheckIn" now returns IP address and Reported IP address

  • "MobileDeviceCheckin" now returns IP address

Extension Attributes Enhancements

You can now use the $ExtensionAttribute_# variable for computer extension attributes. This variable can be used in computer configuration profiles.

Computer Management Capabilities

Configuration Profile Enhancements

The following table provides an overview of the computer configuration profile enhancements in this release, organized by payload:

Setting

Key Included in Payload

OS Requirements

Notes

Content Caching (Enhancements)

Remove content from the cache when the system needs disk space for other apps

AllowCacheDelete

macOS 10.13.4 or later

You can now allow cached content to be automatically removed if free disk space is running low and is needed for additional apps.

Display status alerts

DisplayAlerts

You can now allow Content Caching to display alerts as notifications.

Prevent the computer from sleeping while caching is on

KeepAwake

You can now prevent a computer from sleeping if Content Caching is on in the target computer's System Preferences.

Passcode Payload (Enhancements)

Force password reset on next user authentication (macOS 10.13 or later)

changeAtNextAuth

macOS 10.13 or later

When this setting is enabled, the profile forces a password reset the next time the user authenticates. In addition, if the profile containing this payload is modified and re-saved, the setting is enforced the next time the user authenticates.

This setting applies to the Jamf Management Account and all local accounts including the administrator on target computers. Authentications may fail until the password is reset.

Software Update (Enhancements)

Automatically install macOS updates

AutomaticallyInstallMacOSUpdates

macOS 10.15 or later

You can now disable the Install macOS Updates option in a target computer's System Preferences and prevent the user from enabling it.

Automatically install app updates from the App Store

AutomaticallyInstallAppUpdates

You can now disable the Install app updates from the App Store option in a target computer's System Preferences and prevent the user from enabling it.

Automatically check for updates

AutomaticCheckEnabled

You can now disable the Check for updates option in a target computer's System Preferences and prevent the user from enabling it.

Automatically download new updates when available

AutomaticDownload

You can now disable the Download new updates when available option in a target computer's System Preferences and prevent the user from enabling it.

Automatically install configuration data

ConfigDataInstall

You can now disable the automatic installation of configuration data.

Automatically install system data files and security updates

CriticalUpdateInstall

You can now disable the Install system data files and security updates option in a target computer's System Preferences and prevent the user from enabling it.

System Extensions (New Payload)

You can now use the System Extensions payload to allow app developers to extend their products. The System Extensions payload will replace the Approved Kernel Extensions payload in a future release of Jamf Pro.

Allow users to approve system extensions

AllowUserOverrides

macOS 10.15 or later

When this setting is enabled, you can configure the settings for System Extensions.

Allowed System Extension Types

AllowedSystemExtensionTypes

You can choose the following System Extension types:

  • Allowed System Extensions

  • Allowed System Extension Types

  • Allowed Team Identifiers

Allowed System Extensions

AllowedSystemExtensions

You can specify a list of allowed system extensions in the text field using the bundle identifier.

Allowed Team Identifier

AllowedTeamIdentifiers

You can specify the team bundle identifier for all System Extensions.

Additional Reporting Capabilities

Jamf Pro now displays the following attributes in a computer's inventory information and allows you to create a smart computer group or an advanced computer search:

Inventory Attribute

Smart Group/Advanced Search Criteria

Requirement

Value Returned in Inventory Information

Smart Group/Advanced Search Value

Primary Network Adapter Type

 

(Inventory information attribute only) Displays the network adapter type.

N/A

Secondary Network Adapter Type

 

(Inventory information attribute only) Displays the network adapter type.

N/A

Conditional Access Inventory State

Note: This criteria was previously named "Azure Active Directory ID" in the computer inventory information.

 

Computer must be registered with Microsoft Azure

  • Activated

  • Deactivated

  • Unresponsive

  • Activated

  • Deactivated

  • Unresponsive

Secure Boot Level

Compatible macOS 10.15 or later

For more information on compatibility, see Apple's documentation:
https://support.apple.com/HT208330

  • Full Security

  • Medium Security

  • No Security

  • Unknown

  • Not Supported

    Note: This value is returned if the computer does not meet compatibility requirements.

  • Full

  • Medium

  • Off

  • Unknown

  • Not Supported

External Boot Level

Compatible macOS 10.15 or later

For more information on compatibility, see Apple's documentation:
https://support.apple.com/HT208330

  • Disallow booting from external media

  • Allow booting from external media

  • Unknown

  • Not Supported

    Note: This value is returned if the computer does not meet compatibility requirements.

  • Allowed

  • Disallowed

  • Unknown

  • Not Supported

For more information about Secure Boot Level and External Boot Level, see the following Apple documentation:
https://support.apple.com/HT208330

Mobile Device Management Capabilities

Configuration Profile Enhancements

The following table provides an overview of the mobile device configuration profile enhancements in this release, organized by payload:

Setting

Key Included in Payload

OS Requirement

Notes

Exchange ActiveSync (Enhancements)

Calendars

EnableCalendars

iOS 13 or later

You can now enable these services for the Exchange ActiveSync account. You must have at least one service enabled.

Contacts

EnableContacts

Mail

EnableMail

Notes

EnableNotes

Reminders

EnableReminders

Calendars

EnableCalendarsUserOverridable

You can now allow the user to enable these services for the Exchange ActiveSync account.

Contacts

EnableContactsUserOverridable

Mail

EnableMailUserOverridable

Notes

EnableNotesUserOverridable

Reminders

EnableRemindersUserOverridable

OAuth Sign in URL

OAuthSignInURL

You can now specify the URL that the Exchange ActiveSync account should use for signing in via OAuth. If you specify this URL, you must also specify the Exchange ActiveySync host.

OAuth Token Request URL

OAuthTokenRequestURL

You can now specify the URL that the Exchange ActiveSync account should use for token requests via OAuth.

Single App Mode (Enhancements)

Voice Control

AppLock.App.Options.EnableVoiceControl

iOS 13 or later

tvOS 13 or later

You can now enforce Voice Control on a device when in Single App Mode.

Voice Control

AppLock.App.UserEnabledOptions.VoiceControl

You can now allow the user to change Voice Control settings on their device when in Single App Mode.

User Enrollment Enhancements (Preview Feature)

The following enhancements have been made to User Enrollment:

  • View Devices Enrolled Using User Enrollment—Devices enrolled using User Enrollment display as "Personal (User Enrollment)" in the mobile device inventory information for the Device Ownership Type.

  • Enrollment User Experience—Users are now prompted to enter their Managed Apple ID to download the MDM profile.

To access this feature in Jamf Pro, navigate to Settings > Global Management > User-Initiated Enrollment.

For more information, see the User-Initiated Enrollment Settings section in the Jamf Pro Administrator's Guide.

Additional Reporting Capabilities

Jamf Pro now displays the following attributes in a mobile device's inventory information and allows you to create a smart device group or an advanced mobile device search:

Inventory Attribute

Smart Group/Advanced Search Criteria

Requirement

Value Returned in Inventory Information

Smart Group/Advanced Search Value

Jamf Parent Pairings

  • Supervised student devices with Jamf Self Service for iOS 10.9.0 or later

  • Parents with mobile devices with iOS 10.2 or later with the Jamf Parent app installed on it.

N/A

Displays a numerical value that represents the number of devices with Jamf Parent that are paired with the student device.

Additional Remote Commands

Remote Command

OS Requirement

Notes

Available as Mass Action

Refresh Cellular Plans

iOS 13 or later

This command allows you to refresh a device’s cellular plan by querying a carrier URL for active eSIM cellular plan profiles.

Note: The device and carrier must support eSIM. For more information, see the following article from Apple's support website:
https://support.apple.com/HT209096

N/A

Apple School Manager Roster Criteria for Smart Groups and Advanced Searches

You can now use roster information from Apple School Manager as criteria for smart user groups and advanced user searches. The following criteria are newly available:

  • Roster Class Name

  • Roster Class Number

  • Roster Class Room

  • Roster Class Source

  • Roster Course Name

  • Roster Course Source

  • Roster Email Address

  • Roster Full Name

  • Roster Grade

  • Roster Instructor Name

  • Roster Location Name

  • Roster Location Source

  • Roster Managed Apple ID

  • Roster SIS Username

  • Roster User Federated Authentication

  • Roster User Passcode Type

  • Roster User Source

For more information on smart user groups and advanced user searches, see the Smart Groups and Advanced User Searches sections of the Jamf Pro Administrator's Guide.

DigiCert Integration Enhancements

DigiCert Replaces Symantec

All instances of "Symantec" have been replaced by "DigiCert" in Jamf Pro. For more information, see the following webpage:
https://www.digicert.com/news/digicert-completes-acquisition-of-symantec-ssl/

Automatic DigiCert Certificate Revocation

You can now automatically revoke DigiCert certificates from computers or mobile devices when they fall out of the scope you define in a configuration profile. New options for enabling and disabling automatic certificate revocation are now displayed when you create or edit a certificate authority.

If you are upgrading to Jamf Pro 10.16.0 and have existing Symantec certificates, the automatic certificate revocation option is set to disabled by default.

DigiCert Certificate Distribution via Configuration Profiles

You can use Jamf Pro to distribute certificates with DigiCert as the certificate authority (CA) to computers and mobile devices in your environment using configuration profiles in the following ways:

  • Enable devices to communicate with the SCEP server

  • Distribute the CA certificate directly to devices

For more information, see:

Jamf Pro Server Tools 2.6.2

The following enhancements are included in Jamf Pro Server Tools 2.6.2, which is installed with Jamf Pro 10.16.0:

  • After the database is initialized, a prompt now allows you to save the database connection settings to the Jamf Pro Server DataBase.xml file.

  • Old database backup files are now deleted based on file modification date and time.

  • The backup limit now deletes the correct backup regardless of filename.

  • Backup timestamps for filenames now display the current 24-hour time.

  • TLS is now the preferred protocol when using TCP.

  • The jamf-pro database backup command will lock all tables when MyISAM tables exist or set a transaction when the backup process begins to provide a consistent state backup.

  • Linux: The jamf-pro server status command now correctly reports "running" if errors occurred during startup.

  • Windows:

    • Scheduling backups now allows additional flags to be passed to schtasks.exe.

    • A new --highest flag can be used to schedule backups as SYSTEM. To take advantage of this change, you must remove and recreate any existing scheduled backups and run the command prompt as an Administrator. To use the new settings, you must also move the jamf-pro config file to %ProgramData%\Jamf\tools.yaml.

      Warning: Scheduling backups using the SYSTEM account on Windows can expose your MySQL credentials or database backups to other accounts that are allowed to run as Administrator or accounts that can view the %ProgramData%\Jamf\tools.yaml file or your backup files.

Regex Support for Advanced VPP Content Search, Advanced Users Search, and Smart User Groups

You can now use the "matches regex" and "does not match regex" operators in criteria for advanced VPP content searches, advanced user searches, and smart user groups. For more information on regular expressions, see the Using Regex with Smart Groups and Advanced Searches Knowledge Base article.

Enhancements to Smart Groups and Advanced User Searches

The following enhancements were made to smart groups and advanced user searches:

  • You can now use nested user groups as criteria.

  • You can now use the “OR” operator between criteria.

  • You can now use a parenthesis before the first criteria.

Jamf Pro API Changes and Enhancements

The Jamf Pro API beta is open for user testing. The base URL for the Jamf Pro API is /uapi. To access the Jamf Pro API documentation, append "/uapi/doc" to your Jamf Pro URL. For example: https://jss.instancename.com:8443/uapi/doc

Note: As the Jamf Pro API continues to be developed, changes will be made in future releases that may impact or break functionality. We strongly encourage that you test existing workflows using the Jamf Pro API before upgrading your production environment.

  • The following endpoints were added:

    • GET /preview/cloud-ldaps/defaults/basic-configuration

    • GET /preview/cloud-ldaps/defaults/mappings

    • GET /preview/cloud-ldaps/{id}/connection

    • GET /preview/engage/account-configuration

    • GET /preview/system/info

    • PUT /v1/app-request/form-input-fields

    • GET /v1/enrollment-customization/{id}/history

    • POST /v1/enrollment-customization/{id}/history

  • The optional query parameter pagesize has been renamed to size for the following GET endpoints:

    • /v1/computer-prestages

    • /v1/device-enrollment

    • /v1/mobile-deivce-prestages

    • /v1/supervision-identities

For more information, see the Jamf Pro API documentation and the Jamf Pro Developer Portal.

Other Changes and Enhancements

  • You can now remove Jamf Parent management capabilities from a single student device.

  • When a computer has more than one drive, only the primary drive is displayed on the Disk Encryption payload.

  • The fixPermissions verb has been deprecated in the jamf binary.

  • The Wi-Fi MAC address is now sent as the secondary MAC address to Azure AD.

Further Considerations

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2019 Jamf. All rights reserved.