Customize Applications Using Computer Configuration Profiles
You can now customize applications using the Applications & Custom Settings (previously called "Custom Settings") payload in a computer configuration profile in Jamf Pro. You can use the settings in the payload to customize applications such as Jamf Connect and Microsoft Office.
For more information about the settings you can configure in the Applications & Custom Settings payload, see the Configuration Profile Payload Settings Specific to Jamf Pro Knowledge Base article.
The Jamf Connect applications (Login, Sync, and Verify) are available as preference domains.
The ability to use Jamf Pro to define the properties of an app is additional functionality to the previously existing ability to manually create and upload a PLIST file directly to Jamf Pro. You can still manually create and upload a PLIST file.
Support for Bootstrap Token Functionality
Jamf Pro can now automatically escrow Bootstrap Tokens sent by computers with macOS 10.15 or later enrolled using a PreStage enrollment that has been configured with the local user account on the computer as the administrator. Bootstrap Token eliminates the need to request additional authentication information when a network user logs in to a computer with a mobile account and the account does not have a SecureToken associated with it.
After the Bootstrap Token is escrowed, it is requested from Jamf Pro each time an eligible mobile account logs in to a computer. The computer then automatically generates a SecureToken for the mobile account. After the user is issued a SecureToken, their account can be used for macOS services that require cryptographic privileges, such as FileVault authentication.
In addition, if a PreStage enrollment is configured to create an additional local administrator account during enrollment in the Account Settings payload of the PreStage, that account is also eligible to receive the Bootstrap Token when it logs in to a computer.
For more information about Bootstrap Token Functionality, see the following article from Apple's support website:
Using Bootstrap Token
Cloud Connector for Microsoft Intune Integration
The Cloud Connector simplifies the process of connecting Jamf Pro and Microsoft Intune. Using the Cloud Connector, many of the steps to configure the integration are automated, including creating the Jamf Pro application in Microsoft Intune. In addition, the Cloud Connector enables you to connect multiple Jamf Pro instances to a single Azure AD tenant.
To use the Cloud Connector, your environment must be hosted in Jamf Cloud.
For more information, see the Integrating with Microsoft Intune to Enforce Compliance on Mac Computer Managed by Jamf Pro technical paper.
Enrollment Customization Enhancements
The following features and enhancements have been added to the Enrollment Customization settings:
Enrollment Access for LDAP Groups—You can now choose to restrict enrollment access to only a select LDAP group or groups when you configure an LDAP Authentication PreStage Pane. Only the selected LDAP group is allowed to enroll their devices using the PreStage enrollment that the Enrollment Customization configuration is added to. You can add as many LDAP groups that your environment requires.
Support for Mapping Identity Provider Attributes to Jamf Connect Credentials—If your environment uses Jamf Connect, you can now map the Account Name (the username that was used to authenticate with your Identity Provider) and the Account Full Name (the full name of the user) to fields that your IdP uses to define these attributes.
Configuration Profiles Redesign Project
Single Sign-On Extensions Payload for Computers and Mobile Devices
Jamf Pro 10.18.0 introduces the next iteration of the Configuration Profiles Redesign Project.
The Single Sign-On Extensions payload allows you to add multiple payloads of this type to a computer or mobile device configuration profile.
Use the Add button to configure one or more payloads. To remove all Single Sign-On Extensions settings from a configuration profile, use the Clear All button.
For detailed information about each Single Sign-On Extensions payload setting, see Apple’s documentation at https://developer.apple.com/documentation/devicemanagement/extensiblesinglesignon
Jamf Pro continues to separate the settings between computers and devices. To access the settings, navigate to: Computers > Configuration Profiles or Mobile Devices > Configuration Profiles.
Important: When upgrading Jamf Pro, any previously created configuration profiles that include Single Sign-On Extensions payload settings are automatically migrated. Use the Jamf Pro user interface to review the profile settings. The migrated configuration profiles are not redistributed to computers or devices.
Jamf Self Service for iOS Changes
Support for crash reporting and data collection has been removed from Self Service 10.10.2. If you are using Self Service 10.10.1, you can use the instructions in the following Knowledge Base article to limit or disable crash reporting and data collection: Limiting or Disabling Crash Reporting and Data Collection for Jamf Self Service for iOS.
Self Service 10.10.2 will be available in the App Store when it is approved by Apple.
Enhancements to Computer Application Data Retention
Starting in Jamf Pro 10.18.0, the method in which the database gathers and stores computer inventory data has been improved, resulting in the following enhancements:
Advanced computer search results and smart computer group calculations are more performant.
The size of the applications table in the MySQL database has been drastically reduced, retaining only data on each computer's currently installed apps.
A new applications_history table has been added, which tracks when apps are added or removed from computers in an efficient manner.
Jamf Pro 10.18.0 includes a new version of Composer, which includes the following changes:
Composer now installs a privileged helper tool when first opened, which runs all Composer tasks that require root access.
You can no longer upload package manifests directly to Jamf Nation using Composer.
For more information, see the Release History page in the Composer User Guide.
Start TLS Secure Communication for Cloud Identity Provider Connections
In addition to the default LDAP over SSL connection type, you can now select Start TLS when configuring the Cloud Identity Provider instance in Jamf Pro. This allows for the use of a TLS channel to encrypt data transmission. When you choose the Start TLS connection type, the port number for the secure LDAP server connection automatically changes to 389.
Jamf Pro Server Tools 2.7.1
The following enhancements are included in Jamf Pro Server Tools 2.7.1, which is installed with Jamf Pro 10.18.0:
The time and day selections on the Scheduled Backups pane of the Jamf Pro Server Tools GUI now persist when the GUI is closed and reopened.
Jamf Pro Server Tools will send backup notifications to Jamf Pro, and users that have elected to receive database backup notifications will be notified by email from Jamf Pro.
Scheduled backups now work when spaces or escape characters are included in file paths.
Jamf Pro API Changes and Enhancements
The Jamf Pro API beta is open for user testing. The base URL for the Jamf Pro API is /uapi. To access the Jamf Pro API documentation, append "/uapi/doc" to your Jamf Pro URL. For example: https://jss.instancename.com:8443/uapi/doc
Note: As the Jamf Pro API continues to be developed, changes will be made in future releases that may impact or break functionality. We strongly encourage that you test existing workflows using the Jamf Pro API before upgrading your production environment.
The following endpoints were added:
The following endpoint was removed:
For more information, see the Jamf Pro API documentation and the Jamf Pro Developer Portal.
Other Changes and Enhancements
The new $JPS_URL variable can be used to replace the Jamf Pro URL in managed app configurations.
Feature requests implemented in this release can be viewed at:
Privileges associated with new features in Jamf Pro are disabled by default.
It is recommended that you clear your browser's cache after upgrading Jamf Pro to ensure that the Jamf Pro interface displays correctly.