What's New

Correction—Updated 18 February 2020

The following corrections have been made since the original publishing of these release notes:

  • The RSQL filtering feature for the Jamf Pro API was incorrectly announced as available in this release of Jamf Pro. It will be available in an upcoming release of Jamf Pro.

  • Added additional information about changes and removals in the Jamf Pro API.

Java 11 Required for Jamf Infrastructure Manager 2.1.0

Starting with Infrastructure Manager 2.1.0, Java 11 is required for Infrastructure Manager server environments. Before installing Infrastructure Manager 2.1.0 for your LDAP Proxy or Healthcare Listener environment, you must migrate to one of the following distributions of Java 11:

  • OpenJDK 11 (recommended)

  • Oracle Java 11 (minimum)

For more information, see the Migrating to Java 11 Knowledge Base article. See Installing a Jamf Infrastructure Manager Instance in the Jamf Infrastructure Manager Installation Guide for additional information to consider before installing version 2.1.0.

Single Sign-On Integration with Azure

You can now add Microsoft Azure as a SAML 2.0 provider when configuring Single Sign-On in Jamf Pro. To access this feature, navigate to Settings > System Settings > Single Sign-On. In the editing mode, select “Azure” from the Identity Provider pop-up menu.

It is recommended to use the Disable SAML token expiration option to limit logging issues resulting from the expired tokens.

For information about integrating Microsoft Azure with Jamf Pro, see the Azure Active Directory SSO integration with Jamf Pro tutorial from Microsoft.

Cloud Identity Provider Attribute Mappings

You can now configure attribute mappings for your Google Cloud Identity instance in the Jamf Pro user interface directly.

To access this feature, navigate to Settings > System Settings > Cloud Identity Providers > Your secure LDAP service instance and click Mappings. Jamf Pro automatically displays the default values. When you change the mappings and your configuration does not work properly, use the Apply Defaults button to revert your changes to the Jamf Pro default values.

The Search Base is added automatically when you correctly configured the domain name on the Server Configuration tab. You can limit the search base by adding an organization unit. This should reflect the hierarchical structure of your directory. For example, ou=Sales, ou=Users, dc=example, dc=com will limit the search base only to the users in the Sales organizational unit of your directory tree. Non-defined values for the organizational units should not be used.

Jamf Pro allows you to test the following attribute mappings:

  • User mappings

  • User group mappings

  • User group membership mappings

Important: When upgrading Jamf Pro, any previously created Cloud Identity Provider instances are automatically migrated and the Jamf Pro default values are applied. This may affect your configuration. Use the Jamf Pro user interface to review the settings.

Configuration Profiles Redesign Project

Jamf Pro 10.19.0 introduces Lock Screen Message for Mobile Devices as the next redesigned payload.

Due to Apple's deprecation of the IfLostReturnToMessage key for iOS 9.3.1 or later, Jamf Pro sends it to devices in scope together with the current LockScreenFootnote key. The operating system manages the "If lost, return to..." message setting on the device level.

For detailed information about each Lock Screen Message payload setting, see Apple’s documentation at https://developer.apple.com/documentation/devicemanagement/lockscreenmessage

Important: When upgrading Jamf Pro, any previously created configuration profiles that include the Lock Screen Message payload settings are automatically migrated. Use the Jamf Pro user interface to review the settings. The migrated configuration profiles are not redistributed to devices.

Enrollment Customization Enhancements

You can now apply a title to a Text PreStage Pane and an LDAP Authentication PreStage Pane. This allows you to display a title to users on the screen that displays your custom text and the LDAP login screen.

Additional Activation Lock Functionality

You can now allow end users to enable Activation Lock on their own mobile device if the device is currently enrolled with Jamf Pro by sending a remote command. When the command is sent to the device, Activation Lock becomes enabled when the user turns on the Find My feature.

In addition, Jamf Pro no longer attempts to collect the Activation Lock bypass code during every inventory, resulting in improved performance.

Automatically Install a Jamf Notifications Profile

You can now automatically install a Jamf Notifications profile that allows notifications from the Jamf management framework and Jamf Self Service for macOS. This enables notifications to automatically be allowed on computers. This setting is enabled by default.

To access this feature, navigate to Settings > Computer Management - Management Framework > Security.

Computer PreStage Enrollment Enhancements

The following features and functionality changes have been added to Computer PreStage Enrollments:

  • Additional Functionality for Enrollment Packages—You can now distribute multiple packages to computers with macOS 10.14.4 or later during enrollment using the Enrollment Packages payload. You can use an interface similar to the Policies interface in Jamf Pro, allowing you to select multiple packages.
    In addition, you can now use any distribution point as the distribution point for hosting packages distributed with the PreStage enrollment. This allows you to use your environment's internal hosting solution. To use a distribution point other than a cloud distribution point, the distribution point must use HTTPS and cannot use any authentication.

  • Management Account Information Changes—The Management Account information that is configured in the User-Initiated Enrollment settings is no longer included in the Account Settings payload. As a result, the local administrator account created using the Create an additional local administrator account setting in the Account Settings payload is now the only account that you can configure that is created and presented to the user before the Setup Assistant.

    Note: If your environment uses the Management Account information from the User-Initiated Enrollment settings, that account information is now displayed in the Create a local administrator account before the Setup Assistant settings. This is now editable and can be modified to fit your environment.

  • User Variable Support for LDAP Attributes—If your environment has an LDAP server set up, you can now enter user variables in the Account Full Name and Account Name fields when configuring the Pre-Fill Primary Account settings in the Account Settings payload. This allows the user variables to populate with the value for the LDAP attribute during the account creation screen in the Setup Assistant.

    Note: If a blank value is returned for the user variable, locking primary account information is ignored. Users can edit the account fields during account creation in the Setup Assistant.

Additional Customization for Applications in Computer Configuration Profiles

You can now customize your own JSON schema in the Applications & Custom Settings payload of a computer configuration profile. This additional functionality allows you to enter a JSON schema for an application that is not currently provided by Jamf Pro. After entering the JSON schema, you can use the settings dynamically provided in the Jamf Pro interface to further customize your application.

Jamf Pro Interface Restyling

To improve accessibility, some elements of the Jamf Pro interface have been restyled. This includes breadcrumbs, checkboxes, buttons, labels, spinners, and text input fields. Some fonts and colors have been also been changed to increase contrast.

Additional Bootstrap Token Support

Jamf Pro now allows computers with macOS 10.15 or later that were initially enrolled with Jamf Pro 10.18 or earlier to have Bootstrap Tokens manually escrowed. For more information, see the Manually Leveraging Apple's Bootstrap Token Functionality Knowledge Base article.

Jamf Pro API Changes and Enhancements

The Jamf Pro API beta is open for user testing. The base URL for the Jamf Pro API is /uapi. To access the Jamf Pro API documentation, append "/uapi/doc" to your Jamf Pro URL. For example: https://jss.instancename.com:8443/uapi/doc

Note: As the Jamf Pro API continues to be developed, changes will be made in future releases that may impact or break functionality. We strongly encourage that you test existing workflows using the Jamf Pro API before upgrading your production environment.

The following endpoints were added:

  • /v1/jamf-pro-version

  • /v1/mobile-device-enrollment-profile/{id}/download-profile

The following changes and enhancements were made:

  • Added default and example values to many objects

  • Updated many object names to follow a consistent naming scheme

  • Labeled required fields in each endpoint

  • Added summaries and descriptions to all endpoints

  • Removed most previously deprecated endpoints

  • Added ‘properties’, ‘buttonColor’, ‘buttonTextColor’, ‘backgroundColor’, and ‘iconUrl’ to EnrollmentSettings object used by the following endpoints:

    • GET /v1/enrollment-customization/{id}

    • PUT /v1/enrollment-customization/{id}

    • GET /v1/enrollment-customization

    • POST /v1/enrollment-customization

The following endpoints were removed:

  • GET /settings/obj/category

  • POST /settings/obj/category

  • GET /settings/obj/category/{id}

  • PUT /settings/obj/category/{id}

  • DELETE /settings/obj/category/{id}

  • POST /settings/obj/category/deleteCategories

  • GET /settings/obj/category/{id}/history

  • POST /settings/obj/category/{id}/history/notes

  • POST /settings/obj/category/searchCategories

  • / (base path)

Version 2 of the following endpoints was removed:

  • GET /v2/categories

  • POST /v2/categories

  • DELETE /v2/categories

  • GET /v2/categories/{id}

  • PUT /v2/categories/{id}

  • DELETE /v2/categories/{id}

  • GET /v2/categories/{id}/history

  • POST /v2/categories/{id}/history

Version 1 of these endpoints has been upgraded and should be used going forward (for example, GET /v1/categories).

Package Building and Conversion Process Improvements with Composer

You can now stop package builds and source conversions mid-process by clicking the Stop button. This allows you to make changes to a package source immediately rather than waiting for the process to complete. You can stop the following processes:

  • Building a PKG or DMG

  • Converting a PKG or DMG to source

For more information about changes to Composer, see the Release History page in the Composer User Guide.

Further Considerations

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2020 Jamf. All rights reserved.