What's New

Policy Deferral Limit Enhancement

You can now allow users to defer a policy for a specified number of days after they are first prompted by the policy. To defer a policy for a specified number of days, navigate to the User Interaction tab of a policy and select "Duration" from the Deferral Type pop-up menu. Enter the number of days to defer the policy after the user first views the policy in the Duration field. When the policy initially attempts to run, the user is prompted to run the policy now or defer it. Once the policy reaches the deferral duration limit, it runs.

Configuration Profiles Redesign Project

Jamf Pro 10.21.0 includes these refactored payloads:

  • Passcode for computers and mobile devices

  • Single Sign-On Extensions for computers and mobile devices

  • Lock Screen Message for mobile devices

The following enhancements are introduced:

  • In the Passcode payload for computers and mobile devices, these dependencies are updated:

    • Complex Passcode, Alphanumeric Value, Minimum Passcode Length, and Minimum Number of Complex Characters automatically enable the Require Passcode setting.

    • Disabling Require Passcode also disables all dependent fields.

  • Switches that enable the setting configuration are now aligned under the "Send" header. This emphasizes the approach that only the configured non-required settings in a payload are sent to devices in scope.

  • Checkboxes for the setting controls are replaced with descriptive action buttons.

  • Improved error validation.

  • Modern dark-mode ready navigation icons.

    Important: When upgrading Jamf Pro, any previously created configuration profiles that include the refactored payloads are automatically migrated. Use the Jamf Pro user interface to review the settings. The migrated configuration profiles are not redistributed to computers or mobile devices.

Mobile Device Configuration Profiles

The following table provides an overview of the mobile device configuration profile enhancements in this release, organized by payload:


Key Included in Payload

OS Requirement


AirPrint Payload (Enhancements)



iOS 11 or later

You can now enter a Port number for the AirPrint destination.


Force TLS

You can now choose whether or not to secure AirPrint connections using TLS.

Additional Reporting Capabilities for Computers

The attributes below are now displayed in a computer’s inventory information in Jamf Pro, organized by category of information:

Inventory Attribute

Value Returned in Inventory Information

Smart Group/Advanced Search Criteria

Content Caching Category (Enhancements)


Cache Limit
Class Name
Path Preventing Access
Post Date
Reserved Volume Space

You can now collect additional content caching information for computers with macOS 10.15.4 or later.

For more information about the values returned, see this developer documentation from Apple.


Cache Details


Data Migration Error

User Information



Alert: Address
Alert: Name
Alert: Post Date
Details: AC Power
Details: Cache Size
Capabilities: Import and Upload
Capabilities: Namespace Handling
Capabilities: Personal Content
Capabilities: Query Parameters
Capabilities: Shared Content
Capabilities: Import and Upload Prioritization
Details: Is Portable
Local Network: Speed
Local Network: Wired


Done Button Renamed to Back

To improve clarity, the button under the breadcrumbs that navigates to the parent page has been renamed from Done to Back.


External Patch Sources Security Enhancements

If your environment uses an external patch source, you can now use Jamf Pro to ensure that the software title definitions are signed by a publicly trusted certificate before the definition is downloaded from the server. This prevents potentially malicious software titles from being distributed in your environment.

To learn about the endpoints required by Jamf Pro to host an external patch source in your environment, see the Jamf Pro External Patch Source Endpoints Knowledge Base article.

To access this feature, navigate to Settings > Computer Management > Patch Management.

Expiring Jamf Pro JSS Built-In Certificate Authority (CA) Notification

When the Jamf Pro JSS Built-In Certificate Authority (CA) is set to expire in 180 days or less, users will be notified in the Jamf Pro Notifications area and by email about the expiration date:

  • Dashboard notifications will be triggered 90 days before the certification expiration date and repeated periodically.

  • Email notifications will be triggered 180 days before the certificate expiration date and repeated periodically. Email notifications are sent only to users with the PKI privileges granted.

    Note: For email notifications to work correctly, an SMTP server must be configured in Jamf Pro and an email address must be associated with the Jamf Pro user.

Jamf Self Service 10.10.2 Now Available in the App Store

Support for crash reporting and data collection has been removed from Self Service 10.10.2. If you are using Self Service 10.10.1, you can use the instructions in the following Knowledge Base article to limit or disable crash reporting and data collection: Limiting or Disabling Crash Reporting and Data Collection for Jamf Self Service for iOS .

Jamf Pro API Changes and Enhancements

The Jamf Pro API beta is open for user testing. The base URL for the Jamf Pro API is /uapi. To access the Jamf Pro API documentation, append "/uapi/doc" to your Jamf Pro URL. For example: https://jss.instancename.com:8443/uapi/doc

Note: As the Jamf Pro API continues to be developed, changes will be made in future releases that may impact or break functionality. We strongly encourage that you test existing workflows using the Jamf Pro API before upgrading your production environment.

The following enhancements were made:

  • You can now use the /users endpoint to retrieve information about which static and smart user groups a user belongs to.

  • Responses for requests that create a resource now include a Location header and a href field in the response body.

  • The following endpoints now support filtered queries:

    • /v1/buildings/

    • /v1/categories/

    • /v1/departments/

The following endpoints were added:

  • POST /v1/advanced-mobile-device-searches/delete-multiple

  • POST /v1/buildings/delete-multiple

  • POST /v1/categories/delete-multiple

  • GET /v1/inventory-information

  • GET /v1/sso

  • PUT /v1/sso

  • GET /v1/sso/cert

  • PUT /v1/sso/cert

  • POST /v1/sso/cert

  • DELETE /v1/sso/cert

  • GET /v1/sso/cert/download

  • POST /v1/sso/cert/parse

  • GET /v1/sso/dependencies

  • POST /v1/sso/disable

  • GET /v1/sso/history

  • POST /v1/sso/history

  • GET /v1/sso/metadata/download

The following endpoints were removed:

  • GET /preview/engage/account-configuration

  • GET /preview/inventory-information

  • GET /settings/sso/cert

  • PUT /settings/sso/cert

  • POST /settings/sso/cert

  • DELETE /settings/sso/cert

  • GET /settings/sso/cert/download

  • GET /settings/sso/v1

  • PUT /settings/sso/v1

  • GET /settings/sso/v1/cert

  • PUT /settings/sso/v1/cert

  • POST /settings/sso/v1/cert

  • DELETE /settings/sso/v1/cert

  • GET /settings/sso/v1/cert/download

  • POST /settings/sso/v1/cert/parse

  • POST /settings/sso/v1/disable

  • GET /settings/sso/v1/history

  • POST /settings/sso/v1/history

  • GET /settings/sso/v1/metadata/download

  • DELETE /v1/advanced-mobile-device-searches

  • DELETE /v1/buildings

  • DELETE /v1/categories

The following changes were made:

  • Changes were made to the following endpoints that may break compatibility with clients:

    • /preview/engage/account-configuration has been changed to /v1/engage/account-configuration

    • /preview/inventory-information has been changed to /v1/inventory-information

  • Fixed an issue where endpoints were documented as returning a single source, but returned arrays instead.

  • The data type for Jamf Pro-generated IDs for resources has been changed from integer to string.

  • Endpoints with the following tags have been updated to provide a more consistent user experience:

    • Ebooks

    • Advanced Mobile Device Searches

    • Advanced User Content Searches

    • Cache Settings

    • Categories

For more information on these changes, see the Jamf Pro API documentation.

Other Changes and Enhancements

  • Jamf Remote no longer attempts to install or update the jamf binary on remotely connected client computers.

  • The button that removes all computers or mobile devices from the scope of a PreStage enrollment has been renamed from Unselect All to Deselect All.

Further Considerations

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2020 Jamf. All rights reserved.