What's New

Compatibility with macOS 11

Jamf Pro 10.26.0 provides compatibility with macOS Big Sur 11. This includes compatibility for the following management workflows:

  • Enrollment and inventory reporting

  • Configuration profiles

  • App distribution

  • Self Service installation

  • Self Service launches and connections

  • App distribution via Self Service

  • Policies

  • Restricted Software

Compatibility and new feature support are based on testing with the latest Apple beta releases.

Note: The Jamf Pro 10.25.x release notes have been updated to include information about compatibility with macOS 11.

Apple Silicon Compatibility for the Jamf Management Framework

The Jamf management framework now supports Macs with Apple silicon*.

*Hardware support is based on testing with the Mac Developer Transition Kit.

Apple Silicon Compatibility Reference

The following table provides an overview of Apple silicon compatibility for Jamf applications and utilities as of version 10.26.0:

 

Native compatibility via universal macOS binary

Compatibility via Rosetta 2 translation environment

No compatibility (Intel-based Macs required)

Jamf management framework

x

 

 

Composer

x

 

 

Jamf Self Service for macOS

x

 

 

Jamf Admin

 

x

 

Jamf Remote

 

x

 

Recon

 

x

 

Jamf Pro Server Tools CLI

x

 

 

Jamf Pro Server Tools GUI

 

 

x

Jamf Pro installer for Mac (server)

 

 

x

SIS Importer plug-in

 

 

x

Configuration Profiles Redesign Project

Application and Custom Settings Payload for Computers

You can now configure Jamf applications (e.g., Jamf Connect) with an improved workflow, using the computer Application and Custom Settings payload. This workflow allows you to manage the configuration outside of Jamf Pro releases.

The following groups of settings are now accessible directly from the sidebar under the Application and Custom Settings payload:

  • Jamf Applications—You can now configure settings for Jamf application domains.

  • External Applications—You can now configure settings for applications other than Jamf applications (e.g., Outlook). In addition, you can choose the Jamf repository as the source of the configuration or use a custom schema.

  • Upload—You can now upload a predefined configuration PLIST file and use the Property List section to edit the content of the file.

In addition, validation messages are now more informative.

Important: When upgrading to Jamf Pro 10.26.0, any previously created configuration profiles that include the Application and Custom Settings payloads are automatically migrated. Use the Jamf Pro user interface to review the settings. The migrated configuration profiles are not automatically redistributed to the deployment targets.

Computer Configuration Profiles

The following table provides an overview of the computer configuration profile enhancements in this release, organized by payload:

Setting

Key Included in Payload

Requirement

Notes

App-To-Per-App VPN Mapping (Enhancements)

You can now support and specify any app for App-To-Per-App VPN mapping.

Identifier

Identifier

macOS 11 or later*

The bundle identifier of the app using the Per-App VPN

Helper Tool Match Rules

MatchTools

Specifies a group of Per-App VPN rules to only match the app’s spawned helper tool network traffic. For example, to match network traffic that the curl command generates when run from the Terminal app, add Terminal.app to the Application Mapping setting and set the Helper Tool Match Rules to a list that contains a Per-App VPN rule that matches the curl command-line tool.

If no Helper Tool Match Rules are specified, this Per-App VPN rule matches all network traffic that the matching app and its helper tools generate.

Designated Requirement

DesignatedRequirement

You can now specify the code signature designated requirement of the command-line tool using the Per-App VPN.

Signing Identifier

SigningIdentifier

You can now specify the code signature signing identifier of the command-line tool using the Per-App VPN.

System File Path

Path

You can now specify the file-system path of the command-line tool using the Per-App VPN.

Content Filter (New Payload)

You can now configure web content filters. For example, you can configure customized settings to connect and authenticate to third-party content filters.

Filter Name

UserDefinedName

macOS 10.15 or later

You can now configure the display name of the filter in the app and on the device.

Identifier

PluginBundleID

You can now configure the identifier for the filter plug-in.

Service Address

ServerAddress

You can now configure the IP address, hostname, or URL of the service.

Organization

Organization

You can now configure the organization for the filter plug-in.

User Name

UserName

You can now configure the user name for authenticating to the service.

Password

Password

You can now configure the password for authenticating to the service.

Certificate

PayloadCertificateUUID

You can now add the certificate for authenticating to the service.

Filter Order

FilterGrade

You can now specify the order in which the traffic is filtered. Filters with the grade of firewall see network traffic before filters with the grade of inspector.

Socket Filter

FilterSockets

When enabled, this setting allows for filtering socket traffic.

Socket Filter Bundle Identifier

FilterDataProviderBundleIdentifier

You can now configure the bundle identifier string of the socket filter provider system extension.

Socket Filter Designated Requirement

FilterDataProviderDesignatedRequirement

You can now configure the designated requirement of the socket filter provider system extension.

Network Filter

FilterPackets

When enabled, this setting allows for filtering network packets.

Network Filter Bundle Identifier

FilterPacketProviderBundleIdentifier

You can now configure the bundle identifier string of the network filter provider system extension.

Network Filter Designated Requirement

FilterPacketProviderDesignatedRequirement

You can now configure the designated requirement of the network filter provider system extension.

Custom Data

VendorConfig

You can now configure the custom configuration data for the filter plug-in.

*Feature support is based on testing with the latest Apple beta releases.

Computer Reporting Capabilities

In Jamf Pro 10.26.0, macOS 11 is reported in inventory as macOS version 11.x.x, which differs from the value reported in Jamf Pro 10.25.1 or earlier. This may impact workflows (e.g., scoping) that use smart groups that include operating system related criteria. To ensure these workflows are not broken, consider the following:

  1. In Jamf Pro, create a new group with the version 11.x.x as criteria.

  2. If this group is used for scoping, add both the new and old groups to the scope.

  3. As counts normalize in the new smart group, the old group can be removed.

Use a similar approach for other workflows that may be affected (e.g., searches).

User-Level Mobile Device Configuration Profile Enhancements

Jamf Pro now correctly redistributes user-level mobile device configuration profiles to users that currently have the profile installed. For profiles that were created using Jamf Pro 10.24.1-10.25.0, you must edit and re-save the profile to redistribute it to users.

Additional Remote Commands for Mobile Devices

Remote Command

Requirements

Notes

Available as a Mass Action

Set Shared iPad User Space (Enhancement)

  • iPadOS 13.4 or later

  • Supervised

  • Enrolled via a PreStage enrollment with Shared iPad enabled

As a mass action, the remote command was previously called "Set Storage Quota Size" and only allowed you to set the storage quota size for devices.

As an alternative to configuring the storage quota size for users, you can now configure the maximum number of users that can be stored locally for each iPad using the Number of Users option. You can specify up to 99 users.

images/download/thumbnails/81924427/checkmark.png

Only available as a mass action.

Mobile Device Apps Enhancement

Enable Direct Downloads

You can now ensure direct downloads for the app are only downloaded from the specified associated domains. To use this feature, you must enable direct downloads and enter one or more associated domains in the Associated Domains field. Enabling direct downloads allows you to download data from an app through the associated domains instead of through the content delivery network (CDN). This can enhance app performance.

To access this feature in Jamf Pro, navigate to Devices > Mobile Device Apps and click the General tab of an app.

Shared iPad User Enhancements

Shared iPad User Status Check

You can now perform a status check for Shared iPad users. Jamf Pro displays a timestamp and allows you to refresh the status.

To access this feature, navigate to the Shared iPad Users category in the device's inventory information. The "Last Status Check" information displays above the list of users. To update the status, click the refresh button next to the Last Status Check timestamp.

Shared iPad User Space Enhancements

You can now send the "Set Shared iPad User Space" (previously called "Set Storage Quota Size") remote command as a mass action to configure the number of users for Shared iPad as an alternative to setting the storage quota size for each user on the device. This allows you to configure the maximum number of users that can be stored locally on the iPads. You can specify up to 99 users per iPad. Previously, the only way to configure the maximum number of user accounts was during enrollment using a Mobile Device PreStage enrollment.

This enhancement is only available as a mass action and applies to devices with iPadOS 13.4 or later that have Shared iPad enabled. This command overwrites existing user space settings for Shared iPad.

To access this enhancement, view device group memberships or device search results and click Action > Send Remote Commands > Next > Set Shared iPad User Space.

Log Flushing Enhancements

The following options have been added to the Log Flushing system settings:

  • User and Location History—Allows you to flush the logs for user and location history

  • User Reports—Allows you to flush the logs for user reports

By default, User and Location History and User Reports logs that are older than three months will be automatically flushed.

Important: If you are upgrading to Jamf Pro 10.26.0 and do not want the pre-existing User Reports and User and Location History logs older than three months to be automatically flushed, change the Flush Logs Older Than settings on the Log Flushing page immediately after upgrading.

To access these features, navigate to Settings > System Settings > Log Flushing. For more information, see Flushing Logs in the Jamf Pro Administrator's Guide.

MDM Profile Settings History

You can now view history information for the MDM Profile Settings page. To access this feature, navigate to Settings > Global Management > MDM Profile Settings > History. For more information, see "Viewing the History of a Jamf Pro Object" on the Jamf Pro Objects page in the Jamf Pro Administrator's Guide.

Venafi Integration Enhancements

The following enhancements have been made to the Venafi settings page that is available when you have Venafi TPP configured as a PKI certificate authority:

  • Automatic connection testing—The workflow for testing the connection between Jamf Pro and Venafi TPP has been changed. The manual Test button has been removed. The connection is automatically tested when you do any of the following:

    • Navigate to the page from a different page

    • Leave editing the page by clicking Save or Cancel

    • Refresh the read-only page

    Information banners will display the status of the connection test at the top of the page.

  • Token-based authentication—A future version of Venafi TPP will require token-based authentication instead of username/password authentication. Token-based authentication fields have been added to the "Venafi Trust Protection Platform Credentials" section of the Venafi settings page. You can select the authentication method that is appropriate for the version of Venafi TPP you are using.

  • History—You can now view history information for the Venafi settings page. For more information, see "Viewing the History of a Jamf Pro Object" on the Jamf Pro Objects page in the Jamf Pro Administrator's Guide.

For more information, see the Integrating with Venafi Using Jamf Pro technical paper.

Set Preferences for Alerts for Unsaved Changes

You can now set your preferences for alerts for unsaved changes. To view the new Enable alerts for unsaved changes setting, navigate to Account Preferences > Interface Preferences. This setting is also now preserved when switching browsers or clearing cookies.

Apple Push Notification Service (APNs) HTTP/2 Protocol Enhancements

Jamf Pro now limits excessive Apple Push Notification service (APNs) HTTP/2 communication when sending the APNs push may fail due to an identified error (e.g., when the push certificate in Jamf Pro expired or the APNs is unreachable). This is intended to prevent performance issues.

Other Changes and Enhancements

  • Clicking Continue on the session expiration alert no longer refreshes the page. This allows unsaved changes on the page to be preserved when extending the session.

  • The Notification tab in Self Service for macOS now includes a Mark All As Read button.

  • "Individual Recovery Key" has been renamed to "Personal Recovery Key" in computer configuration profiles and inventory information.

  • Credential use mode and TLS for LDAP settings have been removed from the mobile device Single Sign-On Extensions payload.

  • The performance of the Remove All feature for Shared iPad has been improved.

  • The Jamf Parent and Jamf Teacher apps are now located in the new Jamf Applications section in Settings.

Jamf Pro API Changes and Enhancements

The Jamf Pro API is open for user testing. The base URL for the Jamf Pro API is /api. You can now access documentation for both the Jamf Pro API and the Classic API from the new API landing page. To access the landing page, append "/api" to your Jamf Pro URL. For example: https://jss.instancename.com:8443/api

The following endpoints were added:

  • GET /preview/device-communication-settings/history

  • POST /preview/device-communication-settings/history

  • POST /preview/mdm/renew-profile

  • POST /v1/cloud-azure

  • GET /v1/cloud-azure/defaults/mappings

  • GET /v1/cloud-azure/defaults/server-configuration

  • GET /v1/cloud-azure/{id}

  • PUT /v1/cloud-azure/{id}

  • DELETE /v1/cloud-azure/{id}

  • GET /v1/cloud-idp

  • GET /v1/cloud-idp/{id}/history

  • POST /v1/cloud-idp/{id}/history

  • POST /v1/cloud-idp/{id}/test-group

  • POST /v1/cloud-idp/{id}/test-user

  • POST /v1/cloud-idp/{id}/test-user-membership

  • POST /v1/deploy-package

  • GET /v1/pki/venafi/{id}/history

  • POST /v1/pki/venafi/{id}/history

  • POST /v2/cloud-ldaps

  • GET /v2/cloud-ldaps/defaults/{provider}/mappings

  • GET /v2/cloud-ldaps/defaults/{provider}/server-configuration

  • GET /v2/cloud-ldaps/{id}

  • PUT /v2/cloud-ldaps/{id}

  • DELETE /v2/cloud-ldaps/{id}

  • GET /v2/cloud-ldaps/{id}/connection/bind

  • GET /v2/cloud-ldaps/{id}/connection/search

  • GET /v2/cloud-ldaps/{id}/mappings

  • PUT /v2/cloud-ldaps/{id}/mappings

The following endpoints were deprecated:

  • GET /v1/cloud-ldaps

  • POST /v1/cloud-ldaps

  • GET /v1/cloud-ldaps/defaults/mappings

  • GET /v1/cloud-ldaps/defaults/server-configuration

  • GET /v1/cloud-ldaps/{id}

  • PUT /v1/cloud-ldaps/{id}

  • DELETE /v1/cloud-ldaps/{id}

  • GET /v1/cloud-ldaps/{id}/connection/bind

  • GET /v1/cloud-ldaps/{id}/connection/search

  • GET /v1/cloud-ldaps/{id}/history

  • POST /v1/cloud-ldaps/{id}/history

  • GET /v1/cloud-ldaps/{id}/mappings

  • PUT /v1/cloud-ldaps/{id}/mappings

  • POST /v1/cloud-ldaps/{id}/test-group

  • POST /v1/cloud-ldaps/{id}/test-user

  • POST /v1/cloud-ldaps/{id}/test-user-membership

The following endpoint was removed: POST /preview/mdm/renew-profile/{udid}

The following change was made: The time zone on a device with iOS 14 or later can be updated using PATCH /v2/mobile-devices/{id}

For more information on these changes, see the Jamf Pro API documentation.

Further Considerations

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2020 Jamf. All rights reserved.