What's New

Correction—Updated 26 March 2021

“Jamf Cloud Distribution Service (JCDS) 1.4.2 Enhancements” was incorrectly announced as available in this release of Jamf Pro. It will be available in an upcoming release of Jamf Pro.

Compatibility with macOS, iOS, iPadOS, and tvOS

Jamf Pro now provides compatibility for the following:

  • macOS 11.3

  • iOS 14.5

  • iPadOS 14.5

  • tvOS 14.5

This includes compatibility for the following management workflows:

  • Enrollment and inventory reporting

  • Configuration profiles

  • App distribution

  • Self Service installation

  • Self Service launches and connections

  • App distribution via Self Service

  • Policies

  • Restricted software

Compatibility and new feature support are based on testing with the latest Apple beta releases.

Apple Push Notification Service (APNs) HTTP/2 Communication Protocol

As announced in the Apple Push Notification Service Update, Apple will no longer support the legacy binary protocol for Apple Push Notification service (APNs) connections. To address this change, beginning with Jamf Pro 10.28.0, HTTP/2 is the default protocol for connections to APNs.

Note: If your environment is hosted on-premise and you want to continue to use the binary protocol, you must change the MDM Push Notification Certificate settings. Navigate to Settings > Global Management > Push Certificates and click "MDM Push Notification Certificate". Click Edit and select "Binary" for the protocol in the connection settings.

For related information, see the following documentation from Apple:

Jamf Protect Deployment Enhancement

You can now automatically deploy the Jamf Protect package to computers in the scope of a plan configuration profile. This allows you to skip the manual process of downloading and uploading the Jamf Protect package and using a policy to deploy it.

To use this deployment method, you need the following:

  • A Jamf Protect subscription

  • One or more plans in Jamf Protect

  • Registration of your Jamf Protect tenant in Jamf Pro

To enable this feature, navigate to Settings > Jamf Applications > Jamf Protect and select the Automatically deploy the Jamf Protect PKG with plans checkbox.

For more information, see the Deploying Jamf Platform Products Using Jamf Pro to Connect, Manage, and Protect Mac Computers technical paper.

Additional Reporting Capabilities for Computers

You can create a smart computer group or an advanced search based on the following criteria:

Inventory Attribute


Values Returned in Inventory Information

Smart Group/Advanced Search Values

Supports iOS and iPadOS App Installations


Jamf Pro displays the following values for the "Supports iOS and iPadOS App Installations" inventory attribute:

  • Yes

  • No

You can use the following values when creating a smart group or advanced search based on the "Supports iOS and iPadOS App Installations" criteria:

  • Yes

  • No

Availability of the RestartDevice MDM Command via the Jamf Pro API

You can now use the RestartDevice MDM command to immediately restart computers in your environment. This command is available using the Jamf Pro API.

When combined with configuration profiles in Jamf Pro, this command includes the functionality to manage required legacy kernel extensions in macOS 11. You can also enable a macOS notification that requests users to restart the computer at their convenience.

For more information, see the Manage Legacy Kernel Extensions in macOS 11 Using Jamf Pro Knowledge Base article.

Mobile Device Configuration Profiles

The following table provides an overview of the mobile device configuration profile enhancements in this release, organized by payload:


Key Included in Payload



Restrictions (Enhancements)

Apple Personalized Advertising


iOS 14 or later

You can now restrict Apple personalized advertising.

Near Field Communication (NFC)


iOS 14.2 or later


You can now restrict Near Field Communication (NFC).

Additional Remote Commands for Mobile Devices

The following remote commands for mobile devices have been added to Jamf Pro:

Remote Command



Available as a Mass Action

Set Shared iPad User Space (Enhancement)

  • iPadOS 13.4 or later

  • Supervised

  • Enrolled via a PreStage enrollment with Shared iPad enabled

Remote command was previously called "Set Storage Quota Size" and only allowed you to set the storage quota size for devices.

As an alternative to configuring the storage quota size for users, you can now configure the maximum number of users that can be stored locally for each iPad using the Number of Users option. You can specify up to 99 users.


Additional Reporting Capabilities for Mobile Devices

You can create a smart mobile device group or an advanced search based on the following criteria:

Criteria Name


Value Returned in Inventory Information

Smart Group/Advanced Search Criteria

Compliance Status

Collected for mobile devices registered with Azure AD

This criteria does not display a value in the inventory information for a mobile device.

You can use the following values when creating a smart group or advanced search based on the "Compliance Status" criteria:

  • Compliant

  • Not Available

  • Not Compliant

Registration Status

Collected for mobile devices registered with Azure AD

This criteria does not display a value in the inventory information for a mobile device.

You can use the following values when creating a smart group or advanced search based on the "Registration Status" criteria:

  • Not Registered

  • Registered

Transitive Groups for Azure Single Sign-On and Cloud Identity Provider

When single sign-on (SSO) with Azure is configured in Jamf Pro, you can now enforce transitive membership in the user and group directory lookups when Azure is added as a cloud identity provider. This ensures that all Azure groups that a group is a member of are included in a directory lookup. There is no need to run recursive queries to list groups for which a user is a member.

The term "transitive" is used by Microsoft to describe relationships in Active Directory. For more information, see Glossary in the Active Directory Technical Specification from Microsoft.

Important: Including transitive membership in lookups may affect Jamf Pro privileges granted for the user account or group. Jamf Pro combines the privileges added for each group the account is a member of.

To access this feature, navigate to Settings > System Settings > Cloud Identity Providers and click the Azure instance you want to edit. Click Edit and select the Transitive groups for SSO checkbox.

Note: The transitive groups for Azure single sign-on and cloud identity provider feature is not enabled by default.

Server Name for LDAP Users or Groups

When adding a new LDAP user or group in Jamf Pro, you can now see which directory server configured in Jamf Pro the user or group originates from. The new Server column now displays in the Add LDAP User or Group table in the Add LDAP Account and Add LDAP Group assistants.

Active Directory Certificate Services (AD CS) Enhancements

Jamf Pro 10.28.0 includes performance enhancements that allow for a larger volume of certificate requests. In addition, the default frequency for the renewal monitor has been changed from 24 hours to 6 hours.

Deleting a DigiCert Certificate Authority

You can now delete DigiCert certificate authorities (CA) from Jamf Pro. To access this feature, navigate to Settings > Global Management > PKI Certificates, click View on the DigiCert CA that you want to delete, and then click Delete images/download/thumbnails/80748262/trash.png at the bottom of the page.

For more information, see the Integrating with DigiCert Using Jamf Pro technical paper.

Self Service for macOS Branding Enhancement

The main header space in the Self Service for macOS navigation bar has been increased and now adjusts to two lines to support longer organization names. This change was made in response to community feedback and is part of a larger redesign project. Future releases will continue to iterate on the redesign of Self Service for macOS.


New URL Scheme for Self Service for iOS

If you have the Microsoft Endpoint Manager integration enabled, you can now direct your users to the Register with Microsoft item in Self Service 10.10.5 or later using the following URL scheme:


Note: Self Service 10.10.5 will be available in the App Store when it is approved by Apple.

Volume Purchasing Debug Mode

You can now enable debug mode logging for Volume Purchasing in Jamf Pro. This allows you to view the debug logs specific to Volume Purchasing directly in the Jamf Pro user interface. In addition, you can enable the Volume Purchasing traffic logs to view the communication logs between Jamf Pro and Apple's servers.

To access this feature, navigate to Settings > Jamf Pro Information > Jamf Pro Server Logs > Volume Purchasing tab.

Changes to the Jamf Pro Server Actions Privileges

The following changes and updates have been made to the privileges in the Jamf Pro Server Actions category of a Jamf Pro user account. These changes only impact functionality in the Jamf Pro API:

  • The Send Mobile Device Shared Device Command privilege has been added and replaces the functionality associated with the Send Mobile Device Quota Size Command, including the functionality with the MaximumResidentUsers MDM command. As a result, the Send Mobile Device Quota Size Command privilege has been removed.

    Note: When upgrading to Jamf Pro 10.28.0 or later, the Send Mobile Device Shared Device Command privilege will automatically be enabled if the Send Mobile Device Quota Size Command privilege was enabled prior to upgrading.

  • The following privileges have been added:

    • Send Disable Bootstrap Token Command

    • Send Enable Bootstrap Token Command

    • Send Application Attributes Command

    • Send Application Configuration Command

    • Send Set Timezone Command

Session Expiration Improvements

  • Jamf Pro now uses a shared user session token for all browser tabs. For example, logging in or out on one tab of Jamf Pro will do the same in all other open tabs of Jamf Pro as well. When presented with a session expiration warning, clicking Continue Session will extend the session for all tabs.

  • Jamf Pro now displays session expiration warnings by dynamically updating the title of the browser tab and animating the favicon. This provides a convenient way to be notified that the session is about to expire even when you are not focused on the tab.

    Note: The favicon animation is not supported in Internet Explorer 11 and Safari.

Other Changes and Enhancements

  • When the default Enforce value for the Kerberos User setup delay setting is included in the computer Single Sign-On Extensions payload, the value for the delayUserSetup key in the configuration profile is now set to false. This better reflects the expected behavior of the User setup delay setting when it is sent to a computer in scope.

  • The Send Update button was removed from the Conditional Access settings. You can still send an update from a computer's inventory information by navigating to History > macOS Intune Logs > Send Update.

  • "Mappings" has been removed from the column titles in the Test table for cloud identity providers.

Jamf Pro API Changes and Enhancements

The Jamf Pro API is open for user testing. The base URL for the Jamf Pro API is /api. You can access documentation for both the Jamf Pro API and the Classic API from the new API landing page. To access the landing page, append "/api" to your Jamf Pro URL. For example: https://jss.instancename.com:8443/api

The following endpoints were added:

  • GET /v1/notifications

  • DELETE /v1/notifications/{type}/{id}

  • PUT /v1/jamf-protect

  • DELETE /v1/pki/venafi/{id}

The following endpoints were deprecated:

  • GET /notifications/alerts

  • DELETE /notifications/alerts/{type}/{id}

For more information on these changes, see the Jamf Pro API documentation.

Further Considerations

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2021 Jamf. All rights reserved.