What's New

Jamf Cloud Distribution Service (JCDS) 1.4.2 Enhancements for Uploading Packages from Jamf Pro

Jamf Pro 10.29.0 includes performance enhancements for uploading packages from Jamf Pro to the JCDS. These enhancements require Jamf Pro 10.29.0 or later and JCDS 1.4.2 or later. These enhancements do not affect Jamf Admin.

For more information see the Jamf Cloud Distribution Service (JCDS) Release Notes.

Enhancements to the Download/Download and Install Updates Remote Command for Computers

Jamf Pro now includes the following enhancements to the Download/Download and Install Updates remote command to make the update process more reliable and allow for updates without user interaction on computers with Apple silicon (i.e., M1 chip):

  • Download the update for users to install option—Jamf Pro now includes the DownloadOnly key when sending the remote command to computers with macOS 11 or later and the NotifyOnly key when sending the command to computers with macOS 10.15.4 or earlier.

  • Download and install the update, and restart computers after installation option—Jamf Pro now includes the InstallASAP key when sending the remote command to computers with macOS 10.12 or later.

Note: To allow for updates without user interaction on target computers with Apple silicon, Bootstrap Token for the computers must be escrowed with Jamf Pro.

Computer Application Usage Logs Enhancements

Computer Application Usage Logs for licensed software functionality, which is part of the Jamf management framework, is now more secure and reliable. This includes more accurate reporting for applications open in the foreground. Due to this change, you may experience reporting inconsistencies the day of your Jamf Pro upgrade.

Note: If you use the Jamf Pro Classic API /computerapplicationusage endpoint for Application Usage reporting, the returned open in foreground property value will continue to be the same. The open property is no longer used and the returned value will always be "0".

Group Authentication via Single-Sign On for Azure AD Enhancements

When Azure AD is added in Jamf Pro as a cloud identity provider and single sign-on with Azure AD is enabled in your environment, a group name added in Jamf Pro will now be matched with a group identifier found in the Azure AD SAML message. This means you are now able to match the group membership by group name instead of the object identifier. This limits the potential issues with authentication workflows when identifying groups in Jamf Pro user accounts and groups.

Device Compliance Enhancement

You can now select one of the following landing pages for mobile devices not recognized by Microsoft Azure:

  • The default Jamf Pro Device Registration page

  • The Access Denied page

  • A custom webpage

To access this feature, navigate to Settings > Global Management > Device Compliance.

Note: To enable this feature, you need to re-enable the integration and grant the permissions requested by Microsoft. For more information on enabling the integration, see Integrating Jamf Pro with Microsoft Endpoint Manager in the Integrating with Microsoft Endpoint Manager to Enforce Compliance on Mobile Devices Managed by Jamf Pro technical paper.

Support for US Government National Cloud for Conditional Access

Jamf Pro now supports US Government cloud for the Sovereign Cloud setting in Conditional Access. To access this feature, navigate to Settings > Global Management > Conditional Access.

Important: Due to an issue related to the Azure AD Application Registration UI, integrations that use US Government cloud currently cannot be successfully configured. See PI-009668 on the Known Issues list for reference.

For more information on National Clouds, see the National clouds documentation from Microsoft.

Note: This option is only available for manually configured connections.

Header Authentication for Webhooks

Header Authentication has been added to the Authentication Type pop-up menu displayed when you are creating or editing a webhook. This is a new alternative to the existing option of sending a username and password as part of the webhook.

To access this new feature, navigate to Settings > Global Management > Webhooks > New, and then choose "Header Authentication" from the Authentication Type pop-up menu. In the text field that is displayed, enter header data using JSON format that contains the information needed to establish communication between your webhook's server and Jamf Pro.

For more information see Webhooks in the Jamf Pro Administrator's Guide.

Ongoing Jamf Pro Interface Improvements Project

The following enhancements are currently limited to certain pages of Jamf Pro (e.g., Settings > Departments), but will become the standard across the product over time:

  • Jamf Pro now displays the status of exports from some tables in a pop-up panel in the bottom-right corner of the screen.

  • You can now pin columns in the table layout for some objects in Jamf Pro. This allows you to have certain columns remain visible while scrolling across the table.

  • Active filters are now displayed at the top of the pane when viewing certain objects in Jamf Pro. Click the X next to an active filter to dismiss it.

Jamf Parent for Android

Parents can now install the Jamf Parent app on mobile devices with Android 6.0 or later from Google Play. The following features are supported on Jamf Parent for Android:

  • Restrict and allow apps on a student's school-issued devices.

  • Restrict and allow device functionality on a student's school-issued devices.

  • Configure Device Rules.

For more information about how to configure Jamf Parent, see Jamf Parent Integration with Jamf Pro in the Jamf Pro Administrator's Guide.

MDM Profile Expiration Date Criteria Options Changed

The Operator pop-up menu options for the "MDM Profile Expiration Date" criteria used in smart groups and advanced searches have changed. The "more than x days ago" and "less than x days ago" options have been replaced with "in more than x days" and "in less than x days". The new options are described below:

  • in more than x days—Finds computers or mobile devices whose MDM profiles are expiring after a set number of days in the future.

  • in less than x days—Finds computers or mobile devices whose MDM profiles are expiring before a set number of days in the future.

For example, if you want to find out how many computers or mobile devices whose MDM profiles are expiring within less than 30 days, you would select "in less than x days" and then enter 30 in the field.

Important: Since the old options no longer exist in Jamf Pro 10.29.0 or later, the operator will automatically default to the first available option, which is "before (yyyy-mm-dd)". This means that immediately after you upgrade, you must change your smart groups or advanced searches that are using the "MDM Profile Expiration Date" criteria to use one of the new options, depending on the results you want.

For example, if you were using “more than x days ago” in a smart group or advanced search, the first option in the list, “before (yyyy-mm-dd)”, would be selected after you upgrade Jamf Pro. This will cause any smart groups or advanced searches that are using the "MDM Profile Expiration Date" criteria to produce different results when they recalculate. If you want to use the new options, you must manually choose the option from the Operator pop-up menu that will best yield the results you want for the smart group or advanced search.

Operator Menu

Before Upgrade

After Upgrade

After Manual Change




This change only applies to the "MDM Profile Expiration Date" criteria and is not applicable to any other criteria such as extension attributes.

Deleting an AD CS Certificate Authority

You can now delete AD CS certificate authorities (CA) from Jamf Pro. To access this feature, navigate to Settings > Global Management > PKI Certificates, click View on the AD CS CA that you want to delete, and then click Delete images/download/thumbnails/80748262/trash.png at the bottom of the page.

A confirmation message will be displayed with different options depending on the following situations:

  • If the confirmation message has a Delete button, click it to permanently delete the CA.

  • If dependencies are found, they will be listed in the confirmation message. Click OK, resolve the dependencies, return to the PKI Certificates page, and then try to delete the CA again.

For more information, see the Integrating with Active Directory Certificate Services (AD CS) Using Jamf Pro technical paper.

Other Changes and Enhancements

  • The Master Password field used for inventory reporting and legacy FileVault settings (macOS 10.6 or earlier) has been removed from the Jamf Pro inventory interface and Jamf Pro API.

  • When configuring Jamf Connect or Jamf Connect Login in Jamf Applications of the computer Application & Custom Settings payload, you can now test the connection to the identity provider (IdP) for Okta and Azure before saving the configuration profile. This checks the connection and allows for the early identification of potential IdP-related issues.

Jamf Pro API Changes and Enhancements

The Jamf Pro API is open for user testing. The base URL for the Jamf Pro API is /api. You can access documentation for both the Jamf Pro API and the Classic API from the new API landing page. To access the landing page, append "/api" to your Jamf Pro URL. For example: https://jss.instancename.com:8443/api

The following endpoints were added:

  • GET /v1/classic-ldap/{id}

  • GET /v1/conditional-access/device-compliance-information/mobile/{deviceId}

  • GET /v1/csa/token

  • PUT /v1/csa/token

  • POST /v1/csa/token

  • GET /v1/ldap/groups

  • GET /v1/ldap/ldap-servers

  • GET /v1/ldap/servers

The following change was made:
Both GET /ldap/server and GET /ldap/groups have been moved out of the tag ldap-preview to ldap.

For more information on these changes, see the Jamf Pro API documentation.

Further Considerations

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2021 Jamf. All rights reserved.