New Features and Enhancements

Updated 13 August 2021

The "Unknown Keys in Configuration Profile Payloads" section has been updated to clarify the workflow.

Updated 27 July 2021

The "RestartDevice MDM Command Available via Policy" section has been updated to correct a detail regarding compatibility.

TeamViewer Integration

You can now integrate Jamf Pro with TeamViewer, a fast and secure all-in-one solution for gaining access to computers and networks remotely. This allows you to establish a remote screen-sharing connection between a Jamf Pro administrator and an end user's computer. The session is initialized from the computer inventory in Jamf Pro and a Self Service invitation to join the session displays on the remote computer. After the session is started, you can re-send the invitation, or copy the session URL and send it to the end user via your preferred communication method. Joining a session by the remote computer is an end user workflow.

To access this feature, navigate to Settings > Global Settings > Remote Administration​.

For information on how to add a TeamViewer configuration and remote session management, see TeamViewer Integration in the Jamf Pro Administrator's Guide.

Introducing Title Editor

Title Editor is a Jamf-hosted service that extends Patch Management services in Jamf Pro to create custom software titles, override existing patch definitions, and create custom patch definitions.

To enable this feature, you need the following:
  • A Jamf Account account

  • Cloud Services Connection enabled in Jamf Pro

  • The following Jamf Pro user account privileges:
    CategoryPrivilege
    Jamf Pro Server SettingsPatch Management (Read and Update)
    Jamf Pro Server Objects (Update)
    Patch External Sources (Create)

To enable this feature in Jamf Pro, go to Settings > Computer Management > Patch Management.

For information about enabling and using Title Editor, see Title Editor Documentation.

Inventory Preload Enhancements

The Inventory Preload global management setting has been redesigned to improve stability and usability. The upload and download workflows have been streamlined, and viewing the data in Jamf Pro is more customizable.

To access this feature, navigate to Settings > Global Management > Inventory Preload.

For more information, see Inventory Preload in the Jamf Pro Administrator's Guide.

RestartDevice MDM Command Available via Policy

You can now create a policy to use the RestartDevice MDM command to restart computers in your environment. This includes the option to rebuild the kernel cache with specific kernel extension (kext) paths.

To use the RestartDevice MDM command, create a policy with a Restart Options payload. If you want to rebuild the kernel cache, select MDM Restart with Kernel Cache Rebuild and specify the kext paths.

Computers with Apple Silicon (i.e., M1 chip) must have a Bootstrap token escrowed to Jamf Pro in order to leverage this command. Computers running a version of macOS prior to 11.0 cannot leverage the the kernel cache rebuild functionality of the RestartDevice MDM command.

Note: To ensure the kernel extensions work correctly, use a computer configuration profile with the Approved Kernel Extensions payload configured.

Logs for Jamf Connect and Protect Deployments

You can now view logs for your Jamf Connect and Protect deployments. This allows you to do the following:

  • View the deployed version and status of deployment commands.

  • Manually retry Jamf Connect and Jamf Protect deployments.

To view the logging page, navigate to Settings > Jamf Applications > Jamf Connect or Jamf Protect, and then click Logs next to the configuration of the deployment you want to see. Computers in the scope of the profile are displayed, along with their deployed version and deployment command statuses.

To retry deployment for a computer, click Retry next to the deployment command status for that computer.

To retry deployment for multiple computers, select the computers you want and then click Retry Selected in the top-right corner of the pane.
Note: The Jamf Pro Server Actions > Retry Jamf Connect Deployments or Retry Jamf Protect Deployments permissions are required to retry Jamf Connect or Protect deployments.

Self Service for macOS Enhancements

As part of an ongoing redesign project, the following enhancements were made to Self Service for macOS:

Jamf Pro server disconnections
When Self Service cannot reach the Jamf Pro server, the alert prompt no longer prompts users to attempt a reconnect but to wait until Self Service automatically re-establishes a connection instead.
Accessibility enhancements for Browse views
The pages that display under the Browse view now support using the tab key to navigate the page. VoiceOver is also now supported.
Searching for software updates
Users can now use the Search field in Self Service to find software updates that are available.

Unknown Keys in Configuration Profile Payloads

You can now use the Jamf Pro interface to view configuration profile keys that Jamf Pro cannot recognize. This means that the PLIST file value cannot be translated directly into a setting and displayed. This may happen when you uploaded a profile with custom settings or inconsistent data were introduced (e.g., during the Jamf Pro upgrade). You can view the unknown keys in the following payloads:

Computer Payloads
  • Application & Custom Settings
  • App-to-Per-App VPN Mapping
  • Content Filter
  • DNS Settings 
  • Notifications
  • Passcode
  • Security and Privacy
  • Single Sign-On Extensions
Mobile Device Payloads
  • DNS settings
  • Lock Screen Message
  • Notifications
  • Passcode
  • Restrictions
  • Setup Assistant
  • Single Sign-On Extensions
When Jamf Pro identifies unknown keys in a payload, the "Unknown Keys" message displays. To see the list of unknown keys, edit the profile and click View:
Important:

Signed configuration profiles are read-only and cannot be edited in Jamf Pro. To edit signed profiles, remove the signature.

To avoid potential issues with future Jamf Pro upgrades, review the settings and decide if the key-pair values are correct and needed in your environment. Download the profile and store a copy of the original file in a preferred location for future reference. Edit the downloaded mobileconfig file as needed and upload the modified profile to Jamf Pro. Alternatively, if your environment does not need the unknown keys, use the Jamf Pro interface to remove them. To keep your changes, save the profile.

Note:

During the configuration profiles refactor, the PayloadEnabled key is marked as unknown by default. You can safely remove it from the mobileconfig file because it is not required in a profile definition. For more information, see this documentation from the Apple Developer website.

Disk Space Check Added to Jamf Pro Installer for Linux

A server disk space check has been added to the Jamf Pro Installer for Linux that will prompt you if your server does not meet Jamf's free disk space recommendation of 150 GB. The prompt is intended as a safeguard to prevent possible data loss when Tomcat and MySQL are hosted on the same server. Data loss can occur when not enough free space is available during upgrade operations that require additional disk space when database tables are copied or altered.

During the installation process, if you receive a prompt that your server does not meet Jamf's free disk space recommendation, you can either type "y" to continue or "n" to abort the installation process.

You can bypass the disk space check by executing the installer with the -d flag. Execute a command similar to the following to skip the disk space check:
sudo sh /path/to/jamfproinstaller.run -- -d

Sentry Crash Logging and Usage Analytics Integration with Jamf Management Framework

Sentry crash logging and usage analytics has been added to the Jamf Management Framework. This collects the following information from computers:

  • Crash data from the jamf binary

  • Usage statistics for the RestartDevice MDM command

No other information is collected. The collected data is sent to a Jamf-hosted server and is used to improve Jamf Management Framework functionality.

If you want to opt out of sharing this information, you can create a policy to execute a script on managed computers to disable Sentry. For more information, see the Sentry Crash Logging and Analytics Integrations article.

Removal of Profile Service Payload for Enrollment

Starting with Jamf Pro 10.31.0, the Profile Service payload will no longer be sent to devices when they enroll. Previously, the Profile Service payload was used to request additional device-specific information (e.g. serial number) for authentication before delivering the MDM profile to devices. With the removal of the Profile Service payload, the additional device-specific information and authentication are requested automatically and the MDM profile is installed directly during enrollment. Because this change may impact enrollment workflows that use the Profile Service payload, it is recommended that you test your organization's enrollment workflows to ensure they function correctly.

Down-Level Logon Name Format Required for Username Field When Using "Dynamic-Microsoft CA" Challenge Type

The down-level logon name format is now required for the Username field when the Challenge Type pop-up menu is set to Dynamic-Microsoft CA in the following locations of Jamf Pro:
  • Settings > PKI Certificates > Manage Certificate Template > External CA

  • SCEP payloads in configuration profiles

For more information about the down-level logon name format, see the following Microsoft documentation: User Name Formats.

Registration Page Name for Conditional Access and Device Compliance

You can now add the optional registration page name in the Conditional Access and Device Compliance settings. When registering with Azure AD, the value entered in the Registration Page Name field will display on the redirection page next to the Jamf Pro URL. This allows you to provide descriptive text that will help users advancing through the registration process to choose the correct registration URL if your environment provides multiple registration options. 

To access this feature, navigate to Settings > Global Management > Conditional Access (or Device Compliance). For Conditional Access, the Cloud Connector connection type is required.

Jamf Pro API Changes and Enhancements

The Jamf Pro API is open for user testing. The base URL for the Jamf Pro API is /api. You can access documentation for both the Jamf Pro API and the Classic API from the new API landing page. To access the landing page, append "/api" to your Jamf Pro URL. For example: https://jss.instancename.com:8443/api

Note:

In future releases, Jamf Pro API endpoints that have been deprecated for over a year will be removed. It is recommended that you update your applications to use the latest versions of these endpoints. See the API documentation for a complete list of endpoints.

The following endpoints were added:
  • POST /preview/mdm/commands

  • GET /preview/remote-administration-configurations

  • POST /preview/remote-administration-configurations/team-viewer

  • GET /preview/remote-administration-configurations/team-viewer/{id}

  • DELETE /preview/remote-administration-configurations/team-viewer/{id}

  • PATCH /preview/remote-administration-configurations/team-viewer/{id}

  • GET /preview/remote-administration-configurations/team-viewer/{id}/sessions

  • POST /preview/remote-administration-configurations/team-viewer/{id}/sessions

  • GET /preview/remote-administration-configurations/team-viewer/{id}/sessions/{sessionId}

  • POST /preview/remote-administration-configurations/team-viewer/{id}/sessions/{sessionId}/close

  • POST /preview/remote-administration-configurations/team-viewer/{id}/sessions/{sessionId}/resend-notification

  • GET /preview/remote-administration-configurations/team-viewer/{id}/status

  • GET /v1/jamf-connect/deployments/{id}/tasks

  • POST /v1/jamf-connect/deployments/{id}/tasks/retry

  • GET /v1/jamf-protect/deployments/{id}/tasks

  • POST /v1/jamf-protect/deployments/{id}/tasks/retry

  • GET /v1/self-service/settings

  • PUT /v1/self-service/settings

  • GET /v2/inventory-preload/ea-columns

  • POST /v2/inventory-preload/export

  • GET /v2/jamf-package

The following endpoints were removed:
  • GET /settings/obj/selfservice

  • PUT /settings/obj/selfservice

Other Changes and Enhancements

  • Jamf Pro now installs an additional payload to safelist Jamf Protect as a system extension when you select Jamf Protect under Settings > Computer Management > Security > Automatically install a Privacy Preferences Policy Control profile.
  • Jamf Pro can now notify you when a new major version of Jamf Connect becomes available. To configure this, navigate to Account Preferences > Notifications and select Email or Jamf Pro notifications next to A new Jamf Connect version is available for download.

    Note:

    Jamf Pro does not offer automatic updates for major updates for Jamf Connect.

  • Site administrators can now configure automated deployment and update settings for Jamf Connect configuration profiles within their site.

Further Considerations

  • Feature requests implemented in this release can be accessed by logging in to the ideas.jamf.com feature requests portal.

  • Privileges associated with new features in Jamf Pro are disabled by default.

  • It is recommended that you clear your browser's cache after upgrading Jamf Pro to ensure that the Jamf Pro interface displays correctly.

  • Known issues for Jamf Pro can be accessed from the Jamf Pro products page in Jamf Account.