New Features and Enhancements

Google BeyondCorp Enterprise Integration

You can now integrate with Google BeyondCorp Enterprise to ensure that only trusted users, from compliant computers, are accessing organizational resources. The macOS BeyondCorp Enterprise Integration between Jamf Pro and BeyondCorp enables admins to build a compliance and security framework around end user devices rather than using a network perimeter.

Integrating with BeyondCorp Enterprise allows you to do the following:
  • Share compliance state with BeyondCorp.

  • Restrict access to applications protected by BeyondCorp Enterprise Context-Aware policies.

To access the BeyondCorp Enterprise Integration settings in Jamf Pro, go to Settings > Global Management > macOS BeyondCorp Enterprise Integration.

For more information about enabling and using macOS BeyondCorp Enterprise, see Google BeyondCorp Enterprise Integration in the Jamf Pro Documentation.

Enable or Disable Basic Authentication for Classic API

You can now enable the use of Basic authentication in addition to Bearer Token authentication in the Classic API within the Jamf Pro user interface. Navigate to Settings > Jamf Pro User Accounts & Groups > Password Policy to access this feature. Basic authentication is enabled by default. To disable the use of Basic authentication in the Classic API, deselect the Allow Basic authentication in addition to Bearer Token authentication checkbox.

For more information on using Bearer Token authentication in the Classic API, see the Jamf Developer Resources: https://developer.jamf.com/jamf-pro/docs/classic-api-authentication-changes

Self-Healing Functionality for the Jamf Binary

Jamf Pro can now redeploy the Jamf management framework to managed computers via the new v1/jamf-management-framework/redeploy endpoint in the Jamf Pro API. If for some reason a computer stops checking in with Jamf Pro or running policies, this functionality allows you to remotely re-enroll the computer (as long as it is still receiving MDM commands).
Warning:

When reinstalling the Jamf management framework via this endpoint, Jamf Pro will clear or retain information for that computer based on the global re-enrollment settings you have configured. For more information, see Re-enrollment Settings in the Jamf Pro Documentation.

Password Policy Enhancements

To improve security, Jamf Pro now includes the following password policy enhancements:

  • All new Jamf Pro instances are configured with a 10-character minimum password policy for the first administrator account. This criterion is displayed on the Create Account page in the Jamf Pro Setup Assistant.

  • All current Jamf Pro instances without a password policy are configured with a 10-character minimum password policy.

  • You can change this password policy or configure additional password policy criteria at any time by navigating to Settings > System Settings > Jamf Pro User Accounts & Groups > Password Policy.
    Note:

    This policy does not apply to Jamf Pro instances currently using password policies; therefore, existing password policies will not be affected. Current administrator passwords will not be affected unless a password change is required.

  • When creating or changing a password, Jamf Pro displays the password policy criteria on the User Account page in Settings > System Settings > Jamf Pro User Accounts & Groups and the Reset Password and Change Password screens.

Other Changes and Improvements

  • The Jamf Protect PPPC profile deployed via Settings > Computer Management > Security > Automatically install a Privacy Preferences Policy Control profile > Jamf Protect now prevents users from being presented with a "Jamf Protect is trying to modify a System Extension" prompt when uninstalling Jamf Protect.

  • You can now send managed macOS software updates to computers via the new /v1/macos-managed-software-updates/send-updates endpoint in the Jamf Pro API.

  • Jamf Pro now creates a unique password for the Jamf keychain on each enrolled computer. A unique password is also created for each currently managed computer upon upgrading to Jamf Pro 10.36.0.

  • Jamf Pro now provides compatibility support for GSX Connection using Apple's APIs for querying device purchase information.

Jamf Pro API Changes and Enhancements

The Jamf Pro API is open for user testing. The base URL for the Jamf Pro API is /api. You can access documentation for both the Jamf Pro API and the Classic API from the new API landing page. To access the landing page, append /api to your Jamf Pro URL. For example: https://JAMF_PRO_URL.com:8443

Note:

In future releases, Jamf Pro API endpoints that have been deprecated for over a year will be removed. It is recommended that you update your applications to use the latest versions of these endpoints. See the API documentation for a complete list of endpoints.

The following endpoints were added:
  • GET /v1/conditional-access/device-compliance-information/computer/{deviceId}

  • POST /v1/jamf-management-framework/redeploy/{id}

  • POST /v1/macos-managed-software-updates/send-update

  • POST /v1/deploy-package/{management_id}

Further Considerations

  • Privileges associated with new features in Jamf Pro are disabled by default.

  • It is recommended that you clear your browser's cache after upgrading Jamf Pro to ensure that the Jamf Pro interface displays correctly.

  • Known issues for Jamf Pro can be accessed from the Jamf Pro product page in Jamf Account.