New Features and Enhancements

Updated 24 March 2022

The "Introducing App Installers" section has been updated to clarify the necessary requirements for using App Installers.

Compatibility with macOS, iOS, iPadOS, and tvOS

Compatibility and new feature support are based on testing with the latest Apple beta releases of the following:

  • macOS 12.3

  • iOS 15.4

  • iPadOS 15.4

  • tvOS 15.4

This includes compatibility for the following management workflows:

  • Enrollment and inventory reporting

  • Configuration profiles

  • App distribution

  • Self Service installation

  • Self Service launches and connections

  • App distribution via Self Service

  • Policies

  • Restricted software

Introducing App Installers

This release of Jamf Pro introduces the first iteration of App Installers. App Installers is a Jamf-hosted service that allows you to distribute software titles from the Jamf App Catalog to target computers in a smart computer group and automatically keep the software title up-to-date. This feature streamlines the app lifecycle management process by removing the need to manually monitor, package, and update apps.

The following is required to distribute software titles with App Installers:

  • Jamf Pro instance hosted in Jamf Cloud

  • An enabled Cloud Services Connection

To access this feature in Jamf Pro, navigate to Computers > Mac Apps. Click New, and then select Jamf App Catalog.


Some App Installers functionality is not available at the time of this release. Additional functionality will be released in later versions of Jamf Pro.

For more information, see App Installers in the Jamf Pro Documentation.

Single Sign-On for Account-Driven User Enrollment

You can now enable single sign-on for Account-Driven User Enrollment. When this feature is enabled, users enter their identity provider account credentials on the Account-Driven User Enrollment page to start the enrollment process. To access this feature in Jamf Pro, navigate to Settings > System Settings > Single Sign-On. Click Edit and select Enable Single Sign-On Authentication, then select Enable Single Sign-On for User-Initiated Enrollment.

Selecting Enable Single Sign-On for User-Initiated Enrollment enables single sign-on for both user-initiated enrollment (for institutionally owned devices) and User Enrollment (for personally owned devices).

Google BeyondCorp Enterprise Integration Enhancements

The Google BeyondCorp Enterprise integration now includes the following enhancements:
  • The status of the integration is now available at the top of the integration screen.

  • Two modals were added that let administrators know what will happen when the integration is disabled or the CustomerID is changed.

  • History section is now available.

  • Allowed Duration of Inactivity can now be configured for the BeyondCorp Enterprise integration. This will set the device compliance state to unspecified after the configured number of days without a check-in.

LDAP Server to Azure AD Cloud IdP Migration

The Azure AD Cloud Identity migration helps you move away from an on-premise Active Directory to the cloud using Azure AD. Azure AD can replace Active Directory LDAP services in Microsoft environments or synchronize Active Directory data with Azure AD. Azure AD allows on-premise components to continue to use LDAP services, while cloud applications can use the same data from Azure. Integrating Jamf Pro with Azure AD services enables the following:
  • Authentication of administrators logging in to Jamf Pro and users logging in to enroll devices, or to Self Service

  • Lookups for the user and group data to allow for the following:
    • Listing inventory information

    • Scoping of apps, content, policies, and profiles

    • Configuring Jamf Pro Administrator groups

For more information about migrating to an Azure AD Cloud Identity provider instance, see Azure AD Cloud Identity Migration in the Jamf Pro Documentation.

Manage macOS Software Updates via the Jamf Pro API

You can now programmatically retrieve a list of available macOS software updates via the new GET /v1/macos-managed-software-updates/available-updates endpoint in the Jamf Pro API. When used in combination with the previously released POST /v1/macos-managed-software-updates/send-updates endpoint, you can script custom macOS software update workflows that suit your environment.

Other Changes and Improvements

  • The administrator applications that were previously included in the Jamf Pro download for Mac—Composer, Jamf Admin, Jamf Remote, and Recon—are now available as a separate download named "Jamf Pro Apps" on Jamf Account.

  • You can now use onPremisesSamAccountName as mapping in the Azure AD integration configuration.

Jamf Pro API Changes and Enhancements

The Jamf Pro API is open for user testing. The base URL for the Jamf Pro API is /api. You can access documentation for both the Jamf Pro API and the Classic API from the new API landing page. To access the landing page, append /api to your Jamf Pro URL. For example:


In future releases, Jamf Pro API endpoints that have been deprecated for over a year will be removed. It is recommended that you update your applications to use the latest versions of these endpoints. See the API documentation for a complete list of endpoints.

The following endpoints were added:
  • GET /v1/macos-managed-software-updates/available-updates

  • POST /v2/enrollment/history/export

Further Considerations

  • Privileges associated with new features in Jamf Pro are disabled by default.

  • Jamf recommends you clear your browser's cache after upgrading Jamf Pro to ensure that the Jamf Pro interface displays correctly.

  • Known issues for Jamf Pro can be accessed from the Jamf Pro product page in Jamf Account.