New Features and Enhancements

Compatibility with macOS, iOS, iPadOS, and tvOS

Compatibility and new feature support are based on testing with the latest Apple beta releases of the following:

  • macOS Ventura 13

  • iOS 16

  • iPadOS 16

  • tvOS 16

This includes compatibility for the following management workflows:

  • Enrollment and inventory reporting

  • Configuration profiles

  • App distribution

  • Self Service installation

  • Self Service launches and connections

  • App distribution via Self Service

  • Policies

  • Restricted software

Secure App Network Traffic with Per-app DNS Proxies and Web Content Filters

You can configure DNS proxies and web content filters at the app-level for mobile devices with iOS 16* or iPadOS 16*. App-level DNS proxies and web content filters are configurable for all managed devices and enrollment types (Automated Device Enrollment, Device Enrollment, and User Enrollment). Only managed apps support per-app network configurations.

Setting up app-level network traffic management with Jamf Pro includes two steps (similar to setting up Per-App VPN):

  1. Configure a DNS proxy, Content Filter, or both payloads in a mobile device configuration profile and select the Enable per-app networking checkbox in the payloads. This allows you to select the configuration from the app's distribution settings in Jamf Pro.

  2. In each managed app distributed with Jamf Pro that you want to manage network traffic for, choose the per-app networking configuration from the Per-app DNS proxy or Per-app content filtering pop-up menus.

For more information, see Managed Content in Jamf Pro in the Jamf Pro Documentation.

*Feature support is based on testing with the latest Apple beta releases.

Configuration Profiles

Computer Configuration Profiles

The following table provides an overview of the computer configuration profile enhancements in this release, organized by payload:
SettingKey Included in PayloadRequirementsNotes

Restrictions (Enhancements)

Allow Universal ControlAllowUniversalControlmacOS 13 or later*

This setting displays in the Restrictions > Functionality tab.

If selected, Universal Control can control multiple devices from one trackpad or mouse and keyboard.

Single Sign-On Extensions (Enhancements)

Platform SSO

Authentication methodAuthenticationMethodmacOS 13 or later*

You can now use Platform SSO and select which authentication method (Password or Secure Enclave-backed key) will be used. The identity provider (IdP) must support the selected method.

Registration tokenRegistrationToken

You can now enter the token used by devices to register with the IdP for Platform SSO without a password. This field requires that a value is selected for Authentication method.

Platform SSO with Kerberos Extension

Use Platform SSO TGTusePlatformSSOTGTmacOS 13 or later*

If enforced, the configuration is required to use a Ticket Granting Tickets (TGT) from Platform SSO instead of requesting a new one.

Platform SSO manual sign-inallowPlatformSSOAuthFallback

If allowed, Platform SSO allows the user to manually sign in to the Kerberos extension.

Kerberos requests onlyperformKerberosOnlyIf enforced, the configuration only performs Kerberos requests. The Kerberos extension will not check for password expiration or external password changes, display password expiration in the menu, perform password sync, or retrieve a user's home directory.

Skip Keys (Enhancements)

You can configure this feature as part of computer PreStage enrollment.

Skip terms of addressTermsOfAddressmacOS 13 or later*

If included, allows users to skip the Terms of Address pane during the Setup Assistant.

*Feature support is based on testing with the latest Apple beta releases.

Mobile Device Configuration Profiles

The following table provides an overview of the mobile device configuration profile enhancements in this release, organized by payload:
SettingKey Included in PayloadRequirementsNotes

Content Filter (Enhancements)

Enable per-app networkingContentFilterUUID

iOS 7 or later

iPadOS 7 or later

If per-app networking is enabled, Jamf Pro generates a universally unique identifier and a web content filter processes network traffic for managed apps that have the ContentFilter UUID in their app attributes.

DNS Proxy (Enhancements)

Enable per-app networkingDNSProxyUUID

iOS 11 or later

iPadOS 11 or later

If per-app networking is enabled, managed apps with the same DNSProxyUUID in their app attributes have their DNS lookups traffic processed by the proxy.

Skip Keys (Enhancements)

You can configure this feature in the Mobile Devices > Configuration Profiles > Skip Setup Items payload and it can also be selected as part of mobile device PreStage enrollment.

Skip terms of addressTermsOfAddressiOS 16 or later*

If included, allows users to skip the Terms of Address pane during the Setup Assistant.

*Feature support is based on testing with the latest Apple beta releases.

Extension Attribute Migration for Azure AD Cloud Identity Provider

Jamf Pro now supports the migration of extension attributes based on LDAP values during Azure AD cloud identity migration. An Extension Attributes pane has been added to the migration assistant, giving you the option to test and update user extension attribute mappings prior to migration. Additional improvements within the migration assistant:
  • When testing values, status outputs have been updated to include scenarios for case-sensitivity and mismatches caused by duplicates within multi-value extension attributes.
  • When generating the optional report (a CSV file), the first sheet provides helpful information for understanding the content.
  • On the Choose LDAP server pane, you can enable or disable transitive membership lookups. A warning displays if a mismatch occurs between nested group membership lookup settings.

For more information about migrating LDAP extension attributes to an Azure AD cloud identity provider instance, see Azure AD Cloud Identity Migration in the Jamf Pro Documentation.

Other Changes and Improvements

  • Jamf Pro now provides compatibility support for GSX Connection using Apple's latest API versions for querying device purchase information.

  • The Jamf Pro interface now displays more specific warnings when attempting to configure a configuration profile with Privacy Preferences Policy Control settings that are incompatible with one or more target computers in the scope.

Jamf Pro API Changes and Enhancements

The Jamf Pro API is open for user testing. You can test and access documentation for the Jamf Pro API and the Classic API in one of two ways:

Your Jamf Pro instance

To access the API landing page directly from Jamf Pro, append the API base URL (/api) to your Jamf Pro instance URL:

https://JAMF_PRO_URL.jamfcloud.com/api

Jamf Developer Portal

The developer portal contains additional API documentation, including API development guides and code samples. For more information, see the Jamf Pro Developers page in the Jamf Developer Portal.

API Endpoint Changes

For a list of new, deprecated, and removed endpoints, see the Jamf Pro API Changelog.

Deprecated API Endpoints

Deprecated API endpoints are removed one year after deprecation. Jamf recommends that you update your applications to use the latest version of these endpoints.

Further Considerations

  • For non-administrator Jamf Pro user accounts, privileges associated with new features in Jamf Pro are disabled by default. If you have Custom privilege configurations for user accounts or groups in your environment, a Jamf Pro user account with Administrator privileges must manually enable new feature privileges for each user or group with Custom privileges.

  • Jamf recommends you clear your browser's cache after upgrading Jamf Pro to ensure that the Jamf Pro interface displays correctly.

  • Known issues for Jamf Pro can be accessed from the Jamf Pro product page in Jamf Account.