Jamf Pro Reporting Capabilities for Apple's macOS Security Features

This article explains how to report on the following macOS security features using Jamf Pro:

  • Activation Lock

  • Firewall

  • Gatekeeper

  • Recovery Lock

  • System Integrity Protection

  • XProtect Definitions Version

Security FeatureRequirementsDescriptionReporting Capabilities
Activation Lock
  • macOS 10.15 or later

  • Jamf Pro 10.20.0 or later

Activation Lock ensures that only those authorized to lock a compatible computer with macOS 10.15 or later can do so. Activation Lock is automatically enabled when a user turns on the Find My feature. For more information on Activation Lock, see Activation Lock for iPhone, iPad, and iPod touch from Apple's support website.

You can leverage additional Activation Lock functionality using Jamf Pro. For more information, see the Leveraging Apple’s Activation Lock Feature with Jamf Pro article.

Note: Activation Lock for computers applies to compatible computers with macOS 10.15 or later. For more information on compatibility, see Activation Lock for Mac from Apple's support website.

The following reporting capabilities are available for Activation Lock:

  • View whether or not a compatible computer has Activation Lock enabled. To view the current status, navigate to the Security category in inventory information for a computer.

  • Create an advanced computer search with the Activation Lock criteria.

  • Create a smart group with the Activation Lock criteria.

Firewall
  • macOS 10.12 or later

  • Jamf Pro 10.32.0 or later

Firewall allows you to view whether or not the macOS application firewall is enabled on compatible computers with macOS 10.12 or later.

In macOS Firewall options are found in Apple menu > System Preferences > Security & Privacy > Firewall

Note:
The Firewall feature replaces the following scripted command used prior to macOS 12 to report the firewall status:
/usr/bin/sudo /usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate
The following reporting capabilities are available for Firewall:
  • View whether or not a compatible computer has Firewall enabled. To view the current status, navigate to the Security category in inventory information for a computer.

  • Create an advanced computer search with the Firewall criteria.

  • Create a smart group with the Firewall criteria.

Gatekeeper
  • macOS 10.9 or later

  • Jamf Pro 9.99.0 or later

Gatekeeper is a security technology from Apple that helps to protect computers from apps that could adversely affect them. In macOS, Gatekeeper options are found in Apple menu > System Preferences… > Security & Privacy > General tab under the header Allow applications downloaded from:.

For computers with macOS 10.7.5 or later, you can install a macOS configuration profile with a Security & Privacy payload that restricts which Gatekeeper preferences are enabled on a computer (Mac App Store, Mac App Store and identified developers, or Anywhere). For more information on Gatekeeper, see Safely open apps on your Mac from Apple's support website.

The following reporting capabilities are available for Gatekeeper:

  • View the status for Gatekeeper when viewing management information for a computer. To view the current status, navigate to the Security category in inventory information for a computer.

  • Create an advanced computer search with the Gatekeeper criteria.

  • Create a smart group with the Gatekeeper criteria.

Recovery Lock
  • Computers with Apple silicon (i.e., M1 chip) with macOS 11.5 or later

  • Jamf Pro 10.32.0 or later

Recovery Lock prevents access to macOS Recovery without a password providing additional security for the computers in your environment. For more information about Recovery Lock, see Use macOS Recovery on a Mac with Apple silicon in Apple's macOS User Guide.

The following reporting capabilities are available for Recovery Lock:
  • View whether or not a compatible computer has Recovery Lock enabled. To view the current status, navigate to the Security category in inventory information for a computer.

  • Create an advanced computer search with the Recovery Lock criteria.

  • Create a smart group with the Recovery Lock criteria.

System Integrity Protection
  • macOS 10.11 or later

  • Jamf Pro 9.99.0 or later

System Integrity Protection (SIP) is a security technology from Apple that restricts the root user account and limits actions that the root user can perform on protected parts of the Mac operating system. For more information on System Integrity Protection, see About System Integrity Protection on your Mac from Apple's support website.

System Integrity Protection can only be configured by a root user on a computer. For more information, see Configuring System Integrity Protection from the Apple Developer website.

The following reporting capabilities are available for System Integrity Protection:

  • View the status for System Integrity Protection when viewing management information for a computer. To view the current status, navigate to the Security category in inventory information for a computer.

  • Create an advanced computer search with the System Integrity Protection criteria.

  • Create a smart group with the System Integrity Protection criteria.

XProtect Definitions Version
  • macOS 10.9 or later

  • Jamf Pro 9.100.0 or later

XProtect is Apple's built-in anti-malware functionality enabled by default on computers. Malware definition updates arrive through Apple's normal software update process. To view this setting in macOS, navigate to Apple menu > System Preferences… > App Store. Ensure the Install system data files and security updates checkbox is selected.

The following reporting capabilities are available for XProtect:

  • View the version of XProtect Definitions installed on a computer. To view the current version, navigate to the Security category in inventory information for a computer.

  • Create an advanced computer search with the XProtect Definitions Version criteria.

  • Create a smart group with the XProtect Definitions Version criteria.