Jamf Pro Reporting Capabilities for Apple's macOS Security Features

Updated: 7 September 2021

Product: Jamf Pro

This article explains how to report on the following macOS security features using Jamf Pro:

Activation Lock
Firewall
Gatekeeper
Recovery Lock
System Integrity Protection
XProtect Definitions Version


Security Feature	Requirements	Description	Reporting Capabilities
Activation Lock	macOS 10.15 or later Jamf Pro 10.20.0 or later	Activation Lock ensures that only those authorized to lock a compatible computer with macOS 10.15 or later can do so. Activation Lock is automatically enabled when a user turns on the Find My feature. For more information on Activation Lock, see Activation Lock for iPhone, iPad, and iPod touch from Apple's support website. You can leverage additional Activation Lock functionality using Jamf Pro. For more information, see the Leveraging Apple’s Activation Lock Feature with Jamf Pro article. Note: Activation Lock for computers applies to compatible computers with macOS 10.15 or later. For more information on compatibility, see Activation Lock for Mac from Apple's support website.	The following reporting capabilities are available for Activation Lock: View whether or not a compatible computer has Activation Lock enabled. To view the current status, navigate to the Security category in inventory information for a computer. Create an advanced computer search with the Activation Lock criteria. Create a smart group with the Activation Lock criteria.
Firewall	macOS 10.12 or later Jamf Pro 10.32.0 or later	Firewall allows you to view whether or not the macOS application firewall is enabled on compatible computers with macOS 10.12 or later. In macOS Firewall options are found in Apple menu > System Preferences > Security & Privacy > Firewall Note: The Firewall feature replaces the following scripted command used prior to macOS 12 to report the firewall status: `/usr/bin/sudo /usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate`	The following reporting capabilities are available for Firewall: View whether or not a compatible computer has Firewall enabled. To view the current status, navigate to the Security category in inventory information for a computer. Create an advanced computer search with the Firewall criteria. Create a smart group with the Firewall criteria.
Gatekeeper	macOS 10.9 or later Jamf Pro 9.99.0 or later	Gatekeeper is a security technology from Apple that helps to protect computers from apps that could adversely affect them. In macOS, Gatekeeper options are found in Apple menu > System Preferences… > Security & Privacy > General tab under the header Allow applications downloaded from:. For computers with macOS 10.7.5 or later, you can install a macOS configuration profile with a Security & Privacy payload that restricts which Gatekeeper preferences are enabled on a computer (Mac App Store, Mac App Store and identified developers, or Anywhere). For more information on Gatekeeper, see Safely open apps on your Mac from Apple's support website.	The following reporting capabilities are available for Gatekeeper: View the status for Gatekeeper when viewing management information for a computer. To view the current status, navigate to the Security category in inventory information for a computer. Create an advanced computer search with the Gatekeeper criteria. Create a smart group with the Gatekeeper criteria.
Recovery Lock	Computers with Apple silicon (i.e., M1 chip) with macOS 11.5 or later Jamf Pro 10.32.0 or later	Recovery Lock prevents access to macOS Recovery without a password providing additional security for the computers in your environment. For more information about Recovery Lock, see Use macOS Recovery on a Mac with Apple silicon in Apple's macOS User Guide.	The following reporting capabilities are available for Recovery Lock: View whether or not a compatible computer has Recovery Lock enabled. To view the current status, navigate to the Security category in inventory information for a computer. Create an advanced computer search with the Recovery Lock criteria. Create a smart group with the Recovery Lock criteria.
System Integrity Protection	macOS 10.11 or later Jamf Pro 9.99.0 or later	System Integrity Protection (SIP) is a security technology from Apple that restricts the root user account and limits actions that the root user can perform on protected parts of the Mac operating system. For more information on System Integrity Protection, see About System Integrity Protection on your Mac from Apple's support website. System Integrity Protection can only be configured by a root user on a computer. For more information, see Configuring System Integrity Protection from the Apple Developer website.	The following reporting capabilities are available for System Integrity Protection: View the status for System Integrity Protection when viewing management information for a computer. To view the current status, navigate to the Security category in inventory information for a computer. Create an advanced computer search with the System Integrity Protection criteria. Create a smart group with the System Integrity Protection criteria.
XProtect Definitions Version	macOS 10.9 or later Jamf Pro 9.100.0 or later	XProtect is Apple's built-in anti-malware functionality enabled by default on computers. Malware definition updates arrive through Apple's normal software update process. To view this setting in macOS, navigate to Apple menu > System Preferences… > App Store. Ensure the Install system data files and security updates checkbox is selected.	The following reporting capabilities are available for XProtect: View the version of XProtect Definitions installed on a computer. To view the current version, navigate to the Security category in inventory information for a computer. Create an advanced computer search with the XProtect Definitions Version criteria. Create a smart group with the XProtect Definitions Version criteria.