Recovery Lock Enablement in macOS Using the Jamf Pro API
You can use the Jamf Pro API 10.32.x or later to execute the Set Recovery Lock
MDM command to enable Recovery Lock. The process involves the following steps using the Jamf Pro API:
Obtaining the management ID of target computers
Sending the
Set Recovery Lock
MDM command to target computers
You can also include the newPassword
key to set or clear the Recovery Lock password that is used to unlock the computer. The Recovery Lock password is stored in Jamf Pro. For more information about Recovery Lock, see "recoveryOS password" in Startup security in macOS in Apple Platform Deployment.
Obtaining the Management ID
curl --location --request GET 'https://YOUR_JAMF_PRO_URL/api/preview/computers' --header 'Authorization: Bearer YOUR_BEARER_TOKEN'
The response contains information about the computer, including the management ID.
| Retrieves a specified page in the response |
| Increases the number of computers contained in each page of the response. The maximum number is 2000. |
curl --location --request GET 'https://YOUR_JAMF_PRO_URL/api/preview/computers?page=2&page-size=2000' --header 'Authorization: Bearer YOUR_BEARER_TOKEN'
This response will return the second page of computers. Each page lists 2,000 computers.
Sending the Set Recovery Lock MDM command
For security reasons, Jamf does not recommend running scripts that contain user or API credentials from managed computers.
A management ID for target computers
curl --location --request POST 'https://JAMF_PRO_URL/api/preview/mdm/commands' \
--header 'Authorization: Bearer JAMF_PRO_AUTH_TOKEN' \
--header 'Content-Type: application/json' \
--data-raw '{
"clientData": [
{
"managementId": "A9C3D1F0-DCB2-4D52-84C6-D5AD60140B04",
"clientType": "COMPUTER"
}
],
"commandData": {
"commandType": "SET_RECOVERY_LOCK",
"newPassword": "password"
}
}'
To clear the password instead of set the password, set the newPassword
key to an empty string.
The Recovery Lock is immediately set on target computers and the password is stored in Jamf Pro.