Jamf Connect Deployment and Updates

Depending on whether you are deploying to existing computers that are already enrolled in Jamf Pro or new computers via Automated Device Enrollment, you can use one of the following deployment methods:

Existing Computers—
Configure deployment and update settings to automatically deploy the Jamf Connect package to computers in the scope of your configuration profiles.
New Computers—
Create a PreStage enrollment with the Jamf Connect package and any additional custom files and images required for deployment settings. To ensure your package of custom files and the Jamf Connect package install in the correct order during Automated Device Enrollment, manually uploading the Jamf Connect package to Jamf Pro and including it as an enrollment package is recommended.
Once enrollment is complete, you can use the Jamf Connect update settings for configuration profiles to manage subsequent updates.

Keep the following in mind when configuring deployment and upgrades for Jamf Connect.

If a computer is in the scope of multiple configuration profiles, such as separate configuration profiles for the login window and menu bar app, Jamf Pro uses the most proactive update type for computers in scope of both profiles.
You cannot configure automatic updates to complete major updates (e.g., 1.19.3 to 2.0.0 or later). To complete a major upgrade for Jamf Connect, use a policy.
This feature cannot be used to downgrade the Jamf Connect version on computers.

Configuring Jamf Connect Deployment and Update Settings

You can configure Jamf Pro to deploy Jamf Connect to existing computers and automatically update the version as new releases become available. To do so, you must assign deployment and update settings to an existing configuration profile in Jamf Pro that has Jamf Connect settings. Jamf Pro will install and update computers in the scope of the configuration profile accordingly.

This deployment method is recommended for the following scenarios:

Deploying Jamf Connect for the first time to computers that are already enrolled in Jamf Pro.
Managing automatic update settings for existing computers that already have Jamf Connect installed.

Requirements

Jamf Pro 10.30.0 or later
One or more Jamf Connect configuration profiles in Jamf Pro.

In Jamf Pro, click Settings in the top-right corner of the page.
Click Jamf Applications.
Click Jamf Connect .
Next to the configuration profile with the Jamf Connect settings you want to deploy, click Edit.
Choose a version of Jamf Connect to deploy from the Version pop-up menu.

Note:
If a computer in the scope of the configuration profile already has a previous version of Jamf Connect installed, Jamf Pro will update that computer to the chosen version.
Choose one of the following options from the Update Type pop-up menu to manage future updates:
- Maintenance—Automatically deploy maintenance (e.g., 1.0.1) updates to computers in scope.
- Minor & Maintenance—Automatically deploy minor and maintenance (e.g., 1.1.0 and 1.0.1) updates to computers in scope.
- Manual—
  Only deploy the chosen version to computers in scope and do not automatically deploy future updates.
- None—Only deploy the chosen version to computers in scope that do not already have Jamf Connect installed. Computers that already have a version of Jamf Connect installed will not receive any updates.
Click Confirm.

Jamf Pro deploys the chosen version of Jamf Connect when computers in the scope of the configuration profile check in and updates them accordingly as new releases become available.

Deploying Jamf Connect using a Jamf Pro PreStage Enrollment

You can use a PreStage enrollment to deploy your Jamf Connect package, configuration profiles, and packages of custom files and images.

Requirements

Integrate Jamf Pro with Automated Device Enrollment.

For more information, see the Integrating with Automated Device Enrollment section in the Jamf Pro Administrator's Guide.
Upload the Jamf Connect package and the custom files package to Jamf Pro.

For more information, see Packaging Files and Images with Composer.
Create or upload computer configuration profiles for Jamf Connect.

For more information, see Creating a Configuration Profile using Jamf Pro.

In Jamf Pro, click Computers at the top of the sidebar.
Click PreStage Enrollments.
Click New .

Configure the following PreStage Enrollment payloads:


Payload	Settings
General	Configure basic settings for the PreStage enrollment and customize the user experience of the Setup Assistant. Note: To ensure Jamf Connect is installed before the login window loads, do not skip all the Setup Assistant steps. Selecting one or more steps (e.g., Privacy) is recommended. If your Jamf Pro environment requires authentication from an LDAP server, select Require Authentication. If you are using Enrollment Customization configuration to enroll users and create local accounts with Jamf Connect, add your pre-configured Enrollment Customization configuration. For more information about using Enrollment Customization with Jamf Connect, see the Managing Jamf Connect and Enrollment Customization with Jamf Pro technical paper.
Account Settings	Select Create a local administrator account before the Setup Assistant and configure the credentials to be used for the local administrator account. Select Skip Account Creation. Jamf Connect will create a local user account on the computer. Note: Jamf Connect does not create an MDM-enabled local user account. For more information, see the Enabling MDM for Local User Accounts Knowledge Base article.
Configuration Profiles	Select the configuration profiles you created for Jamf Connect.
Enrollment Packages	Select the Jamf Connect PKG and the PKG with your custom files that you previously uploaded to your Jamf Pro cloud distribution point. Note: Packages with higher priority install first. Multiple packages with the same priority install in alphabetical order based on the package name.

Click the Scope tab and configure the scope.

The computers listed on the Scope tab are the computers that are associated with Automated Device Enrollment via the server token file (.p7m) you downloaded from Apple. You can use the Select All button to add all associated computers to the scope. This adds all computers associated with Automated Device Enrollment via the server token file regardless of any results that have been filtered using the Filter Results search field. The Unselect All button removes all associated computers from the scope.

Note:
If you want to automatically add computers to the scope as they become associated with the Automated Device Enrollment instance, select the Automatically assign new devices checkbox in the General payload.
Click Save .

Computers in the scope will now be enrolled using the PreStage enrollment.

Best Practice:

Removing Enrollment-Only Settings in Jamf Connect

Best practice workflows cover common scenarios; however, the following recommendations may not apply in your environment.

If you configured Jamf Connect settings that should only be used during enrollment in a separate configuration profile (e.g., Notify and Acceptable Use Policy screens), you can remove computers from the configuration profile scope after enrollment is complete. This ensures these settings are not used after enrollment.

Create a smart computer group that includes all computers that have completed enrollment and account creation with Jamf Pro and Jamf Connect.
For your separate Jamf Connect configuration profile that includes enrollment-only settings, configure the scope to exclude the smart group created in step 1.

Computers that complete enrollment will be added to the smart group. The Jamf Connect Notify and Acceptable use policy screen settings are removed from computers when they are removed from the scope of the configuration profile.

Jamf Connect Updates

When a new version of Jamf Connect becomes available, Jamf Pro automatically updates computers in the scope of your configuration profiles using the chosen Update Type setting.

Unless a new version of Jamf Connect introduces new settings that you want to configure, you do not need to update your Jamf Connect configuration profiles.

Keep the following in mind when configuring automatic updates for Jamf Connect:

If a computer is in the scope of multiple configuration profiles, such as separate configuration profiles for the login window and menu bar app, Jamf Pro uses the most proactive update type for computers in scope of both profiles.
You cannot configure automatic updates to complete major updates (e.g., 1.19.3 to 2.0.0 or later). To complete a major upgrade for Jamf Connect, use a policy.
This feature cannot be used to downgrade the Jamf Connect version on computers.

The following update types can be configured:

Maintenance—Automatically deploy maintenance (e.g., 1.0.1) updates to computers in scope.
Minor & Maintenance—Automatically deploy minor and maintenance (e.g., 1.1.0 and 1.0.1) updates to computers in scope.
Manual—
Only deploy the chosen version to computers in scope and do not automatically deploy future updates.
None—Only deploy the chosen version to computers in scope that do not already have Jamf Connect installed. Computers that already have a version of Jamf Connect installed will not receive any updates.

Example:

Deploy the latest version of Jamf Connect and automatically deploy future updates.

Example:

Only deploy a specific version of Jamf Connect to computers and do not automatically deploy future updates.

Example:

If you choose to deploy a previous version of Jamf Connect and simultaneously choose an update type that would immediately trigger Jamf Pro to update to a newer version, the following error displays:
If you choose to deploy a version of Jamf Connect that is older than the currently installed version, the following error displays: