Jamf Blog

March 31, 2022 by Thijs Xhaflaire

How-to: Streamline Device Lifecycle Management with Jamf Pro

Jamf Pro

Learn how to automate and improve your Apple device lifecycle management with this step-by-step guide from Amsterdam-based Thijs Xhaflaire, a consulting engineer on identity and management for Jamf.

Many organizations handle lifecycle management of their managed devices manually or from an Excel list or through a configuration management database (CMDB).

But it is possible to automate many of these steps with Jamf Pro and reduce questions about device lifecycle management for not only the Mac admin, but the end user as well.

This blog discusses the options for Apple device management in Jamf Pro for both macOS and iOS/iPadOS devices.

How to use Self Service for Apple device lifecycle management

As you may know, Jamf Self Service can eliminate many tasks or questions for IT related to the MacBook lifecycle. By following the below guide, employees curious about when their MacBook needs replacing can get the answer from a simple button in Self Service.

This blog post explains how to feed Jamf Pro with purchasing and warranty data to enable lifecycle management within Jamf Pro.

There are also many Jamf Marketplace integrations available which can be used to post data to services like ServiceNow or Jira Servicedesk to automate Apple device lifecycle management from those tools.

We encourage you to learn to think out of the box. With Jamf Pro you can be incredibly creative — you don't have to focus on the tools we show here; you can also combine other tools with Jamf Pro to help simplify your IT administration.

Self Service initiated workflow with Jamf Pro.

Automated workflow with Jamf Pro and PowerAutomate
for streamlining device management of mobile devices.

Instructions

Step-by-step guide:

Feed Jamf Pro with purchasing and warranty data with Inventory Preload
Build automated reports in Jamf Pro and optional email
macOS: Display hardware expiration date through Self Service
macOS: End-user experience in Self Service
Mobile device: Notify user when device is ready for replacement with Jamf Pro and Microsoft PowerAutomate

1. Feed Jamf Pro with purchasing and warranty data with inventory preload

There are multiple ways to upload data to Jamf Pro for the devices that are enrolled or going to be enrolled. The most used feature for this is inventory preload, which allows you to pre-upload data either by uploading a .CSV template, or by feeding data through the API endpoint /v2/inventory-preload/records.

Below is the .CSV route, but with either method the end result is the same.

Step 1:

Download the CSV template from your Jamf Pro instance under Settings → Global Management → Inventory Preload. With the button on the bottom, download the template.

Step 2:

Populate the template with data as shown below. Save as a comma separated-values (CSV) file, with dates in the YYYY-MM-DD format.

Upload the file to Jamf Pro.

API example for creating records.

curl --request POST \ --url https://yourserver.jamfcloud.com/api/v2/inventory-preload/records \ --header 'Accept: application/json' \ --header 'Content-Type: application/json' \ --data ' { "extensionAttributes": [ { "name": "EA Hardware Expiration Date", "value": "2022-12-04" }, { "name": "EA Purchase Date", "value": "2018-12-04" }, { "name": "EA Warranty Expirations", "value": "2019-12-04" } ], "serialNumber": "C02DAEEA8J1", "deviceType": "Computer", "poNumber": "21004444" } '

2. Build automated reports in Jamf Pro and optional email

After entering PO/hardware/warranty data into Jamf Pro, we can create advanced searches or smart groups based on these criteria to automate lifecycle management.

While this example is for computers, the same flow can be used for advanced mobile device searches. The same workflow can also be applied to create reports and searches showing devices with expired warranties for warranty lifecycle management.

*Requires SMTP to be configured on the Jamf Pro Server. Read our documentation for more info.

Step 1:

Create an advanced computer search.

Step 2:

For criteria choose PO Date, which is a default identifier in Jamf Pro, or use a custom extension attribute if you used one for populating this data. In this example we determine that a device needs to be replaced after 365 days.

Select the display tab and enable the fields that you want to have included in the report.

Step 3:

Select the reports tab to create and send email report to any IT admin.

Save report.

Example report:

3. macOS: Display hardware expiration date and warranty date through Self Service

In this example, we deploy computer configuration profiles with a custom preference domain to deploy data from Jamf Pro locally to the computer. We use variables like EXTENSIONATTRIBUTE_33 to deploy the values to a custom domain on the device.

From a security point of view, there are several reasons why you do not want to use the Jamf Pro API for pushing this information down locally to the computer. As the information we use is static and does not often change, we can use this method to deploy the values locally to the computer. (Profiles need to be re-deployed once purchasing and warranty information is updated.)

Step 1:

Create the following computer extension attributes in Jamf Pro.

Settings → Computer Management - Management Framework → Extension Attributes → +new

Step 2:

Upload the following JSON manifest to Jamf Pro:

Custom Applications and Settings → External Applications → Custom Schema → Preference Domain com.custom.warranty

{ "title": "com.custom.warranty", "description": "This domain can be used to distribute values from Jamf Pro locally to the computer for using within scripts and avoid API calls", "properties": { "ExtensionAttributeWarranty": { "title": "Warranty Extension Attribute Number", "description": "The EA number of the software warranty", "property_order": 5, "anyOf": [ { "type": "null", "title": "Not Configured" }, { "title": "Configured", "type": "string" } ] }, "ExtensionAttributeHardwareExpiry": { "title": "Hardware Expiration Extension Attribute Number", "description": "The EA number of the hardware expiration", "property_order": 10, "anyOf": [ { "type": "null", "title": "Not Configured" }, { "title": "Configured", "type": "string" } ] } } }

Step 3:

Populate the identifiers with $EXTENSIONATTRIBUTE_NUMBER and deploy the config profile to either all your devices or based on a smart group that filters on devices that have data in the extension attributes.

This example uses numbers 33 and 35. When creating your extension attribute, you can check the value in the URL.

To verify, you can check if the values are readable on the device with the profile scoped.

Step 4:

Upload the following script to Jamf Pro that does not use the API to retrieve the data, but instead uses the locally stored values in the /Library/Managed Preferences/com.custom.warranty.plist

When uploading the script, for ease of use give the parameters a proper name.

#!/bin/bash ## Variables ## plistlocation="/Library/Managed Preferences/com.custom.warranty.plist" ## General section ##### # Display computer name runCommand=$( /usr/sbin/scutil --get ComputerName ) computerName="Computer Name: $runCommand" # Display serial number runCommand=$( /usr/sbin/system_profiler SPHardwareDataType | /usr/bin/grep "Serial Number" | /usr/bin/awk -F ": " '{ print $2 }' ) serialNumber="Serial Number: $runCommand" ## Display Management Server runCommand=$(/usr/bin/defaults read /Library/Preferences/com.jamfsoftware.jamf.plist 2>/dev/null jss_url) JamfProURL="Jamf Pro URL: $runCommand" ## Retrieve Warranty Information from com.custom.warranty.plist if [[ -e "$plistlocation" ]]; then WarrExpDate=$(defaults read "${plistlocation}" "ExtensionAttributeWarranty" 2>&1) warranty="Mac's Warranty Expiration Date is: $WarrExpDate" else warranty="Mac's Warranty Expiration could not be found" fi ## Retrieve Hardware Information from com.custom.warranty.plist if [[ -e "$plistlocation" ]]; then HardwareExpDate=$(defaults read "${plistlocation}" "ExtensionAttributeHardwareExpiry" 2>&1) Hardwarewarranty="Mac's Hardware Expiration Date: $HardwareExpDate" else Hardwarewarranty="Mac's Hardware Expiration date could not be found" fi ## Format information ##### displayInfo="---------------------------------------------- GENERAL $computerName $serialNumber $JamfProURL $warranty $Hardwarewarranty ---------------------------------------------- SUPPORT If your Mac hardware is faulty and still within warranty, please report it to Office Automation as soon as possible so we can have it repaired under warranty. It is also possible that your Mac is eligible for a replacement program in case of a defect, you can check this by pressing the button below. The Hardware Expiration Date is the date your Mac has passed his lifetime of 4 years. TEL: +31612345678 MAIL: support@macdude.dev ----------------------------------------------" ## Display information to end user ##### runCommand="button returned of (display dialog \"$displayInfo\" with title \"Warranty Information\" with icon file posix file \"/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/com.apple.macbookpro-15-retina-touchid-space-gray.icns\" buttons {\"Check Repair Programs\", \"OK\"} default button {\"OK\"})" clickedButton=$( /usr/bin/osascript -e "$runCommand" ) ## Run additional commands ##### if [ "$clickedButton" = "Check Repair Programs" ]; then # open a remote support application /usr/bin/open "https://www.apple.com/support/exchange_repair/" fi

Step 5:

Create a Jamf Pro Policy with the following:

Trigger: None
Execution Frequency: Ongoing
Scope: To all computers or smart group to devices with have warranty/hardware dates

Add the script and enter the encrypted variables for the API user account.

Step 6:

Make the policy enabled for Self Service and add your custom text and icons.

4. macOS: End-user experience

Step 1:

End users can use Self Service of Mac warranty lookup. User navigates to Self Service as a one-stop shop for everything, including an item to show the device warranty expiration and hardware expiration. This reduces requests to IT asking if the device is still in warranty and when the device is ready for replacement.

Step 2:

When user selects the button they receive the following output. If they select Check Repair Programs they are redirected to Apple's website.

5. Mobile device: Notify user when device is ready for replacement with Jamf Pro and Microsoft PowerAutomate

Unfortunately, we do not have the same options for mobile devices as we have for computers. For computers we can run scripts or trigger other actions with Jamf Pro Policies to make the user aware their device is end of life.

For mobile devices we need to be a little more creative. In this example, we still use the PO/warranty/hardware data we uploaded in Step 1, but use smart groups, webhooks and Microsoft PowerAutomate to streamline device lifecycle management. You can also use many other tools for notifying the end user, like TORQ, Okta Workflows or Zapier.

This example shows how to send automated emails to the end user and IT if the user has chosen to have the device replaced. This could also send direct messages to MS Teams, or interact with chatbots if created in Azure.

Step 1:

If you followed Step 1 regarding uploading data via inventory preload, you already have the data for the mobile devices.

Now create two mobile device extension attributes.

Navigate in Jamf Pro to Settings → Device Management → Extension Attributes and create the extension attributes as shown.

Step 2:

Now we need to create a mobile device smart group as shown in the example.

This example shows 365 days for having devices expired, or one year.

Step 3:

Now we need to create a Flow in Microsoft Flow. For step-by-step directions, refer to How-to: Send Webhooks from Jamf Pro to Microsoft Teams with PowerAutomate.

Save the HTTP POST URL you get by saving the flow; we need this later.

Use the following as example PAYLOAD data to generate the scheme.

{ "webhook": { "id": 9, "name": "Microsoft PowerAutomate: Notify when Mobile Device is ready for replacement", "webhookEvent": "SmartGroupMobileDeviceMembershipChange", "eventTimestamp": 1643022004032 }, "event": { "name": "Inventory: Mobile Device that needs replacement", "smartGroup": true, "groupAddedDevicesIds": [ 1 ], "groupRemovedDevicesIds": [], "groupAddedDevices": [ { "udid": "00008020-00056D263C61402E", "deviceName": "iOS-DGFP8J3GLGD", "version": "15.2.1", "model": "iPad11,6", "bluetoothMacAddress": null, "wifiMacAddress": "34:31:8F:A9:39:86", "imei": "", "icciID": "", "product": null, "serialNumber": "DGFP8J3GLGD", "userDirectoryID": "-1", "room": "", "osVersion": "15.2.1", "osBuild": "19C63", "modelDisplay": "iPad 8th generation (Wi-Fi)", "username": "thijs.xhaflaire@macdude.dev", "jssID": 1, "ipAddress": "62.238.253.93", "lastInventoryUpdate": "Today at 4:07 AM", "emailAddress": "thijs.xhaflaire@macdude.dev", "purchaseDate": "2018-12-04", "displayName": "iOS-DGFP8J3GLGD", "poDate": "2018/12/04 at 12:00 AM", "iOSVersion": "15.2.1", "warrantyExpiration": "2019/12/04 at 12:00 AM", "fullName": "Thijs Xhaflaire", "warrantyExpirations": "2019-12-04" } ], "groupRemovedDevices": [], "jssid": 34, "computer": false } }

Step 4:

Create the webhook in Jamf Pro. Navigate to Settings → Global Management → Webhooks and create as shown below. Choose the smart group created during Step 2.

Enter the HTTP POST URL saved from MS PowerAutomate.
Write down the ID of the webhook, found in the URL bar on top of your browser.

Step 5:

We need to modify the webhook with the API to include more data in the JSON output.

Use the following code. Enter your Jamf Pro server URL and a bearer token with valid permissions to edit webhooks.

curl --location --request PUT 'https://yourJSS.jamfcloud.com/JSSResource/webhooks/id/9' \ --header 'Accept: application/xml' \ --header 'Content-Type: application/xml' \ --header 'Authorization: Basic YWRtaaiiwEEklKWIjLAJIIlEIJFALekkktOWNvd3hlLWplZnhlaA==' \ --data-raw '<webhook> <enable_display_fields_for_group_object>true</enable_display_fields_for_group_object> <display_fields> <display_field> <name>Display Name</name> </display_field> <display_field> <name>iOS Version</name> </display_field> <display_field> <name>Last Inventory Update</name> </display_field> <display_field> <name>Full Name</name> </display_field> <display_field> <name>Email Address</name> </display_field> <display_field> <name>Username</name> </display_field> <display_field> <name>Purchase Date</name> </display_field> <display_field> <name>Warranty Expirations</name> </display_field> <display_field> <name>PO Date</name> </display_field> <display_field> <name>Warranty Expiration</name> </display_field> </display_fields> </webhook>'

Step 6:

The result: when the purchase date of a device is longer ago then X number of days, device is added to a smart group, which triggers a webhook to send relevant data to Microsoft PowerAutomate. Automate sends a ready for replacement email to the end user. If the end user opts to replace the device, a secondary email is sent to IT.

Thijs Xhaflaire

Jamf

Thijs Xhaflaire, Consulting Engineer, Security

Previous Blog Post:
Prev
Improving work-life balance through TRUCE’s contextual solutions Blog Homepage
Next Blog Post:
Next
G2 rates Jamf number one in Spring 2022 Report

Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

Email Address (Work)

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.

How-to: Streamline Device Lifecycle Management with Jamf Pro

How to use Self Service for Apple device lifecycle management

Instructions

Step-by-step guide:

1. Feed Jamf Pro with purchasing and warranty data with inventory preload

2. Build automated reports in Jamf Pro and optional email

3. macOS: Display hardware expiration date and warranty date through Self Service

4. macOS: End-user experience

5. Mobile device: Notify user when device is ready for replacement with Jamf Pro and Microsoft PowerAutomate

Jamf Security Series: Securely managing Apple through a device lifecycle

Mac admins managing iPads? We got you covered.