Learn how to automate and improve your Apple device lifecycle management with this step-by-step guide from Amsterdam-based Thijs Xhaflaire, a consulting engineer on identity and management for Jamf.
Many organizations handle lifecycle management of their managed devices manually, or from an Excel list or through a configuration management database (CMDB.)
But it is possible to automate many of these steps with Jamf Pro, and reduce questions about device lifecycle management for not only the Mac admin, but the end user as well.
This blog discusses the options for Apple device management in Jamf Pro for both macOS and iOS/iPadOS devices.
Self Service and automated notifications
As you may know, Jamf Self Service can eliminate many tasks or questions for IT. By following the below guide, employees curious about when their MacBook needs replacing can get the answer from a simple button in Self Service.
This blog post explains how to feed Jamf Pro with purchasing and warranty data to enable lifecycle management within Jamf Pro.
There are also many Jamf Marketplace integrations available which can be used to post data to services like ServiceNow or Jira Servicedesk to automate the lifecycle management from those tools.
We encourage you to learn to think out of the box. With Jamf Pro you can be incredibly creative - you don't have to focus on the tools we show here, you can also combine other tools with Jamf Pro to help simplify your IT administration.
Self Service initiated workflow with Jamf Pro.
Automated workflow with Jamf Pro and PowerAutomate for streamlining device management of mobile devices.
Instructions
Step-by-Step Guide:
Feed Jamf Pro with purchasing and warranty data with Inventory Preload
Build automated reports in Jamf Pro and optional email
macOS: Display hardware expiration date through Self Service
macOS: End user experience in Self Service
Mobile Device: Notify user when device is ready for replacement with Jamf Pro and Microsoft PowerAutomate
1. Feed Jamf Pro with purchasing and warranty data with inventory preload
There are multiple ways to upload data to Jamf Pro for the devices that are enrolled or going to be enrolled. The most used feature for this is inventory preload, which allows you topre-upload data either by uploading a .CSV template, or by feeding data through the API endpoint /v2/inventory-preload/records.
Below is the .CSV route, but with either method the end result is the same.
Step 1:
Download the CSV template from your Jamf Pro instance under Settings -> Global Management -> Inventory Preload. On the bottom select Download Template
Step 2:
Populate the Template with data as shown below. Save as a Comma Separated (CSV) file, with dates in the YYYY-MM-DD format.
2. Build automated reports in Jamf Pro and optional email
After entering PO/Hardware/Warranty data into Jamf Pro, we can create advanced searches or smart groups based on these criteria to automate lifecycle management.
While this example is for computers, the same flow can be used for advanced mobile device searches. The same workflow can also be applied to create reports and searches showing devices with expired warranties.
*Requires SMTP to be configured on the Jamf Pro Server, check out the Docs.
Step 1:
Create an advanced computer search.
Step 2:
For criteria choose PO Date which is a default identifier in Jamf Pro, or use a custom extension attribute if you used one for populating this data. In this example we determine that a device needs to be replaced after 365 days.
Select display tab and enable the fields that you want to have included in the report.
Step 3:
Select reports tab to create and send email report to any IT admin.
Save report.
Example Report
3. macOS: Display hardware expiration date and warranty date through Self Service
In this example, we deploy computer configuration profiles with a custom preference domain to deploy data from Jamf Pro locally to the computer. We use variables like EXTENSIONATTRIBUTE_33 to deploy the values to a custom domain on the device.
From a security point of view, there are several reasons why you do not want to use the Jamf Pro API for pushing this information down locally to the computer. As the information we use is static and does not often change, we can use this method to deploy the values locally to the computer. (Profiles need to be re-deployed once purchasing and warranty information is updated.)
Step 1:
Create the following computer extension attributes in Jamf Pro.
{
"title": "com.custom.warranty",
"description": "This domain can be used to distribute values from Jamf Pro locally to the computer for using within scripts and avoid API calls",
"properties": {
"ExtensionAttributeWarranty": {
"title": "Warranty Extension Attribute Number",
"description": "The EA number of the software warranty",
"property_order": 5,
"anyOf": [
{
"type": "null",
"title": "Not Configured"
},
{
"title": "Configured",
"type": "string"
}
]
},
"ExtensionAttributeHardwareExpiry": {
"title": "Hardware Expiration Extension Attribute Number",
"description": "The EA number of the hardware expiration",
"property_order": 10,
"anyOf": [
{
"type": "null",
"title": "Not Configured"
},
{
"title": "Configured",
"type": "string"
}
]
}
}
}
Step 3:
Populate the identifiers with $EXTENSIONATTRIBUTE_NUMBER and deploy the Config Profile to either all your devices or based on a smart group that filters on devices that have data in the extension attributes.
This example uses numbers 33 and 35. When creating your extension attribute, you can check the value in the URL.
To verify, you can check if the values are readable on the device with the profile scoped.
Step 4:
Upload the following script to Jamf Pro that does not use the API to retrieve the data, but instead uses the locally stored values in the /Library/Managed Preferences/com.custom.warranty.plist
When uploading the script, for ease of ease give the parameters a proper name.
#!/bin/bash
## Variables ##
plistlocation="/Library/Managed Preferences/com.custom.warranty.plist"
## General section #####
# Display computer name
runCommand=$( /usr/sbin/scutil --get ComputerName )
computerName="Computer Name: $runCommand"
# Display serial number
runCommand=$( /usr/sbin/system_profiler SPHardwareDataType | /usr/bin/grep "Serial Number" | /usr/bin/awk -F ": " '{ print $2 }' )
serialNumber="Serial Number: $runCommand"
## Display Management Server
runCommand=$(/usr/bin/defaults read /Library/Preferences/com.jamfsoftware.jamf.plist 2>/dev/null jss_url)
JamfProURL="Jamf Pro URL: $runCommand"
## Retrieve Warranty Information from com.custom.warranty.plist
if [[ -e "$plistlocation" ]]; then
WarrExpDate=$(defaults read "${plistlocation}" "ExtensionAttributeWarranty" 2>&1)
warranty="Mac's Warranty Expiration Date is: $WarrExpDate"
else
warranty="Mac's Warranty Expiration could not be found"
fi
## Retrieve Hardware Information from com.custom.warranty.plist
if [[ -e "$plistlocation" ]]; then
HardwareExpDate=$(defaults read "${plistlocation}" "ExtensionAttributeHardwareExpiry" 2>&1)
Hardwarewarranty="Mac's Hardware Expiration Date: $HardwareExpDate"
else
Hardwarewarranty="Mac's Hardware Expiration date could not be found"
fi
## Format information #####
displayInfo="----------------------------------------------
GENERAL
$computerName
$serialNumber
$JamfProURL
$warranty
$Hardwarewarranty
----------------------------------------------
SUPPORT
If your Mac hardware is faulty and still within warranty, please report it to Office Automation as soon as possible so we can have it repaired under warranty.
It is also possible that your Mac is eligible for a replacement program in case of a defect, you can check this by pressing the button below.
The Hardware Expiration Date is the date your Mac has passed his lifetime of 4 years.
TEL: +31612345678
MAIL: support@macdude.dev
----------------------------------------------"
## Display information to end user #####
runCommand="button returned of (display dialog \"$displayInfo\" with title \"Warranty Information\" with icon file posix file \"/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/com.apple.macbookpro-15-retina-touchid-space-gray.icns\" buttons {\"Check Repair Programs\", \"OK\"} default button {\"OK\"})"
clickedButton=$( /usr/bin/osascript -e "$runCommand" )
## Run additional commands #####
if [ "$clickedButton" = "Check Repair Programs" ]; then
# open a remote support application
/usr/bin/open "https://www.apple.com/support/exchange_repair/"
fi
Step 5:
Create a Jamf Pro Policy with the following:
Trigger: None Execution Frequency: Ongoing Scope: to All Computers or smart group to devices with have warranty/hardware dates
Add the script and enter the encrypted variables for the API user account.
Step 6:
Make the policy enabled for Self Service and add your custom text and icons.
4. macOS: End-user experience
Step 1:
User navigates to Self Service as a one-stop shop for everything, including an item to show the device warranty expiration and hardware expiration. This reduces requests to IT asking if the device is still in warranty and when the device is ready for replacement.
Step 2:
When user selects the button they receive the following output. If they select Check Repair Programs they are redirected to Apple's website.
5. Mobile Device: Notify user when device is ready for replacement with Jamf Pro and Microsoft PowerAutomate
Unfortunately, we do not have the same options for mobile devices as we have for computers. For computers we can run scripts or trigger other actions with Jamf Pro Policies to make the user aware their device is end of life.
For mobile devices we need to be a little more creative. In this example, we still use the PO/Warranty/Hardware data we uploaded in Step 1, but use smart groups, webhooks and Microsoft PowerAutomate to streamline device lifecycle management. You can also use many other tools for notifying the end user, like TORQ, Okta Workflows or Zapier .
This example shows how to send automated emails to the end user and IT if the user has chosen to have the device replaced. This could also send direct messages to MS Teams, or interact with Chat Bots if created in Azure.
Step 1:
If you followed Step 1 regarding uploading data via inventory preload, you already have the data for the mobile devices.
Now create two mobile device extension attributes.
Navigate in Jamf Pro to Settings → Device Management → Extension Attributes and create the extension attributes as shown.
Step 2:
Now we need to create a mobile device smart group as shown in the example.
This example shows 365 days for having devices expired, or one year.
Create the webhook in Jamf Pro. Navigate to Settings → Global Management → Webhooks and create as shown below. Choose the smart group created during Step 2.
Enter the HTTP POST URL saved from MS PowerAutomate. Write down the ID of the webhook, found in the URL bar on top of your browser.
Step 5:
We need to modify the webhook with the API to include more data in the JSON output.
Use the following code. Enter your Jamf Pro server URL and a bearer token with valid permissions to edit webhooks.
The result: when the purchase date of a device is longer ago then X number of days, device is added to a smart group, which triggers a webhook to send relevant data to Microsoft PowerAutomate. Automate sends a ready for replacement email to the end user. If the end user opts to replace the device, a secondary mail is sent to IT.