Jamf Pro 10.33: Account-driven user enrollment, Azure AD integration updates and more!

The latest version of Jamf Pro (10.33) includes Account-driven user enrollment, updates to the Azure AD integration, enhancements to Recovery Lock, the ability to search for software titles in Title Editor, and more.

Account-driven User Enrollment

At WWDC, this year, Apple announced a new method for BYOD for iOS and iPadOS devices that streamlines the user enrollment onboarding process and focuses on providing corporate access to BYO users while maintaining user privacy on their personal device. In this new workflow, when a user enrolls their personal device, they no longer need to find their organization's enrollment URL to start the process and instead use a method that is consumer-simple and familiar to how other accounts are added within the Settings app on the device.

Here is the specific workflow for the user on their iOS/iPadOS device:

Settings App > General > VPN & Device Management > enter Managed Apple ID > Continue. Once a user types in their directory username and password, they are asked to Allow Remote Management, which downloads the MDM profile to the device.

This workflow mitigates the process to manually go into Safari and type in the authentication URL, easing the user experience while also eliminating potential security risks by clicking on an enrollment URL link.

The Account-driven user enrollment workflow removes a major barrier to BYO enrollment: separating personal and corporate data. It keeps data separate by associating a Personal Apple ID with personal data and a Managed Apple ID with corporate data.

Azure Active Directory

Jamf Pro 10.19 introduced Azure Single Sign-On integration and later in Jamf Pro 10.27 added the ability to integrate with Azure for user/groups lookups, authentication and scoping. Jamf Pro 10.33 enhances group lookups by adding Transitive membership lookups. This effectively means a user no longer needs to be a direct member of a group scoped to an app, configuration profile or policy, but can instead be a member of a subgroup embedded in the scoped group. Nesting groups in directory services is a common administrative management task.

Recovery Lock Password Rotation

To enhance the security of the Recovery Lock password, admins can configure Jamf Pro to rotate the Recovery Lock password after the password is viewed in Jamf Pro. Password rotation applies to passwords that are randomly generated by Jamf Pro and the default rotation period is 60 minutes.

Patch title filter option

When patch reporting first released in Jamf Pro, we had only a few patch titles for admins to search through. Since then, Jamf Pro offers a list of 800+ software titles and finding a specific patch title had become cumbersome as admins had to manually scroll to find the title. Now, with the release of Jamf Pro 10.33, admins have the option to search for software titles with the filter mechanism. This feature will improve the admin's workflow when looking for software titles by eliminating the need to scroll through the 800+ titles available.

Jamf Imaging Note

Support for Jamf Imaging has been discontinued. The intent to sunset Jamf Imaging has been communicated for a while now, but with Jamf Pro 10.33, Jamf will no longer distribute Jamf Imaging as part of the Jamf Pro .dmg file. If you have imaging configurations with Jamf Pro, you’ll need to remove those imaging configurations as soon as possible.

Unified Endpoint Management Connector (UEMC)

We are excited to announce the release of Unified Endpoint Management Connector or UEM Connector which is an integration between Jamf Threat Defense, Jamf Private Access and Jamf Data Policy and Jamf Pro for iOS/iPadOS only. UEM Connector is a bi-directional information exchange that shares device, user and app data between solutions and based on that information, threat detections can then trigger events in Jamf Pro.

This is the first step in advancing the integration of Wandera into our portfolio of solutions, enabling and simplifying IT admin tasks for device, app and user group management, while extending these capabilities with robust threat defense, data analytics and policy controls that are applied within the network. Learn More about Jamf’s UEMC