What's new in Jamf Pro 11.9

Jamf releases Jamf Pro 11.9!

In this blog, you will learn about how the new features and functionalities included in the Jamf Pro 11.9 release.

September 3 2024 by

Sean Smith

Grouping of Jamf admins releasing light-filled kites celebrating the release of Jamf Pro 11.1

The Jamf Pro 11.9 release adds new controls for Apple Intelligence features, supports Automated Device Enrollment for Apple Vision Pro, offers compatibility with the latest Apple operating systems (OS) and much more, based on testing with the latest Apple beta releases.

Are you more of a visual learner? Watch a video about the Jamf Pro 11.9 release.

Compatibility with Apple operating systems

Compatibility means Apple admins can upgrade Apple devices without breaking management or security workflows — like reporting inventory, distributing applications, running policies and more. It starts with management and security vendors aligning with Apple’s direction and vision of innovative workflows. It continues when those vendors develop alongside Apple’s foundational technology to ensure organizations of all sizes aren’t left behind.

Old software is generally less secure software, so when organizations can update its base operating system as soon as it is released, it makes the entire organization more protected. Compatibility also means that you can actually upgrade. Without it, you cannot take advantage of the most efficient upgrade paths — plus users can experience downtime from breaking workflows. Finally, it means making sure the people IT admins support can adopt the newest client features when they are available. Apple consumers love using the new functionalities each OS release introduces, and the employees admins support are no different.

Jamf Pro 11.9 is compatible with the following operating systems*:

  • macOS Sequoia 15
  • iOS 18
  • iPadOS 18
  • tvOS 18
  • visionOS 2
  • watchOS 11

*Compatibility is based on testing with the latest Apple betas.

New computer and mobile device restrictions

Jamf Pro 11.9 includes new ways to manage Apple features via a computer or mobile device configuration profile*. One of the most highly anticipated features coming to iOS 18, iPadOS 18 and macOS 15 Sequoia is Apple Intelligence. As admins continue to learn about integrating Apple Intelligence at work, some organizations will want to disallow its use. Below are the restrictions Jamf Pro 11.9 supports to disallow Apple Intelligence use and more in the upcoming Apple releases.

Jamf Pro 11.9 can prevent the use of the following macOS 15 features*:

  • Generating images with Apple Intelligence
  • Creating a Genmoji with Apple Intelligence
  • Apple Intelligence writing tools
  • Mirroring on iPhone from a Mac
  • Enable XProtect malware upload, allowing Gatekeeper to prompt users to upload blocked malware to Apple to improve malware detection

On iOS 18 and iPadOS 18*, admins can prevent the use of the following features:

  • Generating text in a user’s handwriting
  • Creating a Genmoji with Apple Intelligence
  • Apple Intelligence writing tools
  • Mirroring on Mac from iPhone
  • The use of Image Playground
  • The use of Image Wand

*Feature support is based on testing with the latest Apple beta releases.

Automated Device Enrollment for Apple Vision Pro

Apple Vision Pro brings spatial computing to its user wherever it goes. In this latest Jamf Pro release, organizations can enroll institutionally-owned Apple Vision Pro devices with Jamf Pro using Automated Device Enrollment. This enrollment method immediately enrolls and configures an Apple Vision Pro device as soon as a user turns it on — without IT or user interaction. Enrolling devices via Automated Device Enrollment prevents users from removing the MDM profile from that device.

Automated Device Enrollment screen on Apple Vision Pro, notifying the user that the device is owned by Jamf Software and that remote management is required.

Automated Device Enrollment screen on Apple Vision Pro

*Feature support is based on testing with the latest Apple beta releases.

Skip Setup Assistant steps

Unboxing a device for the first time or reenrolling a device into MDM has major impacts on user experience and productivity. Jamf Pro 11.9 continues to improve this experience with new steps to skip in Setup Assistant. Admins can choose to not display the following panes for computers and mobile devices:

  • Intelligence* (macOS 15 and iOS 18 or later)
  • Get Started* (macOS 15 or later)
  • Wallpaper
  • Lockdown Mode
  • Voice Selection* (iOS 18 or later)

The options above can be configured in two ways: in a new or existing PreStage enrollment for computers or mobile devices, or via a mobile device configuration profile.

*Feature support is based on testing with the latest Apple beta releases.

New key in Wi-Fi profile for macOS

Jamf Pro 11.9 includes a new profile key DisableAssociationMacRandomization, which disables MAC address randomization for the wireless network while the device is connected to that network. This means that organizations can use this MDM payload to make sure there is not a randomized MAC address on any company devices. For organizations who use implement security measures to only allow devices with certain MAC addresses to connect, this new key will enhance security through more control of which devices can access the network.

Computers must be on macOS 15 or later. This new key is based on testing with the latest Apple betas.

Network screen in Jamf Pro 11.9. A new checkbox is selection, allowing admins to

Enforce minimum OS with Automated Device Enrollment

When a new user unboxes an Apple device for the first time, admins can customize their experience up to organizational standards. One such standard is keeping any devices that access work resources compliant with required operating systems. In Jamf Pro 11.9, admins can now set a minimum operating systems for Mac, iPhone or iPad. This means users will need to go through a software update before they can continue to enroll a device and removes enrolling a device with an old operating system that is out of compliance.

Admins can enforce a minimum OS when a device is enrolled with Jamf Pro via Automated Device Enrollment through PreStage enrollments. The PreStage enrollment requires a user to update the device before Setup Assistant continues.

Enforcing a minimum operating system version using a PreStage enrollment requires the following:

  • Integration with Automated Device Enrollment
  • Computers with macOS 14.4 or later
  • Mobile devices with iOS 17 or later or iPadOS 17 or later
Computer PreStage screen in Jamf Pro. Admins have the options to enforce a minimum required macOS version, and can select options.

Options for IT admins to choose from

There are four options available to IT administrators to choose from, if enforcement of a minimum OS version is desired during Automated Device Enrollment. But Jamf recommends IT administrators use “Latest version based on computer eligibility” to have the benefit of not needing to manually update their PreStage enrollment when new OS updates are released from Apple and keep their devices up to date with latest OS version during enrollment.

Support for Intune Platform Single Sign-On

One of the biggest reasons for support tickets is users forgetting passwords. In Jamf Pro 11.9, organizations who have environments integrated with Microsoft device compliance can now deploy and test Microsoft Platform Single Sign-on (PSSO) with your Microsoft Entra ID tenant without interruptions to device compliance functionality.

This integration — which is in a preview state — allows users to log on to a Mac using their identity provider (IdP), in this case Microsoft Entra ID, or via a secure enclave. End users will see a reduction in password fatigue — admins no longer have to manage multiple passwords, saving time and ensuring only authorized users get access to company resources.

Google SMTP support

Google now requires Open Authorization (OAuth) 2.0 for third-party apps to access Gmail. This means that organizations will no longer be able to add Gmail accounts via simple authentication into Jamf Pro.

With Jamf Pro 11.9, organizations can integrate Google-hosted email accounts with Jamf Pro using modern authentication through OAuth 2.0. This feature allows organizations to integrate a Gmail account with Jamf Pro by authenticating directly through Google via OAuth 2.0, enabling Jamf Pro to securely authenticate when sending email notifications for various actions that take place in your environment.

Network Relay configuration profiles

Jamf Pro 11.9 adds support for the Network Relay payload, which Apple introduced as an alternative to VPNs to securely and privately route network traffic from managed devices to company resources. Jamf Pro’s support for the Network Relay payload allows for the proper linking of identity certificates deployed by Jamf Pro to be used for network authentication.

To use this new payload:

  • Computers must be on macOS 14 or later
  • Mobile devices must be on iOS 17 or later, iPadOS 17 or later, tvOS 17 or later, or visionOS 1.1 or later.

To learn about all of the updates to Jamf Pro 11.9, visit the release notes.