What's new in Jamf Pro 11.16

The Jamf Pro 11.16 release gives admins more power and flexibility when managing Apple devices.

The Jamf Pro 11.16 release enables admins to improve risk management, streamline compliance processes and enhance security governance all while providing flexibility when managing Apple devices.

From helping organizations meet key industry and regulatory security requirements to providing admins with more control and flexibility over their fleet, our goal with this release is to help streamline operations and make device management more simple and secure.

Release snapshot:

• Compliance benchmarks based on the macOS Security Compliance Project (mSCP)
• Shared Device Compliance, now with flexibility
• Configure deployment settings with more control
• Simplified integration for mapping custom extension attributes
• API Support for Webhook Header Authentication

Introducing compliance benchmarks in Jamf Pro

With the release of Jamf Pro 11.16, we’re introducing compliance benchmarks based on the macOS Security Compliance Project (mSCP). These built-in benchmarks provide a powerful, standardized foundation to help organizations ensure their macOS devices meet key industry and regulatory security requirements.

Automated tools that integrate mSCP benchmarks empower IT and security teams to confidently configure, monitor, and validate macOS devices in alignment with security policies and frameworks like NIST, CIS, and HIPAA. Whether you're preparing for a compliance audit or bolstering your overall security posture, these tools help you stay secure and compliant—at scale.

This proactive approach allows for better risk management, streamlined compliance processes, and enhanced security governance by:

• Ensuring macOS security and compliance: Align your macOS fleet with CIS security benchmarks from mSCP - maintaining a consistent and secure configuration across your organization.
• Streamlining compliance audits: Automate the assessment of macOS configurations and continuously monitor for compliance, making it easy to identify and remediate issues before audits or reviews.
• Mitigating security risks: Reduce vulnerabilities and exposure to cyber threats by enforcing strong, benchmark-driven security settings on all macOS endpoints.
• Simplifying ongoing compliance management: Use Jamf Pro’s automation and reporting capabilities to manage compliance across your fleet with minimal manual effort—saving time and ensuring accuracy.

With Jamf Pro, you get real-time visibility into your macOS compliance status. Constantly audit endpoints, identify non-compliant devices, and take action—all from a single, unified platform.

Adopting mSCP benchmarks in Jamf Pro helps your organization stay one step ahead—ensuring every macOS device is secure, audit-ready, and aligned with industry-leading compliance standards.

Important note to customers

Admins must use Jamf Account with either Jamf ID or SSO with OIDC enabled to select and deploy a compliance baseline or benchmark. This will not only offer a seamless and consistent login experience across supported products (Jamf Pro, Jamf Protect, Jamf Security Cloud, and Jamf Account) but will enable your organization to take advantage of current and future platform innovations.

Learn how to set up OIDC-based Single Sign-On.

Shared Device Compliance, now with flexibility

Jamf Pro now gives you more control over how single sign-on behaves on shared devices. With the ability to upload a custom PLIST file, you can define key-value pairs to tailor your device compliance settings exactly how you need them.

Want to turn off SSO for Safari but keep it on for managed apps? Enable SSO for selecting unmanaged apps while blocking others? How about uppress login prompts and go straight to the account picker? This update gives admins the flexibility to configure SSO their way—while still benefiting from the best-practice guidance built into the default PLIST.

Configure deployment settings with more control

This latest release introduces new deployment controls in Jamf Pro that help admins reduce network strain and optimize command delivery across large device fleets. With this update, admins can now configure how many commands are prepared per batch, how frequently those batches are queued, and even set specific times and days for command preparation.

By fine-tuning this internal workflow—before commands ever hit the APNs queue—Jamf Pro customers gain greater control over deployment timing and concurrency. This means less risk of network congestion during peak hours and a more seamless update experience across the board.

Simplified integration for mapping custom extension attributes

We’ve added support for directly mapping Microsoft Entra ID’s custom extension attributes into Jamf Pro. This gives you access to all 15 extension attributes, which often include additional data from Exchange. By pulling this information directly from your Entra ID environment, it reduces the need for custom scripts to send attributes through the Jamf Pro API—simplifying integration and improving operational efficiency.

API Support for Webhook Header Authentication

We've also made an enhancement to the Jamf Pro API that brings support for managing webhook header authentication credentials via the /JSSResource/webhooks endpoint. With this update, admins can now GET, PUT, and POST header authentication text fields directly through the API, streamlining webhook management and aligning with modern DevOps practices.