This article explains configuration profile settings that affect devices in a complex way or are unique to Jamf Pro.
|Jamf Pro Versions Affected||Configuration Profile Type||Payload(s)||Setting||Description|
|10.9.0 or later||Computer||Privacy Preferences Policy Control||Jamf Pro allows you to configure settings to allow or deny access to applications and services within a target computer's Security & Privacy preference pane as part of the Privacy Preferences Policy Control profile. |
This feature is available in macOS 10.14 or later.
This payload allows you to define an app based on the Identifier and Code Requirement of the app. After you define the app, you can choose which application or service from the target computer's Security & Privacy preference pane that you want to deny or allow access to.
|10.8.0 or later||Computer||Certificate |
|Preference Items||Allows you to configure a Certificate Preference or an Identity Preference by entering the locations (URLs) or email addresses for each preference item. You can include as many preference items as your environment requires.
This feature is available in macOS 10.12 or later.
|10.6.2 or later||Mobile Device |
|VPN||Enable VPN On Demand||Jamf Pro allows you to configure VPN On Demand rules that specify when and how devices are able to access your VPN services. To configure this feature, you must upload a configuration XML file that contains your rules. This feature is available for any supported VPN type.
The configuration XML file can contain one or more keys defined by the Apple configuration profile keys.
|10.3.0 or later||Mobile Device||Home Screen Layout||Dock Layout/Page Layout||To add a web clip to the Dock or page layout on a mobile device with iOS 11.3 or later, you must also configure the Web Clips payload.
|10.3.0 or later||Mobile Device |
|SCEP||Subject text field||Jamf Pro automatically appends $PROFILE_IDENTIFIER in the Subject field in Jamf Pro if the Redistribute Profile option is configured. |
|9.101.0 or later||Computer||Security & Privacy||Recovery Key Encryption Method||Allows you to choose whether Jamf Pro will automatically encrypt and decrypt personal (also known as "individual") FileVault recovery keys.
There are two options:
|9.9 or later||Mobile Device||Home Screen Layout||Page Layout||Allows you to configure the content and layout for each page on the device.
Apps and web clips that are assigned to the device but are not added to the page layout are placed on the last page of the device in alphabetical order.
If a folder on the device is not added to the page layout, the apps within the folder are removed from the folder and are placed on the last page of the device. The folder is removed from the device.
|9.98 or later||Mobile Device||Restrictions||Allow connection to unmanaged Wi-Fi networks||Allows you to prevent users from connecting to any Wi-Fi networks not deployed through Jamf Pro.
|9.8 or later||Mobile Device||Restrictions||Allow installing apps using Apple Configurator and iTunes (supervised iOS 9 only)/Allow installing apps using App Store (iOS 5–8 only)||This setting works differently depending on the iOS version:
|9.8 or later||Mobile Device||Restrictions||Allow installing apps using App Store (iOS 9 only; supervised only)||Works on supervised devices with iOS 9 only.
When selected, the App Store is enabled and displayed on the Home screen. Apps from the App Store can be installed or updated using the App Store, iTunes, Apple Configurator, or Jamf Pro. (This excludes automatic downloads.)
When deselected, the App Store is disabled and removed from the Home screen but apps from the App Store can still be installed and updated via Apple Configurator, iTunes, or Jamf Pro.
|9.2 or later||Computer||FileVault Recovery Key Redirection||Recovery Key Redirection||Unique to Jamf Pro.
Choose how you want the recovery keys to be redirected.
|9.0 or later||Mobile Device |
|SCEP||Display "Redistribute Profile" setting for this profile||Unique to Jamf Pro.
Select this checkbox if you want to display the Redistribute Profile setting in the General payload.
|9.0 or later||Mobile Device |
|General||Redistribute Profile||Unique to Jamf Pro.
Automatically redistributes the profile when its SCEP-issued certificate is the specified number of days from expiring.
|8.6 or later||Mobile Device |
|SCEP||Challenge Type||Unique to Jamf Pro.
The challenge password is used as the pre-shared secret for enrollment. There are three challenge type options:
Jamf wants to hear your feedback around Jamf Pro: LDAP Servers and Reports!