Skip to main content
Jamf Nation, hosted by Jamf, is the largest Apple IT management community in the world. Dialog with your fellow IT professionals, gain insight about Apple device deployments, share best practices and bounce ideas off each other. Join the conversation.

Working with Apple’s macOS Security Features in Jamf Pro

Overview

This article explains how to work with the following Apple security features for computers managed by Jamf Pro (formerly the Casper Suite):

  • System Integrity Protection
  • Gatekeeper
  • XProtect Definitions Version

System Integrity Protection

System Integrity Protection (SIP) is a security technology from Apple that restricts the root user account and limits actions that the root user can perform on protected parts of the Mac operating system. For more information on System Integrity Protection, see the following article from Apple: https://support.apple.com/en-us/HT204899.

Versions Affected

Jamf Pro v9.99.0 or later

Reporting for computers with macOS 10.11 or later

You can work with System Integrity Protection in the following ways:

  • View the status for System Integrity Protection when viewing management information for a computer. To view the current status, navigate to the Security category in inventory information for a computer.
  • Create an advanced computer search with the "System Integrity Protection" criteria.
  • Create a smart group with the "System Integrity Protection" criteria.

System Integrity Protection can only be configured by a root user on a computer. For more information, see the following article from Apple: Configuring System Integrity Protection.

Gatekeeper

Gatekeeper is a security technology from Apple that helps to protect computers from apps that could adversely affect them. In macOS, Gatekeeper options are found in Apple menu > System Preferences… > Security & Privacy > General tab under the header "Allow applications downloaded from:".

Versions Affected

Jamf Pro v9.99.0 or later

Reporting for computers with macOS 10.9 or later

You can work with Gatekeeper in the following ways:

  • View the status for Gatekeeper when viewing management information for a computer. To view the current status, navigate to the Security category in inventory information for a computer.
  • Create an advanced computer search with the "Gatekeeper" criteria.
  • Create a smart group with the "Gatekeeper" criteria.

Configuration for computers with macOS 10.7.5 or later

You can install a macOS configuration profile with a Security & Privacy payload that restricts which Gatekeeper preferences are enabled on a computer ("Mac App Store", "Mac App Store and identified developers", or "Anywhere").

For more information on Gatekeeper, see the following article from Apple: https://support.apple.com/en-us/HT202491.

XProtect Definitions Version

XProtect is Apple's built-in anti-malware functionality enabled by default on computers. Malware definition updates arrive through Apple’s normal software update process. To view this setting in macOS, navigate to Apple menu > System Preferences… >App Store. Ensure the Install system data files and security updates checkbox is selected.

Versions Affected

Jamf Pro v9.100 or later

Reporting for computers with macOS 10.9 or later

You can work with XProtect in the following ways:

  • View the version of XProtect Definitions installed on a computer. To view the current version, navigate to the Security category in inventory information for a computer.
  • Create an advanced computer search with the "XProtect Definitions Version" criteria.
  • Create a smart group with the "XProtect Definitions Version" criteria.
Like Comment
SOLVED Posted: 5/23/17 at 1:19 PM by bryantdresher

These new options are great! What about reporting on the current Xprotect status also? This is another foundational security feature that folks would want patched in their world also.

Like
SOLVED Posted: 7/20/17 at 9:11 PM by donmontalvo

Can't wait to get to 9.100. :)

Like
SOLVED Posted: 7/28/17 at 1:14 PM by gzilla13

Does 9.100 fix the issue with macOS 10.12.4 and above installer issue? It is currently not in the "fixes" section for the release.

Like
SOLVED Posted: 8/7/17 at 9:33 AM by TomDay

I have 9.100.0 installed and the group based on criteria "XProtect Definitions Version" working but wondering if there is a way to know when new definitions come out?

Like
SOLVED Posted: 8/8/17 at 6:52 PM by lastdanstanding

+1 for @TomDay's question. The holy grail here would be if Jamf could monitor current XProtect version numbers from Apple and allow us to create a smart group where XProtect Definitions are not current.

Like
SOLVED Posted: 8/9/17 at 12:21 PM by gachowski

Maybe this will help?

https://github.com/phylaxis/safe-download-version

Like