Skip to main content
Jamf Nation, hosted by Jamf, is a knowledgeable community of Apple-focused admins and Jamf users. Join us in person at the ninth annual Jamf Nation User Conference (JNUC) this November for three days of learning, laughter and IT love.

Configuring and Deploying the Jamf Reset App

Overview

Jamf Reset is an iOS app that enables users to quickly reset a device to the original factory settings using Jamf Pro. This process simplifies the necessary steps to wipe a device and records a log in Jamf Pro each time a device is wiped.

Requirements

To use Jamf Reset, you need the following:

  • Jamf Pro 10.0.0 or later
  • Supervised mobile devices with iOS 10 that are connected to the Internet
  • A Jamf Pro user account with the following privileges enabled:
    • Create Mobile Devices (Navigate to Jamf Pro User Accounts & Groups > Privileges > Jamf Pro Server Objects)
    • Enable Send Mobile Device Remote Wipe Command (Navigate to Jamf Pro User Accounts & Groups > Privileges > Jamf Pro Server Actions)
    • Enable Send Mobile Device Restart Device Command (Navigate to Jamf Pro User Accounts & Groups > Privileges > Jamf Pro Server Actions)
  • To ensure a successful re-enrollment after using Jamf Reset, enable the Clear extension attribute values on computers and mobile devices checkbox to clear all values for extension attributes from mobile device inventory information. Navigate to Settings > Global Management > Re-enrollment to enable this feature.

Note: To preserve device settings and restrictions, a Jamf Pro user account dedicated to using this application and excludes additional privileges is recommended.

Configuring and Deploying Jamf Reset

This section explains how to add the Jamf Reset app to Jamf Pro and how to configure the app using Managed App Configuration. For more information about the key-value pairs you must enter in the the Managed App Configuration, see the Customizing Jamf Reset with Managed App Configuration section below.

  1. Log in to Jamf Pro.
  2. Click Devices at the top of the page.
  3. Click Mobile Device Apps, and then click New.
  4. Select App Store app or VPP store app, and then search for Jamf Reset.
  5. On the General tab, ensure that the Make app managed when possible checkbox is selected.
  6. Click the App Configuration tab and enter something similar to the following in the Preferences field:
<dict>
      <key>com.jamf.config.jamfpro.url</key>
     <string>https://instancename.jamfcloud.com/</string>
      <key>com.jamf.config.jamfpro.username</key>
      <string>jamfpro-API-username</string>
      <key>com.jamf.config.jamfpro.password</key>
      <string>jamfpro-API-password</string>
      <key>com.jamf.config.jamfpro.device-id</key>
      <string>$JSSID</string>
      <key>com.jamf.config.ui.main-page.title</key>
      <string>Device Reset</string>
      <key>com.jamf.config.ui.main-page.text</key>
      <string>Resetting your device will erase all content and settings. This action cannot be undone.</string>
      <key>com.jamf.config.reset.error.general.text</key>
      <string>Unknown Error. Contact your IT administrator.</string>
      <key>com.jamf.config.ui.main-page.button.text</key>
      <string>Reset</string>
      <key>com.jamf.config.ui.main-page.button.text.color</key>
      <string>#F8F8F8</string>
      <key>com.jamf.config.ui.main-page.button.color</key>
      <string>#E8573F</string>
      <key>com.jamf.config.ui.background.color</key>
      <string>#F8F8F8</string>
      <key>com.jamf.config.ui.text.color</key>
      <string>#444444</string>
      <key>com.jamf.config.demo-mode</key>
      <false/>
</dict>

7. Use the Scope, Self Service, and VPP tabs to configure app distribution settings as needed. For more information, see App Store Apps in the Jamf Pro Administrator’s Guide.
8. Click Save.

Customizing Jamf Reset with Managed App Configuration

You can use Managed App Configuration to customize Jamf Reset for your organization. Managed App Configuration is a set of key-value pairs used to configure iOS apps.

Note: If optional configurations are not used, the app's default settings will display.

For more information, see the AppConfig Community website: AppConfig for iOS.

Required Key-Value Pairs

Key-Value Pair Description
<key>com.jamf.config.jamfpro.url</key>
<string>https://instancename.jamfcloud.com/</string>
Jamf Pro URL
The Jamf Pro URL is the Jamf Pro server instance in which mobile devices are enrolled. Your full Jamf Pro URL must be entered in the string. This includes the correct protocol, fully qualified domain name (FQDN), and port of the server. For example:
<key>com.jamf.config.jamfpro.url</key> <string>https://jss.mycompany.com:8443/>
<key>com.jamf.config.jamfpro.device-id</key>
<string>$JSSID</string>
Jamf Pro Device ID
The Jamf Pro Device ID is used to enable API calls. This can be dynamically supplied by Jamf Pro using the placeholder [JSSID].
<key>com.jamf.config.jamfpro.username</key>
<string>jamfpro-API-username</string>
Jamf Pro Username
The username of the Jamf Pro user account is required and used to make API calls.
<key>com.jamf.config.jamfpro.password</key> <string>jamfpro-API-password</string> Jamf Pro Password
The password of the Jamf Pro user account is used to make API calls.

Optional Key-Value Pairs

Key-Value Pair Description
<key>com.jamf.config.ui.header-image.url</key>
<string>https://resources.jamf.com/images/logos/Jamf-color.png</string>
Header Image URL
You can choose a header image by specifying an image URL. The image should be a banner-style image that fits the display area of the devices you will be deploying. The image must be in PNG or JPEG format, and a maximum height of 740 pixels is recommended. The header image will be stretched or shrunk to best fit devices, but the aspect ratio of the original image will be maintained.
Note: The image must be hosted on a secured domain (using https).
Text:
<key>com.jamf.config.ui.main-page.title</key>
<string>Device Reset</string>
<key>com.jamf.config.ui.main-page.text</key>
<string>Resetting your device will erase all content and settings. This action cannot be undone.</string>

Color:
<key>com.jamf.config.ui.text.color</key>
<string>#444444</string>
Main Page Text
You can edit the default title and text on the app's main page. The default title is "Device Reset", and the default text is "Resetting your device will erase all content and settings. This action cannot be undone." You can also edit the title and text color. The default color is "#444444".
Text:
<key>com.jamf.config.ui.main-page.button.text</key>
<string>Reset</string>

Color:
<key>com.jamf.config.ui.main-page.button.text.color</key>
<string>#F8F8F8</string>
<key>com.jamf.config.ui.main-page.button.color</key>
<string>#E8573F</string>
Button
You can edit the default button text, button text color, and button color. The default text is "Reset" in white, and the default button color is "#E8573F".
Note: Color values must be written as a hex value.
<key>com.jamf.config.ui.background.color</key>
<string>#F4F6F9</string>
Background Color
You can edit the background color of the app. Default color is "#F4F6F9".
<key>com.jamf.config.reset.error.general.text</key>
<string>Unknown Error. Contact your IT administrator.</string>
Error Page Text
You can edit the text that displays when an error occurs. If the Managed App Configuration is empty, the default text is "App Configuration is empty. Contact your IT administrator. Jamf Reset is a component of Jamf Pro, developed by Jamf. This app must be associated with a Jamf Pro server. Contact your IT administrator for more information.” If the Managed App Configuration is not empty but is missing required values, the default text is "Unknown Error. Contact your IT administrator."
Note: If an http code exists for the type of submission error, it will display at the end of the message.
<key>com.jamf.config.demo-mode</key>
<false/>
Demo Mode
Demo mode allows you to test the app without wiping a device. When set to "true", demo mode will reboot the device. When set to "false", the device is wiped. By default, demo mode is set to "false".

Jamf Reset User Experience

When a user accesses the Jamf Reset app from a mobile device, they are guided through two simple steps to reset the device:

  1. Tap the Reset button.

  2. Tap "Erase" in the Warning pop-up menu. The reset process on the device starts momentarily.

End User Error Messaging
If the Jamf Reset app fails to reset the device, end users will receive an error message similar to the following:

When possible, an http code will display to make troubleshooting the issue easier. (For example, "401".)
For more information about error message configurations, see the Customizing Jamf Reset with Managed App Configuration section.

Additional Information

For information about the Jamf Setup app, see the Configuring and Deploying Jamf Setup App Knowledge Base article.

Like Comment
Order by:
SOLVED Posted: by RBlount

Is there a troubleshooting page for errors? I am trying to configure the Managed App settings. I copied the default from this page and changed the URL and API User and password settings, leaving everything else the same. I am getting the following error on the device when trying to execute the Reset command: "The request timed out. Contact your IT administrator." How can I tell what is timing out?

Like
SOLVED Posted: by scooley

I'm getting this error as well

Like
SOLVED Posted: by Klenke.daniel

It could be related to same issue of not being able to clear activation lock. We are currently having this issue as well and I've only noticed it errors out on ones that we could normally not clear with the wipe command. I did create a new Jamf Pro user that had the ability to send remote wipe commands and put that user here from the example value.

<key>com.jamf.config.jamfpro.username</key> <string>insert-username-here</string> <key>com.jamf.config.jamfpro.password</key> <string>insert-password-here</string>

Like
SOLVED Posted: by tim.knox

Is your instance on-prem or cloud? I'm curious to hear the different results based on the different on-prem-style builds.

With this and the Setup App, I found that the quickest way to figure out if it was a syntax error in App Config or a permission issue is to just elevate the rights to full admin, force quit the app, and then try it again. If it works, it's a permission error which should be easily fixed (I almost always forgot "Create Mobile Devices" for some reason).

If it still doesn't work, it's likely you have a syntax error.

Like
SOLVED Posted: by dvasquez

I also edited the xml and pasted it into our reset app config, it failed with an error. I am using Jamf cloud. Over all setup info is not difficult, hum...

Error is very generic. The app config box is red with error. I am not at my cloud instance but I will send a screenshot.

Like
SOLVED Posted: by Thomas_Eckler

So Line 13 of my Jamf Reset XML currently looks like this: <string>Resetting your device will erase all content and settings. This action cannot be undone.</string>
Which looks like this on my iPads:

Resetting your device will erase all content and settings. This
action cannot be undone.

The word "This" hanging off the edge of the line is making my OCD spin out of control!
Does anyone know how to insert a line break?

I'd like it to appear like this (with a line break to create a new line).
Resetting your device will erase all content and settings.
This action cannot be undone.

THANKS!

Like
SOLVED Posted: by Thomas_Eckler

So I ended up adding 20 spaces in between the two sentences. This made the second sentence end up centered beneath the first sentence so it looks the way I want it to. Not the best method, but it worked...

Like
SOLVED Posted: by kericson

I get the 401 Error what does this mean?

Like
SOLVED Posted: by j.stroomberg

Great Product! tested it out yesterday and we're going to push it to production asap. However i run into 1 small missing(?) feature, i'd like to set the Extended Attribute during the reset.

with the Setup app we set an attribute, but during reset, it doesnt get unset, which in my workflow results into an ipad configuring back to the setup profile we choose the very first time.

Anyone has any idea on how to approach this? (i could be just using it wrong)

Like
SOLVED Posted: by krichterjr

@j.stroomberg Try Settings → Global Management → Re-Enrollment → "Clear extension attribute values on computers and mobile devices"

Like
SOLVED Posted: by j.stroomberg

@krichterjr that was it, thanks a lot!

Like
JAMFBadge
SOLVED Posted: by brendon.paucek

This article has been updated to include an additional requirement for re-enrollment settings and a list of recommended restrictions.

Like
SOLVED Posted: by beatlemike

Wait... how is it getting a WiFi connection to re-enroll? I’m assuming it doesn’t and there’s extra steps to initially prepare the device between resets?

Like
SOLVED Posted: by aviene

I deployed the app, but each time the device is still locked to the Apple ID of the original user and the Apple ID password is required to unlock it (though I have had limited success with the Activation Lock Bypass). I had hoped this app would provide the same functionality of "Erase All Content and Settings" under the device Settings. Any solutions?

Like
SOLVED Posted: by Chris_Hafner

@aviene Yea, this is what I'm seeing too. Hopefully, I'm just missing something as it's pretty useless without it. Since I came here looking for an answer to this question, I will keep rolling right along. Hope to come back with an answer.

Like
SOLVED Posted: by Chris_Hafner

@aviene OK, I figured it out... at least the way I'm going to handle it. In your enrollment profile, make sure you have "Apple ID and iCloud" checked (Meaning, hidden during setup). If I sign an AppleID into the iPad after the fact, and then use "Reset" it works as expected... no activation lock.

Like
SOLVED Posted: by taugust04

@kerickson I had the 401 error as well. Generic error which means permissions issue, but the account being used was a full admin account that had all the boxes checked off. Went back and removed special characters from the password from the user account that Jamf Reset was using, and re-installed the app. That did the trick.

Like
SOLVED Posted: by TomDay

Can this app be used if you are using a self signed cert? I don't see any settings for the custom config relating to certs or ssl. When I run the Jamf Reset app on the mobile device I get the error:

Like
SOLVED Posted: by flojo

Hi folks,
am I too stupid to see the point of Jamf Reset? I was hoping to have a possibility to reset a device without having to choose "country", "language", .... and especially WIFI after each wipe. But no! I am deeply disappointed, because I keep waiting for a function to reset the contents only.

So this app is just a shortcut to wipe a device with 2 clicks instead of 4?

Please enlighten me!

Thanks for your help!
Florian

Like
SOLVED Posted: by kericson

This use to work for me now the device record is left in Jamf as a unmanaged device. I haven't changed anything any ideas?

Like
SOLVED Posted: by danny.porter

@flojo Thanks for asking. Reset can be used as a user driven reset of the device if being used in a Shared environment, as well as 1:1 solution. It really depends on what you're needing. We've seen Reset being used in Healthcare environments so that a patient can easily and securely delete everything off the device back to factory settings, and not requiring IT to have to manually touch those devices. If you're looking for an automated way to walk through those first few steps (Language, Country, Wifi) you should check out this tool here: https://marketplace.jamf.com/details/healthcare-helper/. It talks about Healthcare, but there are ways to automate these steps using what the article mentions as Apple Provisioning Utility. Use the links in article to ask our team more questions. It could potentially help you based on your need.

We're also hosting a webinar on Jamf Setup and Reset on Wednesday, March 20. If you can spare 30 minutes, I'd encourage you to attend online: https://www.jamf.com/events/webinars/empower-it-with-jamf-setup-and-reset/

Like
SOLVED Posted: by a.simmons

What permissions does the account need for Jamf Reset? The account I've been testing has been given permission to Send Mobile Device Remote Wipe Commands.

Found the settings at the top of the page

Like
SOLVED Posted: by danny.porter

@a.simmons Would you have some time to share how you are using Jamf Reset in your organization?

Like
SOLVED Posted: by danny.porter

@kericson Did anything change with your Apple Business Manager/DEP Token perchance? Is this a supervised device?

Like
SOLVED Posted: by evaldes

This works perfectly!!!! Thank you... I got it all set up now!!!

Like
SOLVED Posted: by Pauileoo7

Now working on reset, is there away to reset the name to a default in jamf pro. It looks like after the wipe it keeps the name in jamf.

Like
SOLVED Posted: by tcam

Is anyone concerned about the security of this?

It looks like you’re putting a JAMF admin username & password on many devices.

Couldn't one of those end users extract the jamf admin username and password off the device, and then proceed to use that access to erase all devices?

Like
SOLVED Posted: by patrick.reid

@tcam I looked at the Setting app on the iPad that downloaded the app, and I don't see this information avaialable. This was one of my first questions too. I would appreciate a Jamf confirmation on this.

I did create a Reset account, with only wiping and reset mobile devices options checked to hopefully help this security risk as well.

Like
SOLVED Posted: by jaystaeb8

We are attempting to get reset running and it is working for us, except we need our devices to keep their names when running reset and they are defaulting to the serial number. Our prestage enrollment has default names in the mobile device names payload and each device is named manually then the Enforce Mobile Name is checked on the device in the General settings for each device and when we run reset it changes the devices to the serial number.

Like
SOLVED Posted: by danny.porter

@tcam and @patrick.reid

Thank you for sharing concerns. We do have companies that are using Jamf Reset in some very highly sensitive environments, and this is a viable concern. Though the information in the app configuration doe give you access to reset the rest of the devices, if you can get into the app configuration on the device to figure out the login and password, we haven't yet seen this happen in reality. One way to alleviate any concerns about this would be if a company wanted to assign the devices with Jamf Reset to a separate Site in the Jamf Pro account. That way, the privileges could be restricted to a site, rather than the entire Jamf Pro account. If someone were able to get in, they could still restart any of the devices potentially in the site, but wouldn't be able to do so in other sites on the account. I don't know if this helps, but please let me know if you have some other ideas.

Like
SOLVED Posted: by danny.porter

@Pauileoo7 Could you share a little more about what you mean by resetting a name to a default name? You can use Jamf Pro to assign a name to a device in the Prestage, or you can also use Jamf Pro in the device inventory to assign a permanent name to the device. In using Jamf Reset, I haven't seen it change any other name in the device specifically if in my Prestage I have it to default and have typed in the default name.

@jaystaeb8 I wonder if you should open a ticket with our support team. I attempted to replicate your same issue, but couldn't get the device name to reset to a serial number when I had Default selected in the Prestage and a manual typed in name in the inventory record. I wonder if there is something else going on.

Like
JAMFBadge
SOLVED Posted: by hillary.smith

This article was updated to clarify required privileges and the navigation path to enabling those privileges. Other changes included fixing a typo ("tab" to "tap") and more specific placeholders for instances directing users to insert the URL, username, or password.

For example, <string>insert-username-here</string> changed to <string>jamfpro-API-username</string>.

-Hillary

Like