We have a requirement that all data at rest should be encrypted. Memcached doesn't support this configuration at the moment. This is a requirement for our AWS infrastructure. I can stand up an EC2 with memcached but would like to use the more economical serverless offering from Amazon.
We would like to be able to remove Apps from our Shared iPads by simply pressing on the App and removing it by choosing the "x," just like on a non-shared iPad. But currently the only way to remove an App on a Shared iPad is by un-scoping/un-assigning the App inside the JSS. This would be very beneficial when a device runs out of space and doesn't accept the un-scoping command from the console allowing the storage to be managed on the individual device. Apple stated they have made the API available to JAMF, but it is up to your engineers to utilize this.
With the increased push from both Apple and JAMF to move from legacy imaging to DEP deployments it would be great to see JAMF put out a native tool that handles DEP enrollments.
Currently coding a secondary app to run and perform functionality that Jamf should be more than capable of supplying is inconvenient and does not provide a great customer experience.
Perhaps Jamfhelper could be updated to actually work in full screen and add the ability to be customized similar to the new Self Service in Jamf Pro 10. There should be basic functionality that is easily configurable using the Jamf Pro interface so that customers can enroll computers and have a visual feedback assistant while Jamf is performing tasks in the background.
Having Jamf confirm that the enrollment complete trigger is not always reliable during the splash buddy jumpstart adds to the need for a native tool to be made by Jamf.
There have been numerous requests in the past for Jamf to have the ability to self heal. However this one is a little different in that I'm asking that the self healing be kicked off by the MDM connection. Here is the scenario and what how I envision Jamf addressing this:
-Computer has the Jamf MDM profile and the Jamf framework. However the computer has stopped checking with the jamf framework/binary. However the MDM is still able to send/push MDM commands to the device.
-Situations where the device is enrolled via DEP or using the MDM profile (via User Initiated Enrollment) but the jamf framework is not installed.
-Allow the jamf admin to set a threshold where devices that have too large of a difference between the MDM check-in and the jamf binary check-in will automatically have the MDM send an InstallEnterpriseApplication command to re-install the jamf framework. This assumes that the device checked-in via MDM much more recently than through the jamf recon. The idea here is that since Jamf can still communicate with the device via MDM, it can heal the jamf framework on the device to get it working again.
By allowing the jamf admin the opportunity to set what the threshold is (between MDM check-in and last jamf recon check-in), it allows the admin to account for situations where maybe a computer is used infrequently.
If the threshold is passed, then the MDM queues up a command to send the InstallEnterpriseApplication command to the device to install the jamf framework.
Every time I open Composer I have to type in my password. It would be nice if it supported touch ID.
Can we get a management command in the JSS that allow use to force a system to immediately check-in with the JSS?
Forgive me if this simple request already exists but I cannot seem to locate it...
Please do let us know if the Send Blank Push feature doesn't quite solve the problems we were looking to tackle.
We'll check and see if the web button inventory has been replenished :)
When you configure a Prestige Enrollment for OS X I'd like to be able to pre-populate the computer account, and preferably hide it too.
This would facilitate the setup process for users who log in with AD accounts. Many times they don't get the concept of a local account and use their AD credentials to create the computer account, resulting in various problems.
Apple has implemented this in Server.app so I suppose it should be doable without too much effort.
From the Server page at apple.com:
You can automatically create an administrator account during initial system setup that can be hidden from standard users. Or create a standard account or skip account setup during DEP enrollment, configure the OS X Setup Assistant to create a new standard (non-admin) account, or skip account creation entirely during DEP enrollment.
The Casper Suite 9.9 has added functionality with the DEP process. One of the new features is the ability to bind to a Directory Service during the DEP processes. We can also lay down a specified Administrator account using either the Casper Suite management account or by creating a new account using the DEP PreStage Enrollments setup. The end user account can also now either be skipped altogether or we can control if the new end user account that will be created is a Standard User or an Administrator.
I would like the ability to remotely reset all settings, or network settings on an iPad...rather than just the Erase all function that "wipe device" gives us.
At this time, there is not a Management Command available to allow the JSS to reset a device without wiping it back to factory. Please go through the Apple communication channels to file this request with them. They value feature requests as much as we do! Once Apple adds new functionality, we will work hard to integrate with the feature. Please keep the great requests coming.
Mobile device names rarely (never) change in our environment. It would be fantastic if I could preload a CSV of serial numbers and device names, so that they get automatically named correctly. Now that "Inventory Preload" is actually a thing in JAMF Pro, I would love it if that was one of the allowable fields.
We have experienced an issue in which all macOS machines will unbind themselves two weeks after their original binding. A quick Google search reveals that we are not alone in this issue:
As a workaround, we have used this script:
dsconfigad -add my.domain.edu -username xxxxxxxx -password ‘xxxxxxxxxx’ -force -computer `scutil --get ComputerName` -uid uidNumber -gid primaryGroupID -packetencrypt allow -packetsign require -passinterval 0
Everything in that script is handled by Jamf without trouble, except for the 'passinterval,' the one item that would make binding work for us. If Jamf could either add that in as a parameter or allow us to create our own, it would greatly improve support for our environment.
Jamf wants to hear your feedback around Jamf Pro: LDAP Servers and Reports!