Skip to main content
Jamf Nation, hosted by Jamf, is the largest Apple IT management community in the world. Dialog with your fellow IT professionals, gain insight about Apple device deployments, share best practices and bounce ideas off each other. Join the conversation.

Skip ALL MacOS Setup Assistant Screens for Truly Zero Touch Deployments

Posted: by lynnaj Last Response: by ICTMuttenz

Currently with JAMF 10.7.1 and MacOS 10.13 when a person sets up a new mac or restores the OS on an existing mac they need to manually click through the Country and Keyboard screens on the MacOS Setup Assistant. (See attached screen picture)

This means that a person needs to be physically present at the Mac to click through these screens before the prestage enrollment process can take over. Therefore, since someone must click through these MacOS Setup Assistance screens, there actually is no ability with JAMF to do remote, unattended and truly zero-touch deployments of macs.

Basically, once I can skip all the MacOS Setup Assistant screens I will be able to remotely trigger a wipe and reset of macs without having to have anyone physically present at any point in the process. This would allow me to effectively "re-image" (while not actually imaging) a computer lab/classroom overnight.

According to JAMF support what I am asking for cannot yet be done with JAMF and they suggested this feature request.

I would be happy to help you develop and/or test any such system. I would also be happy to share all the other work I have done to make everything else install automatically on the macs I manage.

Thank you!

Add ability to report on FV2 Recovery Keys (and/or access them via API)

Under Review
Posted: by mm2270 Last Response: by gachowski

In the current versions of the Casper Suite, either series 8 or series 9, we have the ability to report on almost every piece of data stored for computer records, and in many cases can also access these data items via the Casper API.

The one major exception to this is the FileVault 2 Recovery Keys. Although I can read every single key for an encrypted Mac, one by one, due to my privilege settings, I can't generate a report on all Macs \+ their respective individual keys. The item isn't available as a column to add in to a search. To add to this, these keys also aren't displayed within a Mac's API record.
This is all partly because of security, since the keys are stored in an encrypted state within the database. I get why we don't want to have these in an easily readable state. That's a good thing. However, we consider the fact that Casper Suite is the ONLY location where those very important keys reside to be a bit of a flaw. For the purpose of even higher security, and also redundancy, we don't allow all our techs access to the Casper Suite. We need to be able to pull these keys along with some other computer details into another database where they can access it with elevated rights accounts. Not being able to export these keys into another system or access them in some scripted manner means we're unable to do so.

Please add the ability to both-
a) Run an Advanced Search to list the Individual Recovery Key for each Mac, if one is present and one has the Privileges to see those keys
and
b) Access these keys from the API or some other secure method so we can script pulling them into another system.

Even simply being able to export them into a csv file right now would be a big improvement.

Previous version of app

Posted: by paul_hunt Last Response: by debbiegrif

iPads are typically 4 year life at least.

Older ones cannot update to the latest iOS often times.

When Apps are updates for Apple's Latest and Greatest, it renders a lot of ipads unable to use the app.

For instance, we have 400+ machines with 9.3.5 iOS. Google updated Drive for 11.x iOS. It will not load on the 9.3.5 iOS machines. We now have to manually go to each one, open app store, and install Drive, which then offers the option of the older version of the app.

It would be very useful for us to have the option of previous versions for older iPads, either as a 2nd app, or that the JSS would sense whether the new app will work, or the older app could installed in its stead.

Change Jamf to connect to itunes.apple.com on port 443

Posted: by dean.mitchell Last Response: by dean.mitchell

New installation, still setting everything up.

When attempting to connect to the app store within Jamf and search for apps this always returns with "No apps found".

Looking through the logs I can see that Jamf is trying to connect to "itunes.apple.com" on port 80.

Is there a way to change the Jamf Server to use port 443. Our security team will not open 80 on our network.

2018-10-16 11:37:46,089 [INFO ] [Thread-6 ] [RetryExec ] - I/O exception (java.net.SocketException) caught when processing request to {}->http://itunes.apple.com:80: Network is unreachable: connect
2018-10-16 11:37:46,089 [INFO ] [Thread-6 ] [RetryExec ] - Retrying request to {}->http://itunes.apple.com:80

Include SMTP Server for a Hosted JSS

Posted: by sragalevsky Last Response: by whitebeer

Cloud hosted JSSes should have a pre-configured SMTP server for sending reports and alerts.

Having to add my own SMTP server or another third party server is less desirable.

Self Service App Badging by Category

Posted: by tlarkin

I think it would be very valuable for all of jamf customers to have the ability to badge a category

The use cases are pretty straight forward, but here are some ideas:

  • emergency workflows, something the user needs to be notified on, they can be put into an "emergency category"

  • tagging self service items for new employees. You can have run once policies that when an employee is new for on-boarding they can visually see the notifications of what to click

  • specific niche case where a category needs it

Right now this is possible with the push proxy and with a one to one basis of a policy. I would like to apply this to a specific category, so if any policy falls into that category it can send notifications.

Thanks

Add the ability to have clickable links in the descriptions in Self Service

Posted: by jbestine Last Response: by dan-snelson

We want to deploy an app through Self Service and include a link to our help desk within the description if they need additional help. I can add the text, but I can't make that link clickable to open a web page. This would be helpful for other application deployments for macOS and iOS.

Position Webclips via Home Screen Layout Payload

Implemented in 10.4.0
Posted: by byroncoughlin Last Response: by weldon

iOS 11.3 introduced the ability to position webclips via the Home Screen Layout Payload. This feature is supported in configuration profiles created in Apple Configurator 2.7 and is documented here:
https://developer.apple.com/library/content/featuredarticles/iPhoneConfigurationProfileRef/Introduction/Introduction.html#//apple_ref/doc/uid/TP40010206-CH1-SW603

Please add this functionality to Jamf Pro.

Posted: by beth.lindner

As of Jamf Pro 10.4.0 and iOS 11.3 and later, Web Clip placement can be controlled via the Home Screen Layout payload in Configuration Profiles. Web Clips can be placed in Dock Layouts and Page Layouts in the payload, but the Web Clip must exist on the iOS device in order to have placement controlled. If desired, Web Clips can be created using the Web Clips payload in Configuration Profiles.

Please note if the Home Screen Layout includes a Web Clip and is scoped to an iOS 11.2 or earlier device, the device does not appropriately ignore the payload which can lead to unexpected behavior, like an empty Dock on the iOS device.

Notifications > Show preview only when unlocked

Posted: by chris.heald Last Response: by jlmorton

In order to ensure sensitive data from messages and emails etc are not divulged, we would like to enforce the iOS setting:
Notifications > Show previews > When unlocked
globally across all apps.

Package upload dates

Posted: by keisenhuth Last Response: by scottb

In the packages section of the console, I would like to see when I uploaded every package. It would be easier to remove older packages if I knew when they were uploaded.