Skip to main content
Jamf Nation, hosted by Jamf, is the largest Apple IT management community in the world. Dialog with your fellow IT professionals, gain insight about Apple device deployments, share best practices and bounce ideas off each other. Join the conversation.

Move Firewall Configuration Profile out of Security & Privacy

Posted: by ftiff Last Response: by jzarate

Dear Jamf,

You recently added a Firewall payload to Security & Privacy (thanks!):

Having it nested under Security & Privacy needs I need to enforce:
- FileVault
- Submit Diagnostic Info
- Screensaver

  • Apple Watch Auto unlock
  • Gatekeeper

While I would love to have a way to leave some options "unspecified" (= leave defaults / leave user choose = don't include payload in profile (and make it explicit));

Could you move Firewall outside of Security & Privacy?

Side note: @owen.pragel has a fascinating post about this

Please allow SSO to work with a split JSS

Posted: by amarks Last Response: by brent.david

We have an installation of 9.9.6 running in AWS. We have our enrollment URL running on our limited access JSS and our management console running on another AWS instance. I would like to have SSO working on the management console, I am told this would only work with the failover url. Please make SSO compatible for customers in these situations.



LAPS for Mac Local Administrator Account Management

Posted: by kcgarner Last Response: by HNTIT

I understand that the Management Account created within a configuration is meant for use only by Casper Suite. I would like to see a way to manage a local administration account on each managed computer. This account password would be changed on a specified interval, with the password either stored in AD, or on the JSS.

We have implemented something like this for Windows clients using Microsoft LAPS (

Posted: by beth.lindner

Thanks for posting the example! I am linking it to another Feature Request that asks for enhancements around the local management account password. This connection will combine the votes and keep the comments all together. The other Feature Request contains some great comments with workaround tips from the community! Please keep the great ideas coming.

Allow iOS URL Scheme in Self Service

Posted: by nvandam

I love the idea of the new iOS URL scheme app installs. I've tested it and it works great. However, the only way to currently get that to users is putting the link on a webpage, email it to them, embed it in a custom app, or you can put it into Self Service as a webclip, which the user would then need to install and once installed click on and that trigger the install of the bundled apps. It would be nice if the URL could just be put directly into Self Service. I love leveraging Self Service and having it be a one-stop-shop, but currently it takes Self Service and an extra step to get the bundled apps to install. I guess that still adheres to the "No step 3 policy" still. ;)

Patch Management Latest Version Control

Posted: by bpeterson Last Response: by mm2270

I have recently started using Patch Management. I set up Microsoft Excel. We are licensed for version 16.16.x. Microsoft has two version running currently. They have 16.16.x and 16.20.x. We are not licensed for 16.20.x. I configure Patch Management for Microsoft Excel to install the latest 16.16.x version. Now, when I look at the patch report, even after all my devices are patched to the latest version I can run, the graph still shows that I have 0% on the latest version. I now have to look at more details to ensure that all my machines are patched. Now, it really only comes down to looking at the version numbers below the graph to see the versions but it would be nice to just see the graph in green running the version that we have specified as 'our' latest version. This would also be applicable if you have a package that you can't upgrade currently because of some incompatibility. Letting us specify what our 'latest version' is and draw the graph and build the percentage off of that specific version would be useful.

Follow software version feature

Posted: by sullrich Last Response: by mm2270

It would be really great if we could follow software versions. Any time a new version of a piece of software that is being followed is updated on jamf nation a update notification would be queued up under the bell icon.

Posted: by emily Last Response: by tramscloud

Hi! So. Oftentimes when I try to type in I end up typing on Because dogs. This seems like a perfect opportunity for a page of Jamf doggos!

This is low pri, obviously, but would be very fun and nice and doggos are good.

Posted: by Emily.Brown

In the spirit of April Fool's fun and an Easter-time Easter Egg, now redirects to this Feature Request.

Add "Mobile Device Name" to inventory preload data

Under Review
Posted: by cgalik Last Response: by szultzie

Mobile device names rarely (never) change in our environment. It would be fantastic if I could preload a CSV of serial numbers and device names, so that they get automatically named correctly. Now that "Inventory Preload" is actually a thing in JAMF Pro, I would love it if that was one of the allowable fields.

Posted: by drhoten

Thanks for recommending we add the Asset Tag @strumpfm and @cgalik , we'll be adding that field along with the two bar code fields in an upcoming release along with taking a look at pushing out a MDM command to rename the device based on the mobile device name field.

Pause the distribution of Configuration Profiles

Posted: by AVmcclint

I would like to see a way to pause the distribution of Configuration Profiles while keeping them intact. I have encountered scenarios where I have Config Profiles automatically installed at the computer level, but then for one reason or another I need to stop one from pushing out to new computers while some technical issues are resolved by other teams. The only ways to stop it from pushing out now are to just delete the profile or to remove every device from the scope. Neither is a suitable option for us. I need the existing installations to stay put until I can either resume the distribution to new machines or make the final decision to delete the profile and remove it from all the existing machines. Having the ability to remove machines individually from the scope so the profile gets pulled while the installation of the profile is paused would be extremely helpful too. I'm thinking out loud here... maybe have the option of making it a pull-only instead of push and pull?

Inventory Preload for macOS devices

Posted: by mhegge Last Response: by m.entholzner

Ability to preload data for computers would help with lab environments. Being able to preload computer name would allow computers to immediately fall into smart groups and receive the software installations and configurations easily.

Posted: by drhoten

Thanks for asking that we add Inventory Preload for computers, it is something we are currently working on and are planning to have in an upcoming release.