The AirPlay security option currently allows you to select "Specify passwords for known AirPlay destinations" which allows you to assign a passcode/password to a device. Within TVos restrictions in the configuration profile you can select "Require passcode on first AirPlay pairing".
The selection of just "Passcode" which is found under AirPlay and then security on the Apple TV itself is not an option within Jamf/jss. I would like to be able to add that option so that all the classroom Apple TV's would have a randomly generated number for connecting each time. This removes the possibility of a student gaining knowledge of the code used and utilizing the code in a mischievous way. It also forces the user to be in the room with the Apple TV so that they can see the code prior to connecting.
As a side, the "Require passcode on first AirPlay pairing" should be moved to the AirPlay category.
As of Jamf Pro 9.101.0 and tvOS 11, there is a new Configuration Profile payload of AirPlay Security. We can set the security to Passcode, which would require students to enter the passcode provided from the tvOS device every time a device tries to connect. Or we can have Jamf Pro provide the password or passcode so the students do not have to enter it, but do need to have the passcode/password stored on the device via the Configuration Profile. AirPlay Permissions can help us automate the delivery of these passwords/passcodes to desired devices based on a mapping field. Please let us know if all these enhancements have helped solve the struggles we were having with students connecting to tvOS devices.
For certificate-based authentication, you need to provide a certificate and optionally a preference to associate a certificate with a particular host.
For example, if I need ftiff to access https://www.fti.io, I would create a user-level CP with:
1. a SCEP payload
2. a Certificate Preference Payload to associate *.fti.io with the SCEP payload
Today it is not possible to do this with Jamf. We need to use the security command:
security set-identity-preference -s *.fti.io -c ftiff
Could you add com.apple.security.certificatepreference that was released with 10.12?
Did I miss something?
As of Jamf Pro 9.101.0 and macOS 10.12, Certificate Preference can be set to automatically select the proper certificate in a user's keychain. This prevents the user from needing to navigate into their keychain and select the right certificate after a new certificate is installed on their device. Certificate Preference is available in User Level Configuration Profiles in the Certificate Payload and in the SCEP Payload. We look forward to feedback on this enhancement!
In iOS 9, iCloud Drive could be toggled on/off from settings. In iOS 10, since you can remove native apps, to add it back, you have to "download" from the App Store to restore it to the home screen. However, with managed AppleIDs, you cannot download apps from the App Store, and with shared iPads, you cannot change the AppleID to allow another AppleID to download the iCloud Drive.
We need a way to add the iCloud Drive to the home screen so shared AppleIDs can easily access and manage their iCloud content.
As of Jamf Pro 9.101.0 and iOS 11, a new Restriction has been added to Configuration Profiles. This Restriction can prevent or allow removing system apps. Note that there should be some apps exempted from this Restriction by Apple. For example an iPhone should never be allowed to remove the Phone app, no matter the Restrictions setup. Please let us know if this helps with our struggles, we look forward to the feedback!
Much like the ability to hide Native Apps on iOS, can we implement a restriction to not allow removal of Native Apps.
Example, students do not have the App Store nor Apple IDs and with that we hide certain Native Apps deemed unnecessary for EDU. However, we allow students the ability to remove Apps at will if they want the space and do not use a certain App. Students have been removing the Mail App (we've found a work around the App Store to reinstall the App. Swipe down and type Mail and install via the iCloud download icon). This proves to be a hassle and we do not want to block the ability to remove Apps due to a handful of students that do not wish to corporate.
If anyone has found a solution please let me know, if not can we build a setting for this.
As of Jamf Pro 9.101.0 and iOS 11, a new Restriction has been added to Configuration Profiles. This restriction can prevent or allow removing system apps. Note that there should be some apps exempted from this Restriction by Apple. For example, an iPhone should never be allowed to remove the Phone app, no matter the Restrictions setup.
If we're still struggling and need a more granular restriction, please go through the Apple communication channels to file this request with them.
Currently we have a configuration profile that allows up to six incorrect password attempts before locking a user out.
However after a duration of time passes they are still locked out.
It would be great to be able to send a command to unlock their PC, or perhaps some sort of timer that eventually removes the lock.
As of Jamf Pro 9.101.0 and macOS 10.13, Local Users can now have Remote Commands performed on them, one of which is an Unlock command. Unlock Account will allow the user to access the macOS device if they have exceeded the number of allowed password attempts and are locked out. There is also a Remove User command to remove the user account and all the user's files from the macOS device. These commands are for Local Users only, LDAP users should continue to be maintained via the Directory Service. Please let us know if these new Remote Commands help solve our struggles.
With Home Screen Layout, it would be nice to be able to add a folder of apps to the iOS Dock. This capability is supported by Apple Configurator 2.
With Jamf Pro 9.101.0, Home Screen Layout now supports adding Folders to the Dock. Thank you for submitting this Feature Request, we appreciate the community contribution.
HI Team, can you create a policies in jamf to remove the credential on user authentication for the Air Print. Hope Casper Suite could done this features and it would be simplify the Air Print process. http://www.everyoneprint.com/support/kb/890440/
As of Jamf Pro 9.101.0 and iOS 11, new Restrictions have been added to Configuration Profiles to give more control over AirPrint. We can now prevent iOS devices from using AirPrint, prevent connecting to destinations with untrusted certificates, prevent discovery of AirPrint printers using iBeacons, and prevent storage of AirPrint credentials in Keychain. Most of these options are also now available in macOS Configuration Profiles as well. Based on the comments below that we can use “Strict Mobile Authentication” and these new features, I am marking this Feature Request as implemented. If we are still struggling with various AirPrint functions, please let us know. We look forward to continued feedback.
The current version of Casper Focus allows a teacher to allow use of the Apple TV to unsupervised/supervised student devices in a classroom. Unfortunately, this does not work if the Apple TV has a password. The students cannot get the password because they could then access that Apple TV from anywhere, causing huge disturbances to the classroom. Therefore, educational wise, this function seems completely useless as it stands, however, in theory this would be incredibly useful in the classroom if fixed.
My request is that this "Apple TV access" feature, allow students to use Apple TV's that are password protected, without requiring them to input the password. To better explain, if a teacher "allows Apple TV access" through the Casper Focus App, the student would not have to input a password, and automatically given access because it is being done through an iPad with access already (Hope that makes sense).
As of Jamf Pro 9.101.0 and tvOS 11, there is a new Configuration Profile payload for AirPlay Security. We can set the security to Passcode, which would require students to enter the passcode provided from the tvOS device every time a device tries to connect. Or we can have Jamf Pro provide the password or passcode so the students do not have to enter it, but do need to have the passcode/password stored on the device via the Configuration Profile. AirPlay Permissions can help us automate the delivery of these passwords/passcodes to desired devices based on a mapping field. Please let us know if all these enhancements have helped solve the struggles we were having with students connecting to tvOS devices.