This might be something that JAMF may not be able to do, but if its possible it would be nice to disable this feature. With our iPad program every year student ipads are returned to IT and we have to wipe each one. Since a lot of them are not updated by the students, its just easier to wipe and update them via AC2. Now i have to DFU each ipad i want to restore in this way.
The problem posted in this Feature Request is about how Apple's iOS 11.4.1 operating system natively restricts access to USB ports. This leads to IT staff being unable to wipe devices with Apple Configurator unless they put the devices into DFU mode.
As of Jamf Pro 10.3.0, "Allow USB restricted mode" is available in the Configuration Profile's Restrictions payload for Supervised, iOS 11.3 and later devices. This feature allows USB connections without user authentication and should solve the struggles with wiping devices via Apple Configurator. If there are additional use cases that could still use some enhancements, please don't hesitate to drop a new Feature Request.
I was thinking for 1:1 deployments to manage the updates if there could a specific preset under Mobile Devices-Configuration profile-Content Filter -Filter type to specifically block the IOS update servers
Thank you for providing Apple with your feedback!! As of Jamf Pro 10.3.0, Apple has added the ability to defer software updates. This feature is available in the Restrictions payload of Configuration Profiles for Supervised, iOS 11.3 and later devices and for macOS 10.13.4 and later devices. Updates can be deferred for 1, 7, 30, 45, 60, or 90 days based on the date Apple released the updates to their software updates services. Although updates to the operating systems cannot be deferred indefinitely, the provided time period will allow a window for update validation processes. This doesn't exactly match the requested enhancement, but we feel this new feature will go a long way toward helping manage these updates. We look forward to your feedback on whether or not this feature helped solve the struggles we were looking for!
The "like" or "not like" pattern matching is really weak here. I would love to be able to use RegEx pattern matching!
Thank you all for the input here. I'm happy to announce that as of Jamf Pro 10.3.0, two new string criteria operators--"matches regex" and "does not match regex"-- are available for Smart Device Groups and Advanced Mobile Device Searches. We are working towards mirroring this new functionality on the Computers side of things in an upcoming release.
I would like an Inventory Display selection to confirm DEP Enrollment
In addition to the previously existing Enrollment Method field, Jamf Pro 10.3.0 has introduced an "Enrolled via DEP" MDM Inventory field. macOS devices running 10.13.2 and above, enrolled via DEP, will report an "Enrolled via DEP" status of “Yes”
On the Dashboard page, can we have the option to display more than 4 columns in a row? In Jamf Pro 10.0 it auto resized depending on the width of the browser window and this was ideal. In Jamf Pro 10.2 it is fixed at 4 columns.
With 4 columns a MacBook Pro Retina screen only utilises about half of the screen, on my external monitor only a quarter of the screen is utilised.
Image is how it looks in 10.2.
We fixed this issue! This now adheres to the responsive design and now fills the empty space rather than arbitrarily cutting these off at 4.
I get the impression that this is already on your radar, but I want to make sure a specific request is in place to let organizations see if a user has yet to approve the MDM profile once running 10.13.2+ and manually enrolled/re-enrolled. As of right now there is no reporting in place to see if a profile has been verified by the user or not. Obviously we can't force the issue remotely, but reporting will help us reach out to users that need to approve the MDM profile and allow us to leverage SKEL whitelisting payloads also coming in 10.13.2.
As of Jamf Pro 10.3.0, User Approved Enrollment status will be collected for macOS devices via MDM Inventory. This data is also available as Smart Group and Advanced Search criteria. macOS devices running 10.13.2 and above, enrolled via DEP or devices end users have manually approved the MDM profile on via System Preferences, will report a User Approved Enrollment of “Yes"
In macOS 10.13.2, Apple added the enforeSmartCard key to the SmartCard payload. This needs to be added to Jamf Pro 10.
As of Jamf Pro 10.3.0, additional features have been added to the macOS Configuration Profile payload for SmartCard. The option to enforce SmartCard use and the additional Certificate Trust verification selections are supported with macOS 10.13.2 and higher. Thanks for the Feature Request! Keep them coming our way.
In MacOS High Sierra 10.13.2, Apple introduced a new functionality called "User Approved MDM" that enables the management of security-sensitive settings (e.g. UAKEL)
While many use DEP, it would be beneficial if non-DEP enrollment is updated to meet these requirements.
The current manual enrollment process, as I understand it:
- download PKG
- install jamf binary files
- jamf enroll process in post install script enrolls in MDM.
Based on my understanding, the process would need to be changed to:
- Download MDM enrollment profile
- During MDM enroll InstallApplication would push down jamf binaries.
Detailed information on this from Apple is available at https://support.apple.com/en-us/HT208019
The goal of this post is to get a public statement from Jamf on what is being done to solve this.
Please reference the Jamf Pro 10.3 release notes for full details about changes to user-initiated enrollment.
In iOS 11, with Wifi sharing, if a user has access to a wifi network they can add that network to other devices without having to enter the password.
We currently deploy a wifi network to our school iPads via a configuration profile. It's a network with wpa2 encryption, but the password is pushed in the profile so users do not know the password.
We'd like to be able to restrict wifi sharing so that only school devices stay on our main network.
Make it so the students cannot update the iOS on devices by hiding the software update section in Settings under General, but also preventing it from popping up with the Cancel>Remind Me Later click through process. As admins, we should have full control of how and when iPads update without having to block various apple websites tied to updates because there may be cases in which we do need update the iOS, but blocking the sites prevents that and then we have to potentially navigate that mess to update some devices that need it.
Thank you for providing Apple with your feedback!! As of Jamf Pro 10.3.0, Apple has added the ability to defer software updates. This feature is available in the Restrictions payload of Configuration Profiles for Supervised, iOS 11.3 and later devices and for macOS 10.13.4 and later devices. Updates can be deferred for 1, 7, 30, 45, 60, or 90 days based on the date Apple released the updates to their software updates services. Although updates to the operating systems cannot be deferred indefinitely, the provided time period will allow a window for update validation processes. We are marking this implemented because all the features available to Jamf Pro are now available in the product. Please keep communicating with Apple the desire to management the System Preferences App for iOS. We look forward to your feedback on whether or not this feature helped solve the struggles we have today!
Jamf wants to hear your general feedback around Configuration Profiles!