Skip to main content
Jamf Nation, hosted by Jamf, is the largest Apple IT management community in the world. Dialog with your fellow IT professionals, gain insight about Apple device deployments, share best practices and bounce ideas off each other. Join the conversation.

config profile option to disable "restrict USB" added in iOS 11.4.1

Implemented in 10.3.0
Posted: by Dylan_YYC Last Response: by Sandy

This might be something that JAMF may not be able to do, but if its possible it would be nice to disable this feature. With our iPad program every year student ipads are returned to IT and we have to wipe each one. Since a lot of them are not updated by the students, its just easier to wipe and update them via AC2. Now i have to DFU each ipad i want to restore in this way.

Posted: by beth.lindner

The problem posted in this Feature Request is about how Apple's iOS 11.4.1 operating system natively restricts access to USB ports. This leads to IT staff being unable to wipe devices with Apple Configurator unless they put the devices into DFU mode. 

As of Jamf Pro 10.3.0, "Allow USB restricted mode" is available in the Configuration Profile's Restrictions payload for Supervised, iOS 11.3 and later devices. This feature allows USB connections without user authentication and should solve the struggles with wiping devices via Apple Configurator. If there are additional use cases that could still use some enhancements, please don't hesitate to drop a new Feature Request.

Block IOS updates through iOS restrictions

Implemented in 10.3.0
Posted: by mcarasso Last Response: by beth.lindner

I was thinking for 1:1 deployments to manage the updates if there could a specific preset under Mobile Devices-Configuration profile-Content Filter -Filter type to specifically block the IOS update servers

  1. mesu.apple.com
  2. appldnld.apple.com

Posted: by beth.lindner

Thank you for providing Apple with your feedback!! As of Jamf Pro 10.3.0, Apple has added the ability to defer software updates. This feature is available in the Restrictions payload of Configuration Profiles for Supervised, iOS 11.3 and later devices and for macOS 10.13.4 and later devices. Updates can be deferred for 1, 7, 30, 45, 60, or 90 days based on the date Apple released the updates to their software updates services. Although updates to the operating systems cannot be deferred indefinitely, the provided time period will allow a window for update validation processes. This doesn't exactly match the requested enhancement, but we feel this new feature will go a long way toward helping manage these updates. We look forward to your feedback on whether or not this feature helped solve the struggles we were looking for!

Better SmartGroup Pattern Matching

Implemented in 10.3.0
Posted: by jescala Last Response: by travis.boettcher

The "like" or "not like" pattern matching is really weak here. I would love to be able to use RegEx pattern matching!

Posted: by andrew.mathena

Thank you all for the input here. I'm happy to announce that as of Jamf Pro 10.3.0, two new string criteria operators--"matches regex" and "does not match regex"-- are available for Smart Device Groups and Advanced Mobile Device Searches. We are working towards mirroring this new functionality on the Computers side of things in an upcoming release.

DEP Enrollment

Implemented in 10.3.0
Posted: by retroroscoe Last Response: by thetfordb

I would like an Inventory Display selection to confirm DEP Enrollment

Posted: by beth.lindner

In addition to the previously existing Enrollment Method field, Jamf Pro 10.3.0 has introduced an "Enrolled via DEP" MDM Inventory field. macOS devices running 10.13.2 and above, enrolled via DEP, will report an "Enrolled via DEP" status of “Yes”

Dashboard - Display more than 4 columns in a row

Implemented in 10.3.0
Posted: by jamesandre Last Response: by CasperSally


On the Dashboard page, can we have the option to display more than 4 columns in a row? In Jamf Pro 10.0 it auto resized depending on the width of the browser window and this was ideal. In Jamf Pro 10.2 it is fixed at 4 columns.

With 4 columns a MacBook Pro Retina screen only utilises about half of the screen, on my external monitor only a quarter of the screen is utilised.

Image is how it looks in 10.2.

Posted: by brandon.gil

We fixed this issue! This now adheres to the responsive design and now fills the empty space rather than arbitrarily cutting these off at 4.

Add reporting for if an MDM profile is not "approved" in 10.13.2+

Implemented in 10.3.0
Posted: by emily Last Response: by abonsall

I get the impression that this is already on your radar, but I want to make sure a specific request is in place to let organizations see if a user has yet to approve the MDM profile once running 10.13.2+ and manually enrolled/re-enrolled. As of right now there is no reporting in place to see if a profile has been verified by the user or not. Obviously we can't force the issue remotely, but reporting will help us reach out to users that need to approve the MDM profile and allow us to leverage SKEL whitelisting payloads also coming in 10.13.2.

Posted: by beth.lindner

As of Jamf Pro 10.3.0, User Approved Enrollment status will be collected for macOS devices via MDM Inventory. This data is also available as Smart Group and Advanced Search criteria. macOS devices running 10.13.2 and above, enrolled via DEP or devices end users have manually approved the MDM profile on via System Preferences, will report a User Approved Enrollment of “Yes"

Please add enforceSmartCard key to SmartCard Configuration payload

Implemented in 10.3.0
Posted: by golbiga

In macOS 10.13.2, Apple added the enforeSmartCard key to the SmartCard payload. This needs to be added to Jamf Pro 10.

Posted: by beth.lindner

As of Jamf Pro 10.3.0, additional features have been added to the macOS Configuration Profile payload for SmartCard. The option to enforce SmartCard use and the additional Certificate Trust verification selections are supported with macOS 10.13.2 and higher. Thanks for the Feature Request! Keep them coming our way.

Update Jamf Enrollment Process to support "User-Approved MDM" requirements

Implemented in 10.3.0
Posted: by prbsparx Last Response: by Winterhalter

In MacOS High Sierra 10.13.2, Apple introduced a new functionality called "User Approved MDM" that enables the management of security-sensitive settings (e.g. UAKEL)

While many use DEP, it would be beneficial if non-DEP enrollment is updated to meet these requirements.

The current manual enrollment process, as I understand it:
- download PKG
- install jamf binary files
- jamf enroll process in post install script enrolls in MDM.

Based on my understanding, the process would need to be changed to:
- Download MDM enrollment profile
- During MDM enroll InstallApplication would push down jamf binaries.

Detailed information on this from Apple is available at https://support.apple.com/en-us/HT208019

The goal of this post is to get a public statement from Jamf on what is being done to solve this.

Posted: by michael.devins

Please reference the Jamf Pro 10.3 release notes for full details about changes to user-initiated enrollment.

Restrict wifi sharing iOS 11

Implemented in 10.3.0
Posted: by avibloomsar Last Response: by jbax

In iOS 11, with Wifi sharing, if a user has access to a wifi network they can add that network to other devices without having to enter the password.

We currently deploy a wifi network to our school iPads via a configuration profile. It's a network with wpa2 encryption, but the password is pushed in the profile so users do not know the password.

We'd like to be able to restrict wifi sharing so that only school devices stay on our main network.

Hide "Software Update" in settings & more control to prevent iOS updates

Implemented in 10.3.0
Posted: by CairoJXP Last Response: by CairoJXP

Make it so the students cannot update the iOS on devices by hiding the software update section in Settings under General, but also preventing it from popping up with the Cancel>Remind Me Later click through process. As admins, we should have full control of how and when iPads update without having to block various apple websites tied to updates because there may be cases in which we do need update the iOS, but blocking the sites prevents that and then we have to potentially navigate that mess to update some devices that need it.

Posted: by beth.lindner

Thank you for providing Apple with your feedback!! As of Jamf Pro 10.3.0, Apple has added the ability to defer software updates. This feature is available in the Restrictions payload of Configuration Profiles for Supervised, iOS 11.3 and later devices and for macOS 10.13.4 and later devices. Updates can be deferred for 1, 7, 30, 45, 60, or 90 days based on the date Apple released the updates to their software updates services. Although updates to the operating systems cannot be deferred indefinitely, the provided time period will allow a window for update validation processes. We are marking this implemented because all the features available to Jamf Pro are now available in the product. Please keep communicating with Apple the desire to management the System Preferences App for iOS. We look forward to your feedback on whether or not this feature helped solve the struggles we have today!