Jamf Pro 9.100

Correction—Updated 18 February 2020

The following corrections have been made since the original publishing of these release notes:

Version 9.100.0, Composer is the easy-to-use software package-creation utility for IT systems administrators. Composer allows administrators to easily create software installation packages for computers operating within Mac networks. Version 9.100.0, Composer is the easy-to-use software package-creation utility for IT systems administrators. Installing the JAMF Software Server (JSS) involves the following steps: Install the required software (if you haven’t already). Create the jamfsoftware database.

1. Jamf Pro 9.100 – Powerful sysadmin/enterprise tool (was Casper Suite). Jamf Pro (formerly Casper Suite) is the EMM tool that delights IT pros and the users they support by delivering on the promise of unified endpoint management for Apple devices. At Jamf, connecting the Apple user experience with IT requirements has been our business for the last decade.
2. The JSS Summary is a custom report that allows you to view information about your Jamf Software Server (JSS). The JSS Summary can be useful for troubleshooting JSS issues, and for providing information to Jamf for purposes of support or license renewal.

• The RSQL filtering feature for the Jamf Pro API was incorrectly announced as available in this release of Jamf Pro. It will be available in an upcoming release of Jamf Pro.

• Added additional information about changes and removals in the Jamf Pro API.

Starting with Infrastructure Manager 2.1.0, Java 11 is required for Infrastructure Manager server environments. Before installing Infrastructure Manager 2.1.0 for your LDAP Proxy or Healthcare Listener environment, you must migrate to one of the following distributions of Java 11:

• OpenJDK 11 (recommended)

• Oracle Java 11 (minimum)

For more information, see the Migrating to Java 11 Knowledge Base article. See Installing a Jamf Infrastructure Manager Instance in the Jamf Infrastructure Manager Installation Guide for additional information to consider before installing version 2.1.0.

You can now add Microsoft Azure as a SAML 2.0 provider when configuring Single Sign-On in Jamf Pro. To access this feature, navigate to Settings > System Settings > Single Sign-On. In the editing mode, select “Azure” from the Identity Provider pop-up menu.

It is recommended to use the Disable SAML token expiration option to limit logging issues resulting from the expired tokens.

For information about integrating Microsoft Azure with Jamf Pro, see the Azure Active Directory SSO integration with Jamf Pro tutorial from Microsoft.

You can now configure attribute mappings for your Google Cloud Identity instance in the Jamf Pro user interface directly.

To access this feature, navigate to Settings > System Settings > Cloud Identity Providers > Your secure LDAP service instance and click Mappings. Jamf Pro automatically displays the default values. When you change the mappings and your configuration does not work properly, use the Apply Defaults button to revert your changes to the Jamf Pro default values.

The Search Base is added automatically when you correctly configured the domain name on the Server Configuration tab. You can limit the search base by adding an organization unit. This should reflect the hierarchical structure of your directory. For example, ou=Sales, ou=Users, dc=example, dc=com will limit the search base only to the users in the Sales organizational unit of your directory tree. Non-defined values for the organizational units should not be used.

Jamf Pro allows you to test the following attribute mappings:

• User mappings

• User group mappings

• User group membership mappings

Important: When upgrading Jamf Pro, any previously created Cloud Identity Provider instances are automatically migrated and the Jamf Pro default values are applied. This may affect your configuration. Use the Jamf Pro user interface to review the settings.

Jamf Pro 10.19.0 introduces Lock Screen Message for Mobile Devices as the next redesigned payload.

Jamf Pro 100

Due to Apple's deprecation of the IfLostReturnToMessage key for iOS 9.3.1 or later, Jamf Pro sends it to devices in scope together with the current LockScreenFootnote key. The operating system manages the 'If lost, return to...' message setting on the device level.

For detailed information about each Lock Screen Message payload setting, see Apple’s documentation at https://developer.apple.com/documentation/devicemanagement/lockscreenmessage

Important:When upgrading Jamf Pro, any previously created configuration profiles that include the Lock Screen Message payload settings are automatically migrated. Use the Jamf Pro user interface to review the settings. The migrated configuration profiles are not redistributed to devices.

You can now apply a title to a Text PreStage Pane and an LDAP Authentication PreStage Pane. This allows you to display a title to users on the screen that displays your custom text and the LDAP login screen.

You can now allow end users to enable Activation Lock on their own mobile device if the device is currently enrolled with Jamf Pro by sending a remote command. When the command is sent to the device, Activation Lock becomes enabled when the user turns on the Find My feature.

In addition, Jamf Pro no longer attempts to collect the Activation Lock bypass code during every inventory, resulting in improved performance.

You can now automatically install a Jamf Notifications profile that allows notifications from the Jamf management framework and Jamf Self Service for macOS. This enables notifications to automatically be allowed on computers. This setting is enabled by default.

To access this feature, navigate to Settings > Computer Management - Management Framework > Security.

The following features and functionality changes have been added to Computer PreStage Enrollments:

• Additional Functionality for Enrollment Packages—You can now distribute multiple packages to computers with macOS 10.14.4 or later during enrollment using the Enrollment Packages payload. You can use an interface similar to the Policies interface in Jamf Pro, allowing you to select multiple packages.
  In addition, you can now use any distribution point as the distribution point for hosting packages distributed with the PreStage enrollment. This allows you to use your environment's internal hosting solution. To use a distribution point other than a cloud distribution point, the distribution point must use HTTPS and cannot use any authentication.

• Management Account Information Changes—The Management Account information that is configured in the User-Initiated Enrollment settings is no longer included in the Account Settings payload. As a result, the local administrator account created using the Create an additional local administrator account setting in the Account Settings payload is now the only account that you can configure that is created and presented to the user before the Setup Assistant.

  Note: If your environment uses the Management Account information from the User-Initiated Enrollment settings, that account information is now displayed in the Create a local administrator account before the Setup Assistant settings. This is now editable and can be modified to fit your environment.

Jamf Pro 9.100 2017

• User Variable Support for LDAP Attributes—If your environment has an LDAP server set up, you can now enter user variables in the Account Full Name and Account Name fields when configuring the Pre-Fill Primary Account settings in the Account Settings payload. This allows the user variables to populate with the value for the LDAP attribute during the account creation screen in the Setup Assistant.

  Note: If a blank value is returned for the user variable, locking primary account information is ignored. Users can edit the account fields during account creation in the Setup Assistant.

You can now customize your own JSON schema in the Applications & Custom Settings payload of a computer configuration profile. This additional functionality allows you to enter a JSON schema for an application that is not currently provided by Jamf Pro. After entering the JSON schema, you can use the settings dynamically provided in the Jamf Pro interface to further customize your application.

To improve accessibility, some elements of the Jamf Pro interface have been restyled. This includes breadcrumbs, checkboxes, buttons, labels, spinners, and text input fields. Some fonts and colors have been also been changed to increase contrast.

Jamf Pro now allows computers with macOS 10.15 or later that were initially enrolled with Jamf Pro 10.18 or earlier to have Bootstrap Tokens manually escrowed. For more information, see the Manually Leveraging Apple's Bootstrap Token Functionality Knowledge Base article.

The Jamf Pro API beta is open for user testing. The base URL for the Jamf Pro API is /uapi. To access the Jamf Pro API documentation, append '/uapi/doc' to your Jamf Pro URL. For example: https://jss.instancename.com:8443/uapi/doc

Note: As the Jamf Pro API continues to be developed, changes will be made in future releases that may impact or break functionality. We strongly encourage that you test existing workflows using the Jamf Pro API before upgrading your production environment.

The following endpoints were added:

• /v1/jamf-pro-version

• /v1/mobile-device-enrollment-profile/{id}/download-profile

The following changes and enhancements were made:

• Added default and example values to many objects

• Updated many object names to follow a consistent naming scheme

• Labeled required fields in each endpoint

• Added summaries and descriptions to all endpoints

• Removed most previously deprecated endpoints

• Added ‘properties’, ‘buttonColor’, ‘buttonTextColor’, ‘backgroundColor’, and ‘iconUrl’ to EnrollmentSettings object used by the following endpoints:

  • GET /v1/enrollment-customization/{id}

  • PUT /v1/enrollment-customization/{id}

  • GET /v1/enrollment-customization

  • POST /v1/enrollment-customization

The following endpoints were removed:

• GET /settings/obj/category

• POST /settings/obj/category

• GET /settings/obj/category/{id}

• PUT /settings/obj/category/{id}

• DELETE /settings/obj/category/{id}

• POST /settings/obj/category/deleteCategories

• GET /settings/obj/category/{id}/history

• POST /settings/obj/category/{id}/history/notes

• POST /settings/obj/category/searchCategories

• / (base path)

Version 2 of the following endpoints was removed:

• GET /v2/categories

• POST /v2/categories

• DELETE /v2/categories

• GET /v2/categories/{id}

• PUT /v2/categories/{id}

• DELETE /v2/categories/{id}

• GET /v2/categories/{id}/history

• POST /v2/categories/{id}/history

Version 1 of these endpoints has been upgraded and should be used going forward (for example, GET /v1/categories).

You can now stop package builds and source conversions mid-process by clicking the Stop button. This allows you to make changes to a package source immediately rather than waiting for the process to complete. You can stop the following processes:

• Building a PKG or DMG

• Converting a PKG or DMG to source

For more information about changes to Composer, see the Release History page in the Composer User Guide.

• Feature requests implemented in this release can be viewed at:
  https://www.jamf.com/jamf-nation/feature-requests/versions/259/jamf-pro-10-19-0

• Privileges associated with new features in Jamf Pro are disabled by default.

• It is recommended that you clear your browser's cache after upgrading Jamf Pro to ensure that the Jamf Pro interface displays correctly.