Jamf Change Notes

Internal Changes versus Jamf Vendor Changes

The sections below distinguish internal changes by Stanford University IT versus external updates administered by the Jamf Cloud Team. Note that the listed internal changes only include global changes -- not the additional configurations and automation Distributed IT might deploy to their respective Jamf Site(s).

More Information

If you cannot find more information about an item in our #jamf or #cop-macs Slack channels, feel free to inquire with us in #jamf or #eed-public.

Also, see the section below for official Jamf documentation.

Internal Changes by Stanford University IT

LAPS Access Enabled for Stanford IT Jamf Administrators

December 18, 2025

- The Local Administrator Password Solution (LAPS) for Jamf Pro provides IT administrators with secure, automated access to local administrator credentials on macOS devices.

- Automated Password Management - Unique passwords are generated and stored securely for each device

- Site-Based Access Control - Permissions follow site boundaries, ensuring administrators only access devices within their scope.

- Additional Information: Local Administrator Password Solution (LAPS) for macOS

- Technical Guides Available: Jamf Information for Technical Support Staff

"Admin SSO" (OIDC) Login Enabled for Stanford IT Jamf Administrators

December 18, 2025

- Switched the Jamf Cloud console Single Sign-on method for Jamf Administrators to OIDC authentication (Admin SSO)

- This is required to access new and future Jamf features, such as Blueprints and Compliance Benchmarks

- End-User Impact: None. No changes to our SAML 2.0 Stanford login experience for device enrollment and other user-facing operations

- Jamf Administrator Action Required: Upon first login with Admin SSO, administrators must reinstate their Account Preferences (e.g. Time Zone) settings and Inventory Display selections

Update Unmanagement Automation to Include ADE Devices

July 31, 2025

- The Unmanagement Automation is a service put in place to reclaim Jamf Licenses and reduce server load by placing devices into an unmanaged state. Devices in this state are unable to execute Jamf automation while retaining their ability to check-in.

- Up to this point the automation only affected user enrolled devices. Now it affects Apple Device Enrollment enrolled devices as well.

- Additional documentation was added to assist in the remediation of unmanaged macOS devices and macOS enrollment issues.
Troubleshooting MDM Enrollment Issues

Self Service "Send, Receive" Policy Bug Remediation

July 28, 2025

- The Self Service "Send Jamf Inventory, Receive Pending Policies" policy now uses a different command to trigger policy delivery

- The policy Description has been updated, accordingly

- This work-around is a temporary remediation against a bug causing a misleading "Item Failed" notification

Feature Removal - Jamf Remote Assist

May 19, 2025

- Turn off Jamf's native "Remote Assist" feature due to instability and lack of recent development

- This also reduces the number of configuration profiles deployed to Mac computers by two

Retired Mobile Reassignment Self Service Workflow

March 28, 2025

- Decommissioned the self-service workflow that enabled users to reassign SUNet IDs attached to mobile devices

- Service retirement was implemented in preparation for the upcoming automated Cardinal Key deployment on iOS devices

- Streamlines device management processes and eliminates manual reassignment steps for improved efficiency

Device Lifecycle API Scope Updated

March 25, 2025

- Updated the Device Lifecycle API scope from 1 year to 6 months for automatic device unmanagement

- This change reduces server overhead and decreases license count by removing inactive devices more frequently

- Improves system performance and cost efficiency while maintaining accurate device inventory management

GSX Capture Script Deployed

March 19, 2025

- Deployed automated script to import Global Service Exchange (GSX) data directly into the Jamf management console

- Enables console viewers and administrators to look up and export comprehensive warranty information for Apple devices

- Eliminates the need to access separate Apple systems for warranty data, streamlining device support workflows

Security - Cardinal Protect - Replace DEPNotify-driven build process with Jamf Setup Manager-driven build process

February 12, 2025

- Replace the DEPNotify-driven build process with a Setup Assistant based workflow where Jamf Setup Manager installs baselines app before one reaches the desktop

- This is to address the now-defunct DEPNotify solution no longer receiving regular development in favor of a more modern zero-touch-leaning solution like Jamf Setup Manager

Updated Device Lifecycle API with Queueing System

January 30, 2025

- Enhanced the device lifecycle API by implementing a robust queueing system to handle multiple simultaneous requests

- Dramatically increased scalability to efficiently process requests for thousands of devices without performance degradation

- Improves system reliability and prevents bottlenecks during high-volume device management operations

DDM Software Updates Deployed to iOS Devices

January 23, 2025

- Implemented Declarative Device Management (DDM) software update capabilities for iOS devices

- This Apple-native feature creates a nudge-like experience similar to macOS, prompting users to install important software updates

- Provides better control and user experience for maintaining up-to-date iOS devices across the organization

Enabled Jamf Managed Software Update Pane

November 22, 2024

- Activated Jamf's new managed software update feature that provides centralized control over Apple software updates

- This feature allows administrators to schedule, defer, and manage software updates across all managed Apple devices from a single interface

Security - Cardinal Protect - Deploy WalkMe extension alongside uBlock Origin extensions in Google Chrome browser

November 13, 2024

- In addition to uBlock Origin and uBlock Origin Lite, Jamf now also deploys the WalkMe browser extension to Google Chrome on Cardinal Protect for Mac computers eligible for WalkMe extension deployment automation.

- This is a Cardinal Protect-specific automation designed to address conflicts with the global WalkMe deployment automation.

Deployed Vault For Recovery Key Cold Storage API

November 4, 2024

- Implemented the Vault for Recovery Key (V4RK) API as a scalable solution for escrowing Jamf-stored recovery keys

- Automatically captures and securely stores recovery keys as devices submit inventory updates to Jamf

- Serves as the foundational first step towards building a comprehensive new recovery key infrastructure

Security - Cardinal Protect - Deploy uBlock Origin Lite to Google Chrome browser

October 31, 2024

- In addition to uBlock Origin, Jamf now also deploys the uBlock Origin Lite browser extension to Google Chrome on Cardinal Protect for Mac computers.

- This is to ensure Cardinal Protect for Mac retains ad-blocking functionality whenever Google forcibly disables uBlock Origin, which is a Manifest V2 extension. uBlock Origin Lite will remain functional as a Manifest V3 extension.

Networking - Disable macOS MAC Address Randomization/Rotation on Stanford Wi-Fi and eduroam Wi-Fi

September 15, 2024

- Before Apple's macOS 15 Sequoia release on September 16, 2024, configure Jamf Pro to deploy profiles that set "Private Wi-Fi address" to "Off"

- Disabling this feature on macOS 15+ computers for Stanford or eduroam Wi-Fi networks aligns with Jamf-enrolled mobile devices (e.g. iPhones) also prevented from randomizing their MAC addresses

- Preventing MAC address randomization streamlines the Stanford Network Registration process by eliminating the need for repeat registrations

Performance - No longer including unmanaged certificates in Jamf inventory (ADJUSTED)

August 29, 2024

This is an adjustment to the July 11, 2024 unmanaged certificate collection change

- Unmanaged certificate collection for Mobile Devices has been re-enabled as a requirement for mobile device Cardinal Key certificate reporting in MyDevices

- Unmanaged certificate collection for Computers remains disabled, because we use a unique method for computer Cardinal Key certificate reporting

- Jamf assured us of no performance degradation related to re-enabling Mobile Device unmanaged certificate collection

Bulk Action/Automation Enabled - Deploy Self Heal (Framework Redeploy) to Non-Communicative Computers

July 18, 2024

- Deployed Self Heal to devices which haven't checked-in or sent inventory for 355 days

- This work was done in order to remediate a possible bug where the Jamf Binary stops working properly but the MDM Profile is working on an active device

- Automation deployed to continuously deploy to devices as they meet the aformentioned criteria

Performance/Bug - Shorten Computer Inventory Retention History

July 12, 2024

- Jamf will be set to retain Computer Inventory data for 1 week, instead of 3 months

- This setting is being reinstated after our Jamf Pro 11.6.1 upgrade on July 10, 2024 set the value back to 3 months from its expected setting of 1 week

- This is necessary to reduce database load and storage requirements incurred by long retentions periods

Performance - No longer including unmanaged certificates in Jamf inventory

July 11, 2024

- Jamf will no longer include unmanaged certificate information in Jamf inventory data collected for every computer and mobile device

- This will alleviate the database load and storage requirements created by devices with over 1,000 certificates otherwise captured in their Jamf inventory data

Performance - Scaled our server settings in line with Stanford reaching a device count tipping point

July 10, 2024

- Jamf will only retain computer policy (e.g. automated application installation) history for 1 month, instead of 3 months

- This change is by Jamf's recommendation to optimize our server's ability to reliably manage of our device population size and automation use cases

Security - macOS - CrowdStrike Falcon Sensor installation/removal automations now account for Zoom meetings in session

June 6, 2024

- Jamf no longer proceeds with CrowdStrike Falcon Sensor installation/removal, if a Zoom session is detected

- Jamf will now defer automated Falcon Sensor installation/removal to another time when neither a VPN session nor Zoom session are detected

- This is to avoid unexpected disruptions to network connectivity while VPN is in use and/or while in a Zoom meeting

Setup Assistant - macOS - Removed Automated Device Enrollment (ADE) pane warning of the computer account creation bug

June 2, 2024

- The ADE pane entitled "Stanford University - Device Enrollment - Important Message" has been removed, no longer appearing just before Stanford SSO login during setup of macOS

- This message was only necessary to warn of the possibliity of macOS skipping the prompt to create a computer account due to a Jamf Pro 10 bug; this is now fixed with our upgrade to Jamf Pro 11

- The new duplicated default PreStage Enrollments created as a work-around for this bug are no longer default; the original PreStage Enrollments were reinstated as the defaults

Maintenance - Renewed/replaced Jamf enrollment certificate for MDM Profile ("Stanford Device Management")

February 28, 2024

- For those with an expired date for the device-enrollment.stanford.edu certificate, it can be ignored; and the “Unverified” status does NOT affect Jamf functionality whatsoever. It also has no impact on device compliance.

- If the "Unverified" status is concerning for any reason you can submit a ticket to discuss options with EED.

Security - macOS - Discontinued automatic disablement of Cisco AnyConnect Socket Filter (SOM Site)

February 7, 2024

- In the School of Medicine's SOM Site, Jamf no longer automatically disables Cisco's AnyConnect Socket Filter -- formerly the cause of macOS network instability most prominently in 2022

- Disabling the Cisco AnyConnect Socket Filter is also no longer a prerequisite to receive Jamf's automated CrowdStrike Falcon Sensor installation

Security - macOS - Discontinued automatic deployment of CrowdStrike Falcon Sensor to macOS 11 (Big Sur)

December 20, 2023

- Jamf no longer automatically deploys CrowdStrike's Falcon Sensor to macOS 11 (Big Sur) as of today

- This aligns with CrowdStrike (i.e. the vendor) ending support for macOS 11 (Big Sur) by the end of 2023

Performance - Shorten Computer and Mobile Device Management History

December 8, 2023

- Jamf will only retain Computer and Mobile Device Management log history (related to APNs commands) for 1 month, instead of 3 months

- Required to reduce a significant source of database table size bloat, increasing overall service performance and reliability

Fix - macOS - Resolved Setup Assistant's missing Computer Account creation screen

November 14, 2023

- Through 2023, we experienced an increasingly high incidence of the "Create a Computer Account" screen's failure to display during Setup Assistant

- After discontinuing the creation of Jamf's deprecated "management account" upon computer enrollment, macOS now consistently presents its "Create a Computer Account" screen during Setup Assistant

Performance - Scaled our server settings in line with Stanford reaching a device count tipping point

November 1, 2023

- Computers will poll for pending Jamf automations every 30 minutes, instead of every 15 minutes -- some may know this as the Jamf computer "Recurring Check-in Frequency"

- Jamf will only retain computer policy (e.g. automated application installation) history for 3 months, instead of 1 year

- The changes above are by Jamf's recommendation to optimize our server's ability to reliably manage of our device population size and automation use cases

Bug - macOS - Communicated persistence of Setup Assistant's missing Computer Account creation screen

October 26, 2023

- Updated our messaging (e.g. this Jamf FAQ item) to indicate macOS Sonoma has not yet included a fix to the macOS Setup Assistant bug

- We still occassionally do not see the "Create a Computer Account" screen at Setup Assistant completion, and must rely on our interim solution per this Jamf FAQ item

Security - macOS - Discontinued automatic disablement of Cisco AnyConnect Socket Filter

October 18, 2023

- Jamf no longer automatically disables Cisco's AnyConnect Socket Filter, known to be the cause of macOS network disconnections in 2022

- CrowdStrike automations no longer require the Cisco AnyConnect Socket Filter to be disabled before a computer can receive an automated Falcon Sensor installation

Security - macOS - Automations updated to target macOS Sonoma 14

October 12, 2023

- Updated CrowdStrike automations to target macOS Sonoma -- Cardinal Protect computers included

Compliance - macOS - Incorporated additional intelligence into the Nudge experience

September 29, 2023

- Enhanced our Nudge automations by introducing intelligence gathering on the health of macOS' Software Update service

- Incorporated our ability to only display Nudge when macOS' Software Update is "healthy" and likely to display accurate update information

Vendor Changes by Jamf Cloud Team

Jamf Cloud Version Upgrade to Jamf Pro 11.21.1

October 27, 2025

- Support for all version 26 operating systems across Apple product lines

- Enhanced alignment with new authentication method for IT (Admin SSO) requirements

- Additional confirmation prompts for Smart Group modifications and mass deployments

Jamf Cloud Version Upgrade to Jamf Pro 11.18.1

July 27, 2025

- Bootstrap Token handling improvements

- Meets requirements for new authentication method for IT (Admin SSO)

- Allows us to meet additional requirements for two new features: Jamf Blueprints and Compliance Benchmarks

Jamf Cloud Infrastructure Maintenance Update

July 9, 2025

- Proactive update to an outdated configuration reconciliation tool

- Supports stability of our Jamf Cloud instance

Jamf Cloud Version Upgrade to Jamf Pro 11.12.1

September 15, 2024

- Enables our ability to use Jamf Pro GSX integration

- General performance updates

Jamf Cloud Infrastructure Upgrade for Database Resilience

January 18, 2025

- Reconfigure our Tomcat Webserver to Database connection configuration to optimize resilience

Jamf Cloud Version Upgrade to Jamf Pro 11.9.1

September 15, 2024

- Enables our ability to manage macOS 15 Sequoia's "Private Wi-Fi address" feature

- Introduces additional database enhancements for improved server performance and reliability

Jamf Cloud Version Upgrade to Jamf Pro 11.6.1

July 10, 2024

- Jamf Cloud version 11.6.1 fixes the following high-visibility bugs:

- Attempting to install an MDM profile over an existing one -- as a troubleshooting method -- causes a computer to become "Unmanaged" (exacerbating whatever Jamf issue the person may have been trying to resolve)

- Viewing a computer's "Enrollment Method" property is blank; though the information exists in the Jamf database, it fails to display in the Jamf Cloud console

- Jamf Cloud version 11.6.1 introduces database enhancements resulting in better server performance and reliability

Jamf Cloud Version Upgrade to Jamf Pro 11.4.2, Migration to Modern Infrastructure

June 2, 2024

- The Jamf Cloud Team upgraded our Jamf Cloud instance to version 11.4.2, then moved it to their modern (Kubernetes) infrastructure.

- Jamf Cloud version 11 enables our access to the latest Jamf and Apple MDM management features (e.g. Declarative Device Management, Jamf Remote Assist, ...).

- Their modern infrastructure brings us a more resilient Jamf experience with automatic scaling of resources upon changes to server load.

Jamf Cloud Database Preventative Maintenance

December 3, 2023

- To maintain overall service availability and responsiveness, the Jamf Cloud Team will trim over-sized database tables down to more manageable sizes.

Jamf Cloud Database Server Upgrade

November 18, 2023

- To improve performance and overall reliability of our Jamf Pro Database Server the Jamf Cloud Team added additional system resources.

Jamf Cloud Upgrade - Version 10.50

October 22, 2023

- Initial support for features of macOS Sonoma 14, iOS 17, iPadOS 17, tvOS 17

- Introduces our ability to work around the Computer Account creation bug related to the unresolved Mac Setup Assistant problem

Jamf documentation for version-specific enhancements, removals, and resolved issues

More Information

LAPS Access Enabled for Stanford IT Jamf Administrators

"Admin SSO" (OIDC) Login Enabled for Stanford IT Jamf Administrators

Update Unmanagement Automation to Include ADE Devices

Self Service "Send, Receive" Policy Bug Remediation

Feature Removal - Jamf Remote Assist

Retired Mobile Reassignment Self Service Workflow

Device Lifecycle API Scope Updated

GSX Capture Script Deployed

Security - Cardinal Protect - Replace DEPNotify-driven build process with Jamf Setup Manager-driven build process

Updated Device Lifecycle API with Queueing System

DDM Software Updates Deployed to iOS Devices

Enabled Jamf Managed Software Update Pane

Security - Cardinal Protect - Deploy WalkMe extension alongside uBlock Origin extensions in Google Chrome browser

Deployed Vault For Recovery Key Cold Storage API

Security - Cardinal Protect - Deploy uBlock Origin Lite to Google Chrome browser

Networking - Disable macOS MAC Address Randomization/Rotation on Stanford Wi-Fi and eduroam Wi-Fi

Performance - No longer including unmanaged certificates in Jamf inventory (ADJUSTED)

Performance/Bug - Shorten Computer Inventory Retention History

Performance - No longer including unmanaged certificates in Jamf inventory

Performance - Scaled our server settings in line with Stanford reaching a device count tipping point

Security - macOS - CrowdStrike Falcon Sensor installation/removal automations now account for Zoom meetings in session

Setup Assistant - macOS - Removed Automated Device Enrollment (ADE) pane warning of the computer account creation bug

Maintenance - Renewed/replaced Jamf enrollment certificate for MDM Profile ("Stanford Device Management")

Security - macOS - Discontinued automatic disablement of Cisco AnyConnect Socket Filter (SOM Site)

Security - macOS - Discontinued automatic deployment of CrowdStrike Falcon Sensor to macOS 11 (Big Sur)

Performance - Shorten Computer and Mobile Device Management History

Fix - macOS - Resolved Setup Assistant's missing Computer Account creation screen

Performance - Scaled our server settings in line with Stanford reaching a device count tipping point

Bug - macOS - Communicated persistence of Setup Assistant's missing Computer Account creation screen

Security - macOS - Discontinued automatic disablement of Cisco AnyConnect Socket Filter

Security - macOS - Automations updated to target macOS Sonoma 14

October 12, 2023

Compliance - macOS - Incorporated additional intelligence into the Nudge experience

Jamf Cloud Version Upgrade to Jamf Pro 11.21.1

October 27, 2025

Jamf Cloud Version Upgrade to Jamf Pro 11.18.1

July 27, 2025

Jamf Cloud Infrastructure Maintenance Update

July 9, 2025

Jamf Cloud Version Upgrade to Jamf Pro 11.12.1

September 15, 2024

Jamf Cloud Infrastructure Upgrade for Database Resilience

January 18, 2025

Jamf Cloud Version Upgrade to Jamf Pro 11.9.1

September 15, 2024

Jamf Cloud Version Upgrade to Jamf Pro 11.6.1

July 10, 2024

Jamf Cloud Version Upgrade to Jamf Pro 11.4.2, Migration to Modern Infrastructure

June 2, 2024

Jamf Cloud Database Preventative Maintenance

December 3, 2023

Jamf Cloud Database Server Upgrade

November 18, 2023

Jamf Cloud Upgrade - Version 10.50

October 22, 2023

New Features and Enhancements

Deprecations and Removals

Resolved Issues