Update: 11-Jun-2024
Setup Your Mac (1.15.0) with SYM-Helper (1.2.0) via swiftDialog (2.5.0)
Learn how to implement remote Jamf Pro policy validation with Setup Your Mac (1.6.0 or later)
Background
The implementation of recent feature request to Setup Your Mac (1.6.0) introduces additional policy validation options to help ensure critical enterprise applications are both installed and their related services are running.
Introduction
Apple’s Automated Device Enrollment helps to streamline Mobile Device Management (MDM) enrollment and device Supervision during activation, enabling IT to manage enterprise devices with “zero touch.”
Setup Your Mac aims to simplify initial device configuration by leveraging swiftDialog and Jamf Pro Policy Custom Events to allow end-users to self-complete Mac setup post-enrollment.
Validations
Setup Your Mac (1.6.0) introduces two new “live” policy validation options which answer the question:
“I can see it’s installed; is it running?
- Local (i.e., validation within the Setup Your Mac script)
- Remote (i.e., validation via a single-script Jamf Pro policy)
The previous validation options are still available:
- Absolute Path (simulates pre-1.6.0 behavior, for example:
"/Applications/Microsoft Teams.app/Contents/Info.plist"
- None (for triggers which don’t require validation; always evaluates as successful)
Local
Local Jamf Pro Policy Validation relies on sample code included within the Setup Your Mac script.
While the validation is fast, the validation I’ve written may not meet your specific requirements and adds yet another code snippet you have to maintain and remember to update with each new release of Setup Your Mac.
If the validation I’ve written does meet your needs, you’re done.
Remote
Remote validation leverages your code via a single-script Jamf Pro policy.
While remote validation is slower, and initial, one-time setup is required, long-term, once you have your validation working as desired, it shouldn’t require too much care-and-feeding.
Here’s the workflow we’re using for the initial, one-time setup for remote Jamf Pro Policy Validations.
- The code of an existing Extension Attribute is saved as a Script in your Jamf Pro server.
- This script is then added to simple Jamf Pro policy, with a custom Trigger.
- This custom Trigger is then specified in Setup Your Mac, with the “validation” option of
Remote
. - When the policy successfully executes, the returned output must include the keyword
Running
, meaning the service which you’re validating is running.
Sample validations are available on GitHub.
Learn more about Setup Your Mac (1.6.0).
Updates
25-Apr-2023
A special thanks to @drtaru for Pull Request 41 which now allows your remote validation scripts to return various results
:
Policy Result | Status Text |
---|---|
Running | Running |
Success | Installed |
Installed | Installed |