Update: February 2023
Help mitigate zero-day attacks with the new “Outdated OS Action” in Setup Your Mac (1.7.0) which easily allows Mac Admins to specify a minimum OS version
Learn how to implement remote Jamf Pro policy validation with Setup Your Mac (1.6.0)
The implementation of recent feature request to Setup Your Mac (1.6.0) introduces additional policy validation options to help ensure critical enterprise applications are both installed and their related services are running.
Apple’s Automated Device Enrollment helps to streamline Mobile Device Management (MDM) enrollment and device Supervision during activation, enabling IT to manage enterprise devices with “zero touch.”
Setup Your Mac (1.6.0) introduces two new “live” policy validation options which answer the question:
“I can see it’s installed; is it running?
- Local (i.e., validation within the Setup Your Mac script)
- Remote (i.e., validation via a single-script Jamf Pro policy)
The previous validation options are still available:
- Absolute Path (simulates pre-1.6.0 behavior, for example:
- None (for triggers which don’t require validation, for example:
recon; always evaluates as successful)
Local Jamf Pro Policy Validation relies on sample code included within the Setup Your Mac script.
While the validation is fast, the validation I’ve written may not meet your specific requirements and adds yet another code snippet you have to maintain and remember to update with each new release of Setup Your Mac.
If the validation I’ve written does meet your needs, you’re done.
Remote validation leverages your code via a single-script Jamf Pro policy.
While remote validation is slower, and initial, one-time setup is required, long-term, once you have your validation working as desired, it shouldn’t require too much care-and-feeding.
Here’s the workflow we’re using for the initial, one-time setup for remote Jamf Pro Policy Validations.
- The code of an existing Extension Attribute is saved as a Script in your Jamf Pro server.
- This script is then added to simple Jamf Pro policy, with a custom Trigger.
- This custom Trigger is then specified in Setup Your Mac, with the “validation” option of
- When the policy successfully executes, the returned output must include the keyword
Running, meaning the service which you’re validating is running.
Sample validations are available on GitHub.
Learn more about Setup Your Mac (1.6.0).