Menu Close

Setup Your Mac (1.6.0): “Live” Jamf Pro Policy Validation

Update: February 2023

Help mitigate zero-day attacks with the new “Outdated OS Action” in Setup Your Mac (1.7.0) which easily allows Mac Admins to specify a minimum OS version


Learn how to implement remote Jamf Pro policy validation with Setup Your Mac (1.6.0)

“Live” Jamf Pro Policy Validation with Setup Your Mac (1.6.0) presentation (03:59)

Background

The implementation of recent feature request to Setup Your Mac (1.6.0) introduces additional policy validation options to help ensure critical enterprise applications are both installed and their related services are running.

Introduction

Apple’s Automated Device Enrollment helps to streamline Mobile Device Management (MDM) enrollment and device Supervision during activation, enabling IT to manage enterprise devices with “zero touch.”

Setup Your Mac aims to simplify initial device configuration by leveraging swiftDialog and Jamf Pro Policy Custom Events to allow end-users to self-complete Mac setup post-enrollment.

Validations

Setup Your Mac (1.6.0) introduces two new “live” policy validation options which answer the question:

“I can see it’s installed; is it running?

  • Local (i.e., validation within the Setup Your Mac script)
  • Remote (i.e., validation via a single-script Jamf Pro policy)
Remote validation via a single-script Jamf Pro policy

The previous validation options are still available:

  • Absolute Path (simulates pre-1.6.0 behavior, for example:
    "/Applications/Microsoft Teams.app/Contents/Info.plist"
  • None (for triggers which don’t require validation, for example: recon; always evaluates as successful)

Local

Local Jamf Pro Policy Validation relies on sample code included within the Setup Your Mac script.

While the validation is fast, the validation I’ve written may not meet your specific requirements and adds yet another code snippet you have to maintain and remember to update with each new release of Setup Your Mac.

If the validation I’ve written does meet your needs, you’re done.

Remote

Remote validation leverages your code via a single-script Jamf Pro policy.

While remote validation is slower, and initial, one-time setup is required, long-term, once you have your validation working as desired, it shouldn’t require too much care-and-feeding.

Here’s the workflow we’re using for the initial, one-time setup for remote Jamf Pro Policy Validations.

Setup Your Mac (1.6.0) Remote Validation Workflow (00:26; no audio)

  • The code of an existing Extension Attribute is saved as a Script in your Jamf Pro server.
  • This script is then added to simple Jamf Pro policy, with a custom Trigger.
  • This custom Trigger is then specified in Setup Your Mac, with the “validation” option of Remote.
  • When the policy successfully executes, the returned output must include the keyword Running, meaning the service which you’re validating is running.

Sample validations are available on GitHub.

Learn more about Setup Your Mac (1.6.0).

Posted in Jamf Pro, macOS, swiftDialog

Related Posts