usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-02-03 05:53:24 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity

JAMF integration? #194

New Issue
Closed
opened 2026-01-19 18:29:36 +00:00 by michael · 2 comments
michael commented 2026-01-19 18:29:36 +00:00
Owner
Copy Link

Originally created by @bdruth on GitHub.

Problem to solve

Leveraging mSCP in JAMF environments

Intended users

JAMF admins

Further details

It doesn't appear that there's a playbook on how to use mSCP with JAMF and proceeding on my own has yielded some unexpected challenges that I assume others have already found ways of working around. For example: uploading an unsigned mobileconfig to JAMF yields an unexpected end result where most if not all of the profile is deleted; uploading a signed mobileconfig works around this problem. There doesn't appear to be a way to upload generated profiles that yield JAMF-native configurations that are inspectable in the UI, but I've seen advice saying "use the JAMF-native profiles where possible" - I hope folks aren't manually plunking around in the UI and then manually diffing them against the generated guidance or engaging in a trial+error cycle with the compliance script? Finally, when attempting to automate the upload of the generated profiles (JAMF UI frustratingly only allows one profile to be uploaded at a time), using a tool such as https://github.com/grahampugh/jamf-upload/wiki/jamf-upload.sh, it appears the JAMF Pro API doesn't support uploading signed profiles ... which then runs into the first problem.

Proposal

Maybe seasoned veterans of mSCP and JAMF could share their approaches somewhere? Maybe this could be included in the Wiki or similarly handy documentation sources?

What does success look like, and how can we measure that?

Someone new to mSCP but with some experience using JAMF Pro from an administrative perspective can readily take the next steps to apply generated guidance to test machines.

Originally created by @bdruth on GitHub. ### Problem to solve Leveraging mSCP in JAMF environments ### Intended users JAMF admins ### Further details It doesn't appear that there's a playbook on how to use mSCP with JAMF and proceeding on my own has yielded some unexpected challenges that I assume others have already found ways of working around. For example: uploading an unsigned mobileconfig to JAMF yields an unexpected end result where most if not all of the profile is deleted; uploading a signed mobileconfig works around this problem. There doesn't appear to be a way to upload generated profiles that yield JAMF-native configurations that are inspectable in the UI, but I've seen advice saying "use the JAMF-native profiles where possible" - I hope folks aren't manually plunking around in the UI and then manually diffing them against the generated guidance or engaging in a trial+error cycle with the compliance script? Finally, when attempting to automate the upload of the generated profiles (JAMF UI frustratingly only allows one profile to be uploaded at a time), using a tool such as https://github.com/grahampugh/jamf-upload/wiki/jamf-upload.sh, it appears the JAMF Pro API doesn't support uploading signed profiles ... which then runs into the first problem. ### Proposal Maybe seasoned veterans of mSCP and JAMF could share their approaches somewhere? Maybe this could be included in the Wiki or similarly handy documentation sources? ### What does success look like, and how can we measure that? Someone new to mSCP but with some experience using JAMF Pro from an administrative perspective can readily take the next steps to apply generated guidance to test machines.
michael commented 2026-01-19 18:29:36 +00:00
Author
Owner
Copy Link

@golbiga commented on GitHub:

@bdruth please see, https://trusted.jamf.com/docs/establishing-compliance-baselines.

Here is our talk from JNUC as well, https://www.youtube.com/watch?v=hCq4PbLX0Tc&t=2s.

@golbiga commented on GitHub: @bdruth please see, [https://trusted.jamf.com/docs/establishing-compliance-baselines](https://trusted.jamf.com/docs/establishing-compliance-baselines). Here is our talk from JNUC as well, [https://www.youtube.com/watch?v=hCq4PbLX0Tc&t=2s](https://www.youtube.com/watch?v=hCq4PbLX0Tc&t=2s).
michael commented 2026-01-19 18:29:36 +00:00
Author
Owner
Copy Link

@bdruth commented on GitHub:

The JNUC talk I'm familiar with, that's what got me started! :) I'll give the JAMF Compliance Editor a look, thank you.

@bdruth commented on GitHub: The JNUC talk I'm familiar with, that's what got me started! :) I'll give the JAMF Compliance Editor a look, thank you.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
michael
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: usnistgov/macos_security#194
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?