Jamf Pro Policy Cheat Sheet

Following are quick outlines of how to setup Jamf Pro Policies for specific tasks.  These should be used as a guideline only!  As always TEST policies on a small group of devices before deploying them to an entire Group or Site.

Quick Index

Antivirus/AntiMalware
Authentication
macOS Patching
Sensitive Data


Endpoint Protection – Antivirus/AntiMalware

Use a Jamf Policy to install DetectX as a supplement to Apple’s XProtect.
Two policies are needed  to ensure proper install and scanning.
Full documentation is on the DetectX Setup for Jamf Pro page.

Endpoint Protection – Sensitive Data

Create a Jamf Pro policy to install the latest version of Spirion Identity Finder available from the Jamf Pro packages distribution.  This should be triggered as desired but only run once per computer as in Figure 1.

Image of Jamf Pro policy settings for Sensitive Data software Spirion
Figure 1: Jamf Pro Policy for Sensitive Data software Install

 

Endpoint Protection – Authentication

Use a Apple Configuration Profile in Jamf Pro to ensure that the Login Window option has setting for:

1)  Window tab is set to show Name and Password Fields for the Login Prompt as in Figure 2.

2) Options tab is set to Disable Automatic Login as in Figure 3.

 

Image showing the Login Window Options tab is set to show Name and Password Fields for the Login Prompt.
Figure 2: Jamf Pro Apple Configuration Profile for Log In Window

 

Image showing Login Window Options tab in Jamf Pro Configuration Profile set to not allow automatic login
Figure 3: Login Window Options Tab settings

 

Patch Standard – macOS Patching

Use a Jamf Pro policy with a Files and Process option to run Apple’s command line software update tool on a monthly basis.  Use the install and all command line switches

in the EXECUTE COMMAND field to install all macOS updates.  NOTE: with 10.14 and beyond this will not install updates to App Store apps as it did with earlier versions.

 

Image showing a Jamf Pro policy with a Files and Process option to run Apple's command line software update tool on a monthly basis
Figure 4: Policy to patch macOS