I love that you came up with a way to install VPP assigned apps even if the App Store is restricted.
If possible, I'd like the ability to push app updates in this way.
Add a quick search filter to the packages page (similar to what is found on the policies page).
It would be nice to limit number of BYOD devices per user.
Here is what we are looking to do…
User brings an iPhone(A) to the office and enrolls it. Some time later, User decides to upgrade their iPhone(A), which they do and enroll iPhone(B). They then remove a few apps and give iPhone(A) to their spouse. The problem is, iPhone(A) is still enrolled and still has access to our private network (we are an open campus which mean the spouse may be on campus frequently). It is still checking in, and so we don’t know which phone is the correct phone to un-enroll.
It’s an easy option when someone leaves staff to un-enroll all of their devices, but it gets sticky when they are still here and have lots of devices attached to their username, which they may have given to a family member.
It would be nice to limit the number of devices that can be enrolled at one time before making the user remove one. Or have a way for IT to do that in a graceful way.
Is it remotely possible to allow the Casper Suite jamf binary to report the currently connected AirPort network upon checkin (as opposed to inventory/recon). This would be useful especially in this day of Ethernet-less clients where we'd like to scope policies to a specific Wi-Fi network?
Just saw a few new options in the 8.3 release that I wanted to take advantage of.
Princeton Public Schools
We don't use autorun data (typically) and recently autorun data was edited via the inventory action feature for some of our computers. There is no way to identify which computers in inventory have autorun data associated with them. We were forced to delete all autorun data for all computers. It would have been very helpful to assess which computer entries were edited for auditing purposes.
In our organization we have users that connect via VPN. Currently Casper will use the primary IP and not the secondary. The ability to change on the fly an IP address will a better option than doing a recon to update the current IP.
I'd like for cached policies and software installs to be available in Self Service with offline option. That way users can still perform tasks without being on network.
I've seen several FR's request policy alerts when policies fail, however I'm looking for an alert when a Self Service policy is requested/executed. My specific scenario involves the use of the Make Me Admin workflow demo'd at JNUC 2013 (last one I attended at least). I'd like to be able to set alerts for people abusing that. Currently there are logs tracking that, but that only gets attention after the fact. We'd like to be able to catch it in mid-stride, so to speak.
A possible alternative could be to allow the execution, but possibly limit them from executing a policy constantly. The limitation threshold works for most things, but it could be set to allow for execution X times per day? or X times overall? etc and limit it that way.
It would be beneficial in our world, and I could see others taking advantage of it, too.
Currently you can only assign a a PreStage Enrolment to a Site only if it is associated to a DEP Instance that in turn is also assigned to a Site.
This implementation is actually a problem for two reasons:
Site admins cannot view or edit PreStage enrolments unless they have access to the DEP Instance the PreStage is linked with.
While it is possible to create multiple MDM Servers (in the Apple DEP portal) to correspond to multiple Sites in the JSS, in practice this complicates management for JSS admins in a production environment. The greatest benefit of integrating the JSS with the DEP is that you can have devices purchased under the corporate account automatically appearing in the JSS, where they can be managed and assigned to PreStage Enrolments. This is only possible if you assign one MDM server in the DEP portal as a “Master” so that devices are automatically assigned to it. Having one MDM server created per JSS DEP instance (Site-Specific) breaks this functionality and requires admins to log into the Apple DEP portal frequently to assign devices to the various MDM servers.
The functionality in this feature request is nothing new and is already how you can add other JSS functions (e.g. PreStage Imaging configurations, Enrolment Invitations, Configuration Profiles etc) to Sites.