Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Send the Jamf Pro API command via MDM. #9

Closed
mauriciope opened this issue May 20, 2022 · 4 comments
Closed

Send the Jamf Pro API command via MDM. #9

mauriciope opened this issue May 20, 2022 · 4 comments

Comments

@mauriciope
Copy link

Hello just start looking at your solution, looks really good.
I've noticed the in the Jamf MDM commands you did not specify the version.
For example:
jamfJSON='{ "deviceIds": ["'${jamfProID}'"], "skipVersionVerification": false, "applyMajorUpdate": false, "updateAction": "DOWNLOAD_ONLY" }'

The Jamf 10.38.1 API has this schema

{
  "deviceIds": [
    "1",
  ],
  "maxDeferrals": 7,
  "version": "12.0.1",
  "skipVersionVerification": false,
  "applyMajorUpdate": false,
  "updateAction": "DOWNLOAD_AND_INSTALL",
  "forceRestart": false
}

By ignoring the version you are requesting the latest available?
Regards
@Macjutsu
Copy link
Owner

Indeed, per Jamf's documentation "no version" is the same as asking for the "latest available". However, I'm also specifying "applyMajorUpdate": false, which will prevent a major macOS upgrade.

I do plan to support major upgrades in a future version.

@mauriciope
Copy link
Author

Hello, our Apple Rep mentioned that for upgrades their MDM call will treat it as Download and Install, even if the request is Download only.
We have a testing plan and we would like to target the latest updates to our testers and hold off the rest (or target the approved version) until their testing is completed.

@Macjutsu
Copy link
Owner

Macjutsu commented May 21, 2022
edited

I'm not sure what the Apple Rep is talking about, at least via the Jamf API, because the "download only" MDM command does work. In this case, system will download and prepare, but it will not restart to complete the installation. This is what allows super to ask the user if they want to defer the restart. After a deadline has passed or the user selects "restart", then super will send the "install and restart" MDM command. However, this is only reliable on macOS 11.5 or later. Thus, the minimum requirement for super to use the MDM update command is macOS 11.5 or later.

As for targeting a specific older update version, the problem is that this is not possible with the softwareupdate command or reliable via the MDM command on macOS versions prior to 11.5. At this point I want to keep super feature parity between older systems (which can only use the softwareupdate command) and newer systems. However, I will consider this for a future version of super, but again it will only be possible when updating via MDM command and if the system is already on macOS 11.5 or later.

For now, super will adhere to the deferred update settings in a Restriction Config Profile. Although this doesn't allow you to defer a specific version (thanks again Apple!), it does allow you defer the latest update for a number of days. You can use this against your "non-test" production systems to prevent super from updating to the latest version.

@Macjutsu Macjutsu reopened this May 21, 2022
@mauriciope
Copy link
Author

ok

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mauriciope @Macjutsu