Latest Jamf 100 Flashcards

Question

How do you access Control Center on iPhone X or later?

Answer 1

Swipe down from the top right.

Answer 2

The “In-App Purchases” label.

Answer 3

Lists contents of a directory.

Answer 4

Opens Spotlight.

Answer 5

Wirelessly configure, update, and deploy content to devices.

Answer 6

A push certificate.

Answer 7

TSV, CSV, XML.

Answer 8

All devices.

Answer 9

Logs out the user, restarts the computer, and sets a firmware passcode.

Answer 10

The policy's trigger.

Answer 11

View device info, customize preferences, and manage settings.

Answer 12

It's functionally and organizationally similar.

Answer 13

Access to Apple services like iCloud and the App Store.

Answer 14

No, but some features won't be available without it.

Answer 15

Customize and restrict settings to enforce standards.

Answer 16

Near the top of the Settings list (e.g., Wi-Fi, Bluetooth).

Answer 17

Device name, software version, storage capacity, etc.

Answer 18

Enable automatic updates and install available updates.

Answer 19

Prepares the device for transfer or erases all content.

Answer 20

Services that use biometrics, passcode settings, and lock timer.

Answer 21

System Settings.

Answer 22

Manage and enforce them.

Answer 23

Device name, OS version, storage, and more.

Answer 24

Enabling and installing system updates.

Answer 25

Move data or erase all content.

Answer 26

Hardware, network, and installed software details.

Answer 27

Location, camera/mic, screen recording, FileVault.

Answer 28

Administrator credentials.

Answer 29

Helps find specific settings quickly.

Answer 30

Two: system volume and data volume.

Answer 31

The operating system and system data.

Answer 32

User data (encrypted if a passcode is set).

Answer 33

Creates separate data volumes for multiple users.

Answer 34

An app sandbox is a security mechanism in macOS and iOS that restricts what an app can do and what data it can access.

Answer 35

App data refers to the information that an app stores or uses to function properly. This can include: 🔹 **User Data:** * Preferences * Login info * Saved files or documents 🔹 **Configuration Data:** Setup details 🔹 **Cache** 🔹 **Database Files:** Local databases (like SQLite) that store structured info In Jamf Pro, "app data", often refers to the metadata Jamf pulls in from the App Store — like: * App name * Version * Description This data helps IT admins manage apps more easily, automate updates, and deploy the correct versions. User-generated content like high scores or documents.

Answer 36

Locally or backed up to iCloud/servers.

Answer 37

It is removed, but cloud backups may remain.

Answer 38

APFS (Apple File System).

Answer 39

On macOS, **the System Volume contains the core operating system files.** It is a read-only, sealed volume introduced with macOS Catalina (10.15) and later, as part of Apple’s System Volume and Data Volume structure for better security. ⸻ 📦 **Stored in the System Volume:** * The macOS operating system itself * System apps (like Safari, Terminal, Mail) * Frameworks and daemons required for the OS to run * Core libraries and system resources

Answer 40

User files, documents, and user-installed apps.

Answer 41

A security tech protecting core system files.

Answer 42

Only Apple-signed processes (updates/installers).

Answer 43

Views and modifies disk volumes.

Answer 44

Applications, Library, System, and Users.

Answer 45

All users on the Mac.

Answer 46

Description, user reviews, and app privacy info.

Answer 47

An Apple ID.

Answer 48

Tap “Get” or purchase, then confirm installation.

Answer 49

Download, open the disk image, and follow instructions.

Answer 50

A macOS feature that checks downloaded apps for threats.

Answer 51

Long press > Remove from Home Screen or Delete.

Answer 52

Drag it from the Applications folder to the Trash.

Answer 53

Deploy or restrict apps without needing personal Apple IDs.

Answer 54

Dock layout, browser home page, light/dark mode.

Answer 55

In property list (PLIST) files.

Answer 56

XML format, .plist file extension.

Answer 57

Quick Look (press Space on selected file).

Answer 58

/Library/Preferences.

Answer 59

~/Library/Preferences.

Answer 60

Go to Finder > Go menu > hold Option key.

Answer 61

cfprefsd cfprefsd = Core Foundation Preferences Daemon Purpose: • It reads, writes, and manages system and user preferences on macOS. • Works behind the scenes when you change system settings, app preferences, or configurations. • Apps and the system use it to access or modify .plist (property list) files that store preferences. ⸻ Key Details: • Launched automatically by the system. • Located at: /usr/libexec/cfprefsd • Runs as multiple instances: one for each user and one for system-level settings

Answer 62

Jamf Pro manages PLISTs using: 1. Configuration Profiles (Custom Settings payload) 2. Scripts (defaults or PlistBuddy commands) 3. Deploying raw PLIST files via policies or packages

Answer 63

Remotely configure, secure, and deploy content to devices.

Answer 64

Through Apple Push Notification service (APNs).

Answer 65

1. Jamf Pro contacts APNs 2. APNs notifies device 3. Device contacts Jamf Pro 4. Device confirms success to APNs 5. APNs confirms to Jamf Pro.

Answer 66

**Declarative Device Management (DDM)** is a more efficient way for devices (like iPhones, iPads, and Macs) to **manage themselves more independently**, with **less constant back-and-forth with an MDM server.** In simple terms: * Old way (“traditional” MDM): The server tells the device everything it must do — and the device keeps asking the server, “What next? What next?” * New way (Declarative Device Management): The server gives the device a set of rules, conditions, and goals. The device can then act on its own, checking if it meets the goals and reporting status updates automatically — without needing constant server instructions. ⸻

Answer 67

A push certificate, renewed yearly.

Answer 68

It ensures continuity and access for renewals.

Answer 69

* **P – Powered** on - R * **A – APNs** configured * **I – Internet** access * **S – Supported** command * **E – Enrolled**

Answer 70

* Remote commands, * configuration profiles, * app deployment * Security Commands * Remote Management Commands * Inventory Collection * Self Service (on mobile devices)

Answer 71

Remote management of Apple devices.

Answer 72

It cannot receive MDM commands.

Answer 73

1. App/book license distribution 2. Automated enrollment 3. Managed Apple ID creation.

Answer 74

Managed Apple IDs are used to **give users access to Apple services (like iCloud, iWork, and Shared iPad)** in a way that’s controlled and managed by an organization, such as a school or business. 🚫 What They Can’t Do: **Can’t be used to purchase media from the App Store, iTunes Store, or Apple Books.**

Answer 75

View warranty details in Jamf Pro.

Answer 76

No, availability varies by country/region.

Answer 77

Jamf Pro is a comprehensive Apple device management solution designed for IT administrators to manage macOS, iOS, iPadOS, and tvOS devices across an organization. **Key Features** of Jamf Pro: **- Device Enrollment**: Automates the setup and configuration of new Apple devices using Apple’s Automated Device Enrollment (formerly DEP). **- App Management**: Distributes and manages apps through the App Store, custom apps, or third-party sources. **- Configuration Profiles**: Applies settings and restrictions to devices (like Wi-Fi, VPN, email configurations). **- Inventory Management**: Collects detailed hardware and software data from each managed device. **- Self Service**: A customizable app where users can install pre-approved apps, run scripts, or access resources. **- Security Management**: Enforces security settings, remotely locks or wipes devices, and monitors compliance.

Answer 78

Jamf Cloud or on-premise.

Answer 79

1. Enrolled devices 2. Smart group counts 3. Policy and config statuses 4. Patch management reports.

Answer 80

For Example: **To Add a Smart Group to the Dashboard:** 1. Go to Computers or Devices > Smart Computer Groups (or Smart Mobile Device Groups). 2. Create or edit a Smart Group. 3. In the settings, check the option “Display on Dashboard.” 4. Save. 📊** Common Dashboard Items:** * Smart computer groups * Smart mobile device groups * Policies * Configuration profiles * Patch management data * Inventory data (e.g., device counts)

Answer 81

Computers, Devices, Users, Settings.

Answer 82

Mac inventory and configurations.

Answer 83

iPhones, iPads, Apple TVs, Vision Pro, Apple Watches.

Answer 84

**Purpose:** ➡️ Manage user data ➡️ Link users to devices ➡️ Control access and targeting 🧩 Key Uses: **1. Directory Integration** 🔗 Connects to LDAP, AD, or Azure AD to pull in user info. **2. User Assignments** 👤 Assign devices to specific users for tracking and personalization. **3. Scoping** 🎯 Target policies, profiles, and apps to users or groups. **4. Self Service** 🛍️ Customize access to content based on users. **5. Enrollment** 📝 User-initiated enrollment links users and devices from the start.

Answer 85

**Think “JAMF-SING” 🎶** * J – Jamf user accounts * A – APNs/MDM setup * M – Management settings * F – File distribution * S – Security * I – Integrations * N – Network config * G – Global preferences

Answer 86

The **Resource Center is a built-in help and learning hub** inside Jamf Pro. It’s designed to give you quick access to: 📖 **Guides and Documentation.** 🎓 **Training Resources** 🆕 **Release Notes** 🛠️ **Support Resources** 💡 **Best Practices**

Answer 87

1. Go to ⚙️ Settings in Jamf Pro. 2. Under “System Settings,” click on “User Accounts & Groups.”

Answer 88

**Jamf user accounts control who can log in to Jamf Pro and what they’re allowed to do once inside.** * Access control (who can log in) * Permissions (what actions they can perform) You can also think of it as: **User accounts = keys + rules** (Keys = login access, Rules = allowed actions)

Answer 89

1. Administrator (full access) 2. Auditor (read-only) 3. Custom (Privileges are manually selected) 4. No Access (User has no permissions; enrollment only access)

Answer 90

**Jamf user groups are used to organize users and assign the same permissions to multiple users at once.** Instead of setting privileges one-by-one, you can do it for the whole group. ⸻ 🔑 Key Uses: * Assign roles and privileges to many users easily * Manage access based on teams or job roles (e.g., IT staff, Help Desk) * Can include local or directory (LDAP) users ⸻ 🧠 Quick Summary: **User groups = permission shortcuts for managing many users at once.**

Answer 91

If a user is assigned to multiple groups, every privilege from those groups is available to that user.

Answer 92

Categories are used to organize items like apps, policies, profiles, and scripts in Jamf Pro and Self Service.

Answer 93

Category priority—lower numbers have higher priority.

Answer 94

**Buildings and departments** in Jamf Pro are used to: - organize devices and users based on physical location or organizational structure, - helping with inventory management, - reporting, and - targeting specific policies or configurations.

Answer 95

No, only one building and one department per device.

Answer 96

To integrate Apple Business/School Manager with Jamf Pro for automatic device setup and enrollment.

Answer 97

**PreStage Enrollment** is a setup process in Jamf Pro that **automates and customizes how Apple devices are enrolled** in MDM (Mobile Device Management)

Answer 98

Zero-touch deployment means a device can be fully set up and managed without IT physically handling it. ✅ Requirements: 1. Apple School Manager or Apple Business Manager (ASM/ABM) 🏫/🏢 Where devices are purchased and assigned to your MDM. 2. Automated Device Enrollment (ADE) 🔁 Connects ASM/ABM to Jamf Pro for automatic enrollment. 3. Jamf Pro instance 🖥️ The MDM that receives the device and applies your configurations. 4. PreStage Enrollment configured in Jamf Pro ⚙️ Defines how the device should behave during setup (skip screens, apply settings, etc.). 5. Device must be assigned to Jamf Pro in ASM/ABM 📲 Ensures the device knows to contact your Jamf server. 6. Internet connection on first boot 🌐 So the device can contact Apple and start enrollment. ⸻ 🧠 Quick Summary: Zero-touch = Device ships → connects to Wi-Fi → enrolls in Jamf → auto-configured.

Answer 99

Devices purchased through business or education channels.

Answer 100

A method where users enroll their own devices into Jamf Pro after Setup Assistant.

Answer 101

❌ No, supervision is not enabled by default with user-initiated enrollment on iOS. ⸻ 🧠 Here’s Why: * User-initiated enrollment means the user manually enrolls the device (usually by visiting a Jamf URL). * On iOS, this method does not grant supervision. * Supervision gives IT more control over the device (e.g., silent app installs, restrictions). * To enable supervision, you must use Automated Device Enrollment (ADE) via Apple School/Business Manager and a PreStage enrollment in Jamf. ⸻ ✅ Summary: Supervision is only enabled on iOS with Automated Device Enrollment — not user-initiated.

Answer 102

✅ Yes, supervision is enabled with user-initiated enrollment on macOS 11 (Big Sur) or later — but only for M1/M2 (Apple silicon) or T2 chip Macs. ⸻ 🧠 Key Points: * On macOS 11+, when a user manually enrolls their Mac via user-initiated enrollment, the device can be supervised.

Answer 103

Yes, users can remove management from devices enrolled via user-initiated enrollment, even if the device is supervised.

Answer 104

[Jamf Pro server URL]/enroll (or :8443/enroll for on-premise servers).

Answer 105

⚙️ They Use inventory fields, like: * Device name * Username * Serial number * Operating system version * Model * IP address Basic matching (e.g., “is,” “contains,” “starts with”)

Answer 106

The asterisk (*).

Answer 107

📱 For iOS/iPadOS Devices (like iPads) in Jamf Pro: inventory update once every 24 hours. 🖥️ For Computers (macOS devices) in Jamf Pro inventory update every 7 days

Answer 108

Apple Push Notification service (APNs).

Answer 109

Advanced searches let you filter, sort, and export detailed data about your devices using custom criteria.

Answer 110

The “Like” operator is **used to find partial matches** in fields

Answer 111

Using parentheses.

Answer 112

* **Send Remote Commands, like:** * Update Inventory * Lock Device * Wipe Device * Restart Device * Enable Lost Mode (iOS) * Clear Passcode (iOS) ***Install Configuration Profiles * Install Apps (macOS or iOS) * Remove MDM Profile (if allowed) * Send Messages to macOS users**

Answer 113

Static groups and smart groups.

Answer 114

Manually added or removed.

Answer 115

A smart group is a dynamic group in Jamf Pro — **devices or users are added automatically based on criteria you set.**

Answer 116

A classroom cart of iPads or test devices.

Answer 117

🧠 Summary: A smart group updates itself automatically based on live criteria — no manual work required. 📌 For Example: Devices that need Zoom app installed automatically. Smart Groups automatically includes all devices that do not have Zoom installed. * If a device installs Zoom later, it’s removed from the group. * If a new device checks in and doesn’t have Zoom, it’s added. This is perfect for scoping policies (like installing Zoom) only to the devices that actually need it.

Answer 118

From the Jamf Pro Dashboard.

Answer 119

Which devices receive a management task.

Answer 120

Targets, Limitations, Exclusions.

Answer 121

**Targets** are the **primary group** of devices or users you want to **include** when scoping something (like a policy, app, or profile).

Answer 122

Narrow down the target group of who receives the item.

Answer 123

Remove devices from the scope—overriding both targets and limitations.

Answer 124

**Configuration profiles are used to define and distribute settings and restrictions to managed Apple devices** (macOS, iOS, iPadOS, tvOS). These profiles let you control device behavior without needing to manually configure each one. Here’s what configuration profiles are typically used for: * Wi-Fi settings – Automatically connect devices to specific networks. * VPN settings – Configure secure remote access. * Email settings – Preload email accounts with server details. * Security settings – Enforce passcodes, encryption, and firewall rules. * Restrictions – Limit device features (e.g., disabling the App Store or camera). * App and device management – Set preferences for apps, system behavior, and device access.

Answer 125

General > Device Management in System Settings.

Answer 126

Apple Push Notification service (APNs).

Answer 127

Passcode, Restrictions, and Wi-Fi.

Answer 128

he General payload defines the **basic info and behavior** of a configuration profile—such as Name, Description, Level and Scope

Answer 129

No, you can’t include multiple configurations of the same payload (like two Wi-Fi settings) in one Jamf profile. Instead, create separate profiles for each configuration.

Answer 130

No—use separate profiles to reduce complexity.

Answer 131

"Make Available in Self Service" and "Install Automatically/Prompt Users to Install."

Answer 132

Managed app distribution in Jamf refers to **the way apps are deployed, owned, and controlled by the organization on Apple devices** using Mobile Device Management (MDM). 🔑 Key points: * Apps are assigned to devices or users through Apple’s Volume Purchasing (via Apple Business/School Manager). * Apps are owned by the organization, not the user. * Apps can be automatically installed, updated, or removed remotely. * Users don’t need an Apple ID to install these apps. * Jamf can reclaim and reassign app licenses when a device is unenrolled or a user no longer needs it. 📦 This ensures easy, centralized control of apps across all managed devices.

Answer 133

✅ Why use managed distribution? **1. No Apple ID required** → Users don’t need to sign in to the App Store—apps just show up on the device. **2. Central control** → IT admins can remotely install, update, or remove apps at any time. **3. License management** → Easily track, reassign, and reclaim app licenses using Apple Business/School Manager. **4. Silent installs** → Apps can be installed without user interaction—ideal for classrooms or company devices. **5. Better user experience** → Fewer steps for users and no personal Apple account issues. **6. Security** → Ensures only approved apps are installed and managed properly. 💡 In short: **It gives organizations full control over app deployment, without relying on users to take action.**

Answer 134

It syncs with the App Store.

Answer 135

Remote deployment and installation of software updates.

Answer 136

Computers > Software Updates and Devices > Software Updates.

Answer 137

1. 🎯 **Target –** The **device or group of devices** you want to update. (e.g., a smart group of Macs running macOS 13.) 2. ⚙️ **Action –** The **type of update behavior** you want to apply. (e.g., download only, install immediately, or schedule install.) 3. 🔢 **Version –** The **specific OS or app version** you want to deploy. (e.g., macOS 14.4.1 or a specific version of Pages.)

Answer 138

🛠️ Update Options Available in an **Update Plan**: **1. Download Only** ⤷ Downloads the update to the device, but does not install it yet. **2. Install Later** ⤷ Prompts the user to install the update at a later time. **3. Install Tonight** ⤷ Prompts the user to schedule the install overnight. **4. Install Now** ⤷ Immediately installs the update (may cause a restart). **5. Notify Only** ⤷ Sends a notification that an update is available, but takes no action. **6. Schedule Update with Deferral (macOS only)** ⤷ Allows you to configure a deferral period (e.g., users can postpone the update for a certain number of days).

Answer 139

No, Jamf Pro cannot install an older version of Apple software (like macOS or iOS) using standard MDM commands.

Answer 140

It gets a prompt to install the update when turned on or reconnected.

Answer 141

**A policy is used to automate 📝 tasks and 📱💻 manage devices by performing specific actions** on Macs, iPads, and other Apple devices. 🛠️ What is a policy used for? Policies are used to: * Install software (e.g., apps, packages, updates) * Run scripts (like cleanup tasks or custom configurations) * Configure system settings * Enforce security (e.g., set passwords, enable FileVault) * Perform maintenance (e.g., run inventory, reboot, flush logs) * Deploy printers, printers, or network settings * Trigger events (like on login, check-in, or manually)

Answer 142

Installing software, running scripts, adding printers.

Answer 143

The jamf binary (does not require APNs).

Answer 144

✅ “Enrollment Complete” policy 📦 What does it do? This policy is triggered immediately after a device is enrolled and is meant to: * Kick off initial setup tasks * Run scripts or configurations * Install apps or profiles needed right after enrollment

Answer 145

Content, Trigger, Execution Frequency, and Scope.

Answer 146

Yes, for easier monitoring.

Answer 147

The policy can run again at the next trigger.

Answer 148

The General payload.

Answer 149

Creates, deletes, or resets local user accounts.

Answer 150

**1. 📝 Update Inventory** * Sends updated system info (like OS version, installed apps, storage, etc.) to Jamf Pro. **2. ♻️ Flush System Caches** * Clears temporary files and caches to help resolve app or system issues. **3. 🧼 Reset Printing System** * Removes all printers and resets the printing subsystem. **4. 🔄 Update or Run macOS Software Updates** * Prompts the Mac to check for and install available Apple software updates. **5. 🔁 Repair Disk Permissions** (macOS 10.10 and earlier) * Fixes file permission issues. (Note: Not available on modern macOS versions.)

Answer 151

It's a resource-intensive task.

Answer 152

An application provided by Jamf Pro that allows users to install apps, run scripts, and access IT-approved tools

Answer 153

1. Create or Edit a Policy in Jamf Pro. 2. Go to the Self Service tab. 3. Enable Self Service by checking the option ✅ for “Make this policy available in Self Service”. 4. Add a title, description, and icon for the policy. 5. Optionally, categorize the policy and scope it to relevant devices/users. 6. Deploy the policy.

Answer 154

In Jamf Pro, the **“Once per computer” execution frequency means that the policy will only run one time on each managed computer**, regardless of how often the policy’s trigger is activated (e.g., at check-in, login, or custom event).

Answer 155

“Ongoing” execution frequency means the policy can run an unlimited number of times — every time its trigger is activated.

Answer 156

*** 📦 Packages** – Install software *** 📜 Scripts** – Run custom tasks *** 🛠 Maintenance** – Update inventory, flush caches *** 🖨 Printers** – Add or remove printers *** 📌 Dock Items** – Add apps or links to the Dock *** 👤 Local Accounts** – Create or manage user accounts

Answer 157

* 🖼 Icon – Custom image for the policy * 📝 Title & Description – Friendly display name and explanation * 📂 Category – Organize by type (e.g., Utilities, Apps) * 🔘 Button Name – Custom label for the action button * 🔐 Require Admin – Prompt for admin credentials (optional) * 🔄 Restart Options – Restart before/after or user choice

Answer 158

512x512px in GIF or PNG format.

Answer 159

/Applications/Utilities

Answer 160

man (e.g., man pwd)

Answer 161

Handles most Jamf management tasks on a Mac.

Answer 162

* Jamf Pro Help (official manuals) * Jamf Learn (courses + training) * Jamf Nation (community Q&A)

Answer 163

Use sudo (e.g., sudo jamf policy)

Answer 164

(**Recon** stands for **reconnaissance**) Initiates an inventory update with Jamf Pro.

Answer 165

**A Jamf Script is just a regular shell script (bash, zsh, etc.) that you upload into Jamf Pro, and then you can run it on Macs through policies or Self Service.**

Answer 166

open (e.g., open https://jamf.com or open -a Chess.app)

Answer 167

Pauses execution for a set time (e.g., sleep 5)

Answer 168

It tells the Mac to use the Bash shell to execute the script.

Answer 169

With a # symbol. 🔹 In scripts (like Bash, Zsh, etc.), you add comments by starting the line with a #. Anything after the # on that line is ignored by the script when it runs. It’s just for humans to explain what the script is doing.

Answer 170

Yep — they do! ✅ ⸻ 🔹 **Scripts deployed from Jamf Pro usually run as root by default.** That means: * They have full admin (superuser) privileges. * They can modify system files, install apps, change settings — anything! * You don’t need to add sudo inside your script — it’s already running with elevated permissions.

Answer 171

* A – Automated enrollment at first boot * C – Customized Setup Assistant experience * E – Enforced supervision & security * S – Scoped device assignment * I – Identity integration (LDAP/IdP) * D – Deploy profiles and apps ⸻

Answer 172

✅ Scope = the full picture The scope defines who can receive the item — includes: 1. Targets (who should get it) 2. Limitations (narrow it down further) 3. Exclusions (who should NOT get it) ⸻ 🎯 Target = who you want to give it to This is the main group of devices or users you want to affect. * Can be a smart/static group, a user, a device, or all computers/devices.

Answer 173

It’s a command-line tool that gets installed on managed Macs during enrollment. It allows Jamf Pro to: * Execute policies * Install software * Run scripts * Update inventory * Trigger management tasks

Answer 174

* Installing or updating apps. * Fixing system settings (like Wi-Fi, printers, dock icons, etc.). * Cleaning up caches or temp files. * Running custom security tweaks. * Automating repairs (like resetting permissions).

Answer 175

1. **Write** your script (bash, zsh, python, etc.). 2. **Upload** it into Jamf Pro: * Go to Computers → Management Settings → Scripts → New. 3. **Attach** the script to a Policy. 4. **Set** Triggers and Scope: * When should the script run? (e.g., on check-in, at login, on demand) * Which Macs should it target? Jamf will push the script to the Mac and execute it under root (admin permissions).

Latest Jamf 100 Flashcards

(206 cards)