The remote commands available in Jamf Pro allow you to remotely perform tasks on computers.
You can send a remote command to a single computer. Some commands can also be sent to multiple computers at once using mass actions. For more information, see Mass Actions for Computers.
The following table describes the remote commands that you can send from Jamf Pro. Commands that can be sent as mass actions are indicated with an asterisk (*).
Remote Command | Description | Requirements |
|---|---|---|
Lock Computer* | Logs the user out of the computer, restarts the computer, and then locks the computer (Optional) Displays a message on the computer when it locks To unlock the computer, the user must enter the passcode that you specified when you sent the Lock Computer command. Note: On computers with Apple silicon (i.e., M1 chip) with macOS 11.4 or earlier, the passcode configured in the "Lock computer" command is not set. The computer reboots to the Activation screen in macOS Recovery with the options to restart, shutdown, activate, or erase the computer. To activate the computer, the user must authenticate with an administrator account that has a secure token. If there are no administrators with a secure token, activation cannot complete and the computer must be erased. This activation step requires an internet connection. | |
Remove MDM Profile | Removes the MDM profile from the computer, along with any configuration profiles that were distributed with Jamf Pro. After the MDM profile is removed, Jamf Pro will no longer be able to send commands to the computer, deploy configuration profiles, or deploy settings that rely on the Apple Push Notification service (APNs). Note: Removing the MDM profile without removing the Jamf management framework, which includes the jamf binary, will leave the computer in a partially managed state. The computer will continue to update inventory in Jamf Pro, receive policies, enforce restricted software, and perform other actions managed by the Jamf management framework. For more information about how to remove the Jamf management framework after using the Remove MDM Profile command, see Unmanaging Computers. | |
Renew MDM Profile* | Renews the MDM profile on the computer, along with the device identity certificate. The device identity certificate has a default expiration period of two years. Note: The Renew MDM Profile remote command is automatically issued when the built-in CA is renewed. The MDM profile will be renewed during the next computer check-in. For more information, see "Renewing the Built-in CA" in PKI Certificates. | |
Wipe Computer | Permanently and immediately erases the computer by sending a macOS Note:
Important:
Supported computers with macOS 12.0.1 or later will attempt to Erase All Content and Settings by default when the Wipe Computer command is sent. Your computer will automatically go through an Erase All Content and Settings preflight check to determine if your device can perform the command. If the preflight check fails, your chosen fallback behavior will be performed. By default, the fallback behavior erases the devices. For more information about requirements and methods for remotely wiping computers, see Erase Apple devices in Apple Platform Deployment. For information about returning a computer to service and reinstalling macOS, see Returning an MDM-Erased Computer to Service. An Obliteration Behavior option is also available in the Jamf Pro API. You can use | |
Send Blank Push | Contacts Apple Push Notification service (APNs) and the declarative status channel to prompt the computer to check in with Jamf Pro for instructions to perform an action, like install a configuration profile | |
Download/Download and Install Updates* | Updates the OS version and built-in apps on the computer You can update the OS version for macOS using the following options:
Note:
| macOS 10.11 or later Supervised or enrolled via a PreStage enrollment Note: To have the update for computers with Apple silicon (i.e., M1 chip) installed automatically without user interaction, a Bootstrap Token for target computers must be escrowed with Jamf Pro. For more information about how Jamf Pro manages software updates, see About software updates for Apple devices in Apple Platform Deployment. |
Unlock User | Unlocks a local user account that has been locked due to too many failed password attempts | macOS 10.13 or later Supervised or enrolled via a PreStage enrollment |
Remove User | Removes a user that has an active account on the computer Note: The Remove User command cannot remove a user if they are the last user with a secure token granted. | macOS 10.13 or later Supervised or enrolled via a PreStage enrollment |
Enable/Disable Bluetooth* | Enables/disables Bluetooth on the computer Note: When sending the command via a mass action, the Set Bluetooth option must be selected. | macOS 10.13.4 or later |
Enable/Disable Remote Desktop* | Enables/disables Remote Desktop on the computer Note: When sending the command via a mass action, the Set Remote Desktop option must be selected. | macOS 10.14.4 or later |
Set Activation Lock* | Allow user to enable Activation Lock directly on the computer Disable and prevent Activation Lock For more information, see the Leveraging Apple's Activation Lock Feature with Jamf Pro article. | Supervised computers with the Apple T2 Security Chip or Apple silicon (i.e., M1 chip) For more information on macOS compatibility, see Activation Lock for Mac from Apple's support website. |