Security Category

Jamf Pro Documentation 11.16.0
Solution
Application
Content Type
Technical Documentation
Utilities & Services
version
11.16.0
ft:locale
en-US
vrm_version
11.16.0

The following table lists the Security category inventory attributes you can view for a mobile device.

Inventory Attribute/Criteria

Notes

Declarative Status SupportedCollected for BYOD User Enrollment

Data Protection

Hardware Encryption

Identifies if all underlying hardware encryption capabilities of the device are supported. To enable Data Protection, this status must show "Supported".

Passcode Status

Indicates if the device has a passcode present. To enable Data Protection, a passcode must be present.

Block Encryption Capability

Indicates if the device is capable of block-level encryption. To enable Data Protection, this status must show "Capable".

File Encryption Capability

Indicates if the device is capable of file-level encryption. To enable Data Protection, this status must show "Capable".

Passcode Compliance

Passcode Compliance with Config Profile

Activation Lock

Jailbreak Detected

To detect jailbreak status, the mobile device must have Jamf Self Service for iOS installed. Jamf Pro will receive an updated Jailbreak Detected value each time Self Service is launched. If Self Service has never been launched on the device, this value will be reported as “Not Reported”.

Lost Mode (supervised only) (Lost Mode Enabled criteria)

You can play a sound on the device when Lost Mode is enabled by clicking the Play Sound button. The sound plays for about two minutes, gradually increasing in volume.

Always enforce Lost Mode

Lost Mode Message

Lost Mode Phone Number

Lost Mode Footnote

Last Location Update

Displays the last time Global Positioning System (GPS) data was collected for the device when Lost Mode is enabled

Approximate Location

Displays coordinates for the approximate location of the device when Lost Mode is enabled. To collect GPS data for a device, the device must have a network connection.

Horizontal Accuracy

Vertical Accuracy

Altitude

Speed

Course

Timestamp

Personal Device Profile Status

Displays whether the most up-to-date profile has been installed on the mobile device.

Managed Device Attestation

Current Status

Indicates the current status of Managed Device Attestation. Possible values include:

  • "Never Attempted"

  • "Pending"

  • "Success"

  • "Certificate Invalid"—Indicates the certificate chain included in the DeviceInformation MDM command is not rooted with the expected Apple certificate authority

  • "Device Properties Mismatch"—Indicates that properties included as custom object identifiers (OIDs) on the leaf certificate in the DeviceInformation MDM command do not match what Jamf Pro has in inventory for the device. Mismatched device properties can include the serial number, UDID, or a random value known as a device nonce that helps verify the response from Apple's attestation server matches the request sent from Jamf Pro.

Last Command Sent

Displays the time that Jamf Pro successfully sent a DeviceInformation MDM command to a device that included a DevicePropertiesAttestation request

Last Successful Attestation

Displays the time that Jamf Pro received and validated an attestation from a device to ensure unique hardware properties in the attestation match Jamf Pro inventory data

You can use the following security criteria in your smart groups and advanced searches:

  • Activation Lock Enabled

  • Date Lost Mode Enabled

  • Passcode Lock Grace Period Enforced (seconds)

  • Compliance Status