Security Category

Jamf Pro Documentation 11.16.0
Solution
Application
Content Type
Technical Documentation
Utilities & Services
version
11.16.0
ft:locale
en-US
vrm_version
11.16.0

The Security category allows you to view the following information for a computer:

  • System Integrity Protection

  • Gatekeeper

  • XProtect Definitions Version

  • Disable Automatic Login

  • Remote Desktop Enabled (Collected by the SecurityInfo MDM command for macOS 10.14.4 or later)

  • Activation Lock (Collected by the DeviceInformation MDM command for macOS 10.15 or later)
    Note:

    For more information on macOS compatibility, see Activation Lock for Mac from Apple's support website.

  • Recovery Lock (Collected by the SecurityInfo MDM command for macOS 11.5 or later)

  • Secure Boot Level (Collected by the SecurityInfo MDM command for macOS 10.15 or later)

    Note:

    This attribute displays whether the computer allows or disallows booting from external media.

  • External Boot Level (Collected by the SecurityInfo MDM command for macOS 10.15 or later)

  • Bootstrap Token Allowed (Collected by the DeviceInformation MDM command for macOS 11 or later)

  • Bootstrap Token Escrowed

  • Firewall (Collected by the SecurityInfo MDM command for macOS 10.12 or later)

  • Managed Device Attestation

    • Current Status—Indicates the current status of Managed Device Attestation. Possible values include:

      • "Never Attempted"

      • "Pending"

      • "Success"

      • "Certificate Invalid"—Indicates the certificate chain included in the DeviceInformation MDM command is not rooted with the expected Apple certificate authority

      • "Device Properties Mismatch"—Indicates that properties included as custom object identifiers (OIDs) on the leaf certificate in the DeviceInformation MDM command do not match what Jamf Pro has in inventory for the device. Mismatched device properties can include the serial number, UDID, or a random value known as a device nonce that helps verify the response from Apple's attestation server matches the request sent from Jamf Pro.

    • Last Command Sent—Displays the time that Jamf Pro successfully sent a DeviceInformation MDM command to a device that included a DevicePropertiesAttestation request

    • Last Successful Attestation—Displays the time that Jamf Pro received and validated an attestation from a device to ensure unique hardware properties in the attestation match Jamf Pro inventory data
      Note:

      For more information on Managed Device Attestation, see Managed Device Attestation for Apple devices in Apple Platform Deployment.

For more information about the reporting capabilities for some attributes in the Security category, see the Jamf Pro Reporting Capabilities for Apple's macOS Security Features article.