Deprecations Added in a Previous Release
| Deprecation | Notes |
|---|---|
| DigiCert PKI Platform 8 support | DigiCert PKI Platform 8 (mPKI8) end of issuance is scheduled for 01 October 2025. Jamf Pro will undergo a phased approach to this deprecation. In a future release of Jamf Pro, the ability to create new mPKI8 integrations will be removed (estimated removal date: fall of 2025). In another future release of Jamf Pro, all mPKI8 integrations and associated information (e.g., certificate deployment records) will be removed from the Jamf Pro database (estimated removal date: spring of 2026). For more information on the end of issuance, see the following documentation from DigiCert: Transitioning certificate issuance from PKI Platform 8 to DigiCert® ONE |
| Rackspace and Akamai cloud distribution point support | Support for distribution points hosted in Rackspace or Akamai Cloud will be removed in a future release of Jamf Pro. If your environment uses a distribution point hosted by either of these providers, Jamf recommends migrating your content to a different hosting solution, such as the Jamf Cloud Distribution Service (JCDS). Contact Jamf Support for additional information. |
| Dynamic SCEP challenge for Entrust support | Support for Entrust dynamic SCEP challenges will be removed in a future release of Jamf Pro. If you are currently using Entrust for certificate lifecycle management, Jamf recommends switching to a different supported provider, such as Active Directory Certificate Services (AD CS), DigiCert, or Venafi. Contact Jamf Support for additional information. |
| Self Service classic for macOS support | Self Service+ will eventually replace Self Service classic, and support for Self Service classic for macOS will end in March 2026. |
| Software identification (SWID) tags | The functionality to use software identification (SWID) tags for licensed software records will be removed. |
| Maintenance pages | |
| Computer inventory collection for fonts | |
| Computer inventory collection for plug-ins | |
| Functionality to make policies available offline | This option, currently available only for policies set to the frequency, will be removed from the Jamf Pro interface, and all policies will require a connection to the Jamf Pro server to check for triggers before running. |
| Sign QuickAdd Package functionality for user-initiated enrollment settings | This functionality is only used in legacy enrollment workflows involving QuickAdd packages and does not affect the user-initiated enrollment workflow. |
| Azure AD Graph for Conditional Access | Azure AD Graph is deprecated. If you previously modified the conditionalAccessDomains.json file, Jamf recommends editing the file to add the "msGraphResourceUrl": "https://graph.microsoft.com/" property into GLOBAL settings and "msGraphResourceUrl": "https://graph.microsoft.us/" into US_GOVERNMENT settings. For more information on this deprecation, see the following documentation from Microsoft: |
| Cache name setting | This setting will be removed from the Single Sign-On Extensions payload in computer and mobile device configuration profiles because Apple deprecated them. |
| Password expiration and Replication time settings | These settings will be removed from the Single Sign-On Extensions payload in computer configuration profiles because Apple deprecated them. |
| Skip Display Tone and Skip Home button sensitivity settings | These settings will be removed from the Skip Setup Items payload for mobile device configuration profiles. |
| Home Button Sensitivity and True Tone Display settings | These settings will be removed from the General payload for computer and mobile device PreStage enrollments. |
| Functionality to issue the Tomcat SSL/TLS certificate from Jamf Pro's built-in certificate authority | Jamf Pro's functionality to issue the Tomcat SSL/TLS certificate from the JSS built-in certificate authority (CA) will be discontinued. The release version for this change has not been determined. Before this change occurs, it is recommended that all on-premise Jamf Pro instances leveraging this functionality switch to a publicly trusted third-party CA to issue the Tomcat SSL/TLS certificate. This will prevent the potential loss of MDM communication from Jamf Pro to enrolled devices. If needed, a Tomcat SSL/TLS server certificate for Jamf Pro may be issued from an internal certificate authority. The JSS built-in CA will maintain its current ability to manually issue server certificates to other servers. |
| The "DIGEST-MD5" authentication type option | "DIGEST-MD5" will be removed from the authentication type options. This authentication type option displays when configuring an LDAP server to use Jamf Infrastructure Manager as a proxy server. |
| Computer Access Only and Mobile Device Access Only Limited Access settings | Jamf Pro web app instances with one of these settings configured will automatically be updated to the Computer and Mobile Device Access setting. Administrators will only be able to assign Full Access or Computer and Mobile Device Access privileges after the deprecation. |
| Personal device profiles | Personal device profiles will be removed from Jamf Pro in conjunction with User Enrollment. |
Webhook responses for ComputerPolicyFinished and ComputerCheckIn | These webhook responses will be modified to include additional information. These changes may break integrations that currently utilize these event types. |
| Supervise Devices and Make MDM Profile Mandatory settings in a mobile device PreStage enrollment | The ability to supervise devices and require the user to install the MDM Profile during enrollment with a PreStage enrollment will be required and will be built-in functionality. These settings will be removed from the Jamf Pro user interface. |
pomManagedClassroomScreenObservation key | This key will be removed from the Restrictions payload for mobile device configuration profiles. It will be replaced with the |
IfLostReturnToMessage key | The |
| Support for non-certificate based client communication with the Jamf Pro server | The Enable certificate-based authentication checkbox will be removed from . |
Removals
| Removed in version... | Item Removed or Discontinued | Notes |
|---|---|---|
| 11.18.0 | APNs binary protocol option | Apple no longer supports the binary protocol option for APNs, and the option was removed from . |
| 11.17.0 | Allow Basic authentication in addition to Bearer Token authentication checkbox | The setting that enables Jamf Pro users to use Basic authentication in addition to Bearer authentication in the Classic API has been removed from Jamf Pro. Jamf removed support for Basic authentication in the Classic API with Jamf Pro 11.5.0, but did not remove the checkbox at that time to allow for organizations to have additional time to prepare to use Bearer Token authentication. If the setting was enabled previously, it will remain enabled. |
| 11.15.0 | Declarative device management status reporting for on-premise, StateRAMP, and Jamf Premium Cloud Plus environments | Jamf removed support for declarative device management status updates via the status channel in on-premise, StateRAMP, and Jamf Premium Cloud Plus environments. Computers and devices in these environments that previously reported declarative device management as "Enabled" now report as "Not Enabled" in inventory records. Computers and mobile devices in affected environments no longer report the following state changes to the MDM server via the status channel:
Computers and mobile devices in affected environments will continue to report the following state changes through MDM inventory updates:
|
| Conditional Access on-premise support ended 31 January 2025 | Jamf ended Conditional Access support due to the migration away from Microsoft's Partner Device Management legacy API. Jamf ended support for the Partner Device Management legacy API on 31 January 2025. Jamf offers an alternative solution called macOS device compliance using Microsoft's new Partner Compliance Management API. A migration path from the legacy Partner Device Management API to the new Partner Compliance Management API is now available. The legacy Partner Device Management API is no longer active, and organizations leveraging the legacy API must migrate to the new API. |