Global Security & Compliance policies
Katelyn Russell
These are the Global Security & Compliance policies in Campus Jamf that run when the Jamf client checks-in:
Policy | Purpose | Frequency | Exceptions Group |
GLOBAL - Nessus agent install/link/status | Installs the ISO required Nessus Agent if not installed, returns status if already installed. | Once every day, if Enrollment > 1 day | GLOBAL - Exceptions - Nessus Agent |
GLOBAL - Nudge Install Only | Installs Nudge for prompting the user to install MacOS updates | Ongoing, if (Enrollment > 3 days and Nudge is Not Installed) | GLOBAL - Exceptions - Nudge |
GLOBAL - Schedule Nudge - run nudge binary | Sets up a LaunchDaemon to ensure Nudge runs regularly | Ongoing, if Nudge is Installed | GLOBAL - Exceptions - Nudge |
GLOBAL - UTexas Acceptable Use Policy Banner | Installs a banner to display the UT Austin acceptable use policy, required by the ISO | Once per computer | GLOBAL - Exceptions - UTexas Acceptable Use Policy Banner |
GLOBAL - UTexas Shared Packet Firewall install | Installs the standard configuration for the macOS PF packet firewall | Once per computer, if Enrollment > 1 day | GLOBAL - Exceptions - UTexas Packet Firewall |
GLOBAL - Microsoft Defender - Install Package | Installs Microsoft Defender, if the site has run a policy to cache the installer and the config profiles are in place | Once per computer, if Defender is Cached | GLOBAL - Exceptions - Microsoft Defender |
GLOBAL - Microsoft Defender - Stage Installation | Runs Jamf Recon to ensure the Defender config profiles are in place. | Ongoing | GLOBAL - Exceptions - Microsoft Defender |
| GLOBAL - Block UTGuest Wifi | Blocks utguest wifi network | On Network Change | GLOBAL - Exceptions - UTGuest Wireless Network Blocked |
Exceptions:
Each GLOBAL - Exceptions - FUNCTION group includes a SITE - Exceptions - FUNCTION group in your site which will exclude computers based on the value of EA "Exception-FUNCTION"
Example:
ENGR - Exceptions - Nudge
uses Extension Attribute: Exception-Nudge
To exclude a device from the Nudge global policies, set the value of Exception-Nudge to "Yes"
Leave Exception-Nudge blank or set to "No" to not be excluded
Since the exception group is in your Site you can edit it to add other criteria if needed.
Screen Saver
Using the standard Global configuration profiles, Screen Saver settings are controlled by EA "Screen Saver". It can have a value of 15m, 30m, 60m, 120m, or Unconfigured
Using "Unconfigured" means the screen saver can be turned off or set to any timeout on each computer.
To be excluded from ALL Screen Saver configuration settings, set Extension Attribute "Exception-Screen Saver" to "Yes" or edit SITE - Exceptions - Screen Saver if needed.
------------------------------
The following policy runs at Check-In, but does not have an exceptions group. It is for creating 'inventory.plist' on each Mac in /Library/Application Support/utexas, storing information from Jamf such
as Site, Asset Tag, Assigned User, Department Code to be used by policies with scripts, including Provisioning, Nessus, Code42 and more.
Policy | Frequency | Exceptions Group |
GLOBAL - EA-inventory-plist | Once every day | (none) |
- Welcome to Jamf - Service Overview
- Application and Global Settings
- macOS Packet Firewall
- Deploying Microsoft Defender to macOS devices
- Global Configuration Policies
- Automatic install of Code42 in Campus JAMF
- Compliance Configuration and Extension Attribute
- Global Security & Compliance policies
- EPM Core team audit of Jamf Pro server
- MAC Address Randomization: How it works and What IT needs to know
- Upgrade to future macOS major releases
- Nessus Agent deployment to campus Jamf instances
- OS Patching: UT Macintosh Security Updates and Reboot Policy
- Jamf Connect
- Jamf - Site Administrator Policies
- Application installs and patching
- Installing UT-Track
- Centrally Managed iOS Password Standards
- Test and pilot
- Jamf - Server Maintenance and Update Process
Welcome to the University Wiki Service! Please use your IID (yourEID@eid.utexas.edu) when prompted for your email address during login or click here to enter your EID. If you are experiencing any issues loading content on pages, please try these steps to clear your browser cache.