Learn
Documentation
Support
Community

Usage guide: Jamf agent health

Introduction

This library pack helps you monitor the presence, health, compliance, and status of Jamf agents on macOS devices in real time with an all-in-one dashboard to detect issues such as agent health or missing agents.

Please keep in mind this is a guide and represents just some of the potential insight and actions you can take. There are many use cases and specific troubleshooting scenarios that you might uncover in your environment.

Ensure your library pack is properly configured by following the steps highlighted in its configuration guide:

Configuration guide: Jamf agent health

Pack structure

Overview of the Jamf agent environment.

The "Jamf agent health" live dashboard acts as the central point of this library pack. With this dashboard, you can quickly identify devices that have agent health issues, are out of date, or even have no agent. A focus on connectivity and stability will highlight any impact the agent may have on your MacOS endpoints and, ultimately, the end user.

Use cases

Identify areas of improvement

The Summary tab provides a quick overview of the health of the Jamf agents in your organization. Based on this information, you can navigate to the appropriate tab for more detailed troubleshooting.

Filters above the dashboard help you focus on a specific area, device, or platform type. You can also use the time picker to view data on a more granular or long-term time scale.

Monitor Jamf agent adoption

The Adoption tab allows you to track the progress of your ongoing Jamf adoption or migration projects from other macOS endpoint management solutions to Jamf. This can be done using convenient KPIs, breakdown widgets, and line charts. Breakdowns by entity, operating system and device model help identify gaps in agent deployment and Jamf agent versioning compliance.

Ensure Jamf agent health and operational status

The Health and Profile status tab displays the current status of JAMF agents on managed macOS devices: their connection to the Apple Push Notification Service (APNS) and the JAMF Software Server (JSS). The lack of connection to these components may indicate that the client is not operating well and healthily, which could lead to a non-compliant state of the device and cause security risks. The widgets on this tab allow you to narrow the problem to a specific device, location, or OS version. You can then apply remediation actions, which typically include validating the presence and configuration of the Apple Push Notification Service (APNs) certificate and communication between your Jamf solution components and endpoints.

Use the Drill Down and Investigate option to find devices affected by health issues:

  1. Click the "Investigate" option to get a list of devices with unhealthy agents.

  2. Make sure these devices are not affected by connection issues by using the Network connectivity tab.

  3. Ensure the correct configuration of your Jamf components (e.g. presence of Apple Push Notification Service certificate)

Monitor agent performance and stability

Use the Performance and Stability tab to detect anomalous behavior of your Jamf agents on endpoints and monitor agent crashes and freezes to ensure that the most stable version of the agent is running on endpoints.

Monitor and troubleshoot device enrollment issues

With the help of the Enrollment tab, you can discover devices that are experiencing problems with the Jamf agent enrollment process. Enrollment issues typically indicate that this process has not been completed successfully, preventing Jamf from fully managing the device and ensuring compliance. The tab focuses on three of the most common agent enrollment issues - devices with Jamf agent installed but not enrolled in Jamf, devices enrolled in Jamf without Jamf Automated Device Enrollment (ADE)/Apple Device Enrollment Program (DEP), and devices with incorrect Jamf MDM server settings.

The following remediation steps are suggested for issues that appear on this tab:

  1. Ensure that the desired Jamf enrollment method is enabled on the Jamf tenant side.

  2. Review the enrollment method configuration:

    1. For ADE enrollment, ensure the following components are present and correct on the Jamf side: - Apple Push Notification Service (APNs) certificate Device association with Jamf in Apple Business Manager (ABM) or Apple School Manager (ASM) or Apple Configurator; - Presence of a pre-enrollment profile.

    2. For user-initiated enrollment, make sure the following components are present and correct on the Jamf side: - Apple Push Notification Service (APNs) certificate; - Enrollment URL; - User enrollment MDM profile.

Monitor Jamf agent network connection data

As an endpoint management solution, it is critical for Jamf to maintain connectivity between its components and agents. The Network Connectivity tab helps identify devices that are experiencing short and long-term network issues and provides insight into Jamf agent traffic flow. By drilling down by entity and binary version, you can pinpoint issues related to specific binary versions or locations.

The Jamf Connect component is not in the scope of this dashboard as it is part of the Jamf Identity & Access Management and Zero Trust Network Access (ZTNA) solution and is not a mandatory part of the Jamf endpoint management solution.

RELATED TOPICS

Last updated

© Nexthink

Privacy policyResponsible Disclosure Policy