Showing results for 
Search instead for 
Did you mean: 

[macOS/iOS] How to make use of the Jamf Compliance Editor along with JumpCloud and Custom Policies?

Rising Star III
Rising Star III


Did you know that you can use generated Compliance Baselines from Jamf's Compliance Editor in JumpCloud?

What is the Jamf Compliance Editor?


Jamf Compliance Editor is a tool that provides macOS, 
iOS/iPadOS system administrators with an easy way to 
establish and manage compliance baselines on their 
fleet of Apple devices.

This tool is built on the foundations of the 
macOS Security Compliance Project, hosted by 
the United States government agency, NIST, in their Github repo.

This application features:

- Easily selectable benchmark/baselines for customization
- Support for all variations of benchmark/baselines currently offered by the macOS Security Compliance Project.
- Support for multiple major macOS, iOS/iPadOS versions
- Modificiation of organization-defined values (ODV) from the core compliance project specifications
- Local storage of your custom benchmark(s) for editing later
- An easy-to-use UI that eliminates the need for complicated scripting
- One-click guidance creation that includes:
PDF, Excel, HTML, and Adoc for audit review with option to add branding
(macOS only) Shell script (zsh) that can audit and remediate endpoint
All configuration profiles needed to be uploaded to MDM server
(macOS only) Jamf Pro Extension Attributes that will submit status of benchmark/baseline of endpoints


Note: watch the latest announcements here 

So, how I can make use of this with JumpCloud?

Once you have read the User Guide and installed the Compliance Editor, you can go ahead and generate your desired baselines (customized if needed / and likely recommended). Example for iOS17 BYOD (custom):

Screen Recording 2024-04-12 at 8.46.40 AM.gif

 You will get your output and respective baselines in your specified folder (example macOS Sonoma):

Screen Recording 2024-04-12 at 8.48.09 AM.gif

Note: for macOS you will also need make use the Shell-Script via Commands - not all required settings can be enforced via mobileconfig-files. 

Now you can create your Custom Policies and Policy Groups in JumpCloud accordingly:




More notes on this:
- Please consider that your might be subjected to the licensing for the CIS Benchmarks (check here and here)
- Please always test your baselines/policies very thoroughly before deploying them to your entire fleet in scope. I do recommend to do this in phases and extending rings.  

Happy baselining and thanks for reading