Enables comprehensive management of Apple devices through Jamf Pro, including device search and inventory, policy deployment, script execution, configuration profile management, package deployment, and mobile device management for both macOS and iOS devices.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Jamf Pro MCP ServerFind all MacBooks that haven't checked in for 7 days"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Jamf Pro MCP Server v2.0
A comprehensive MCP (Model Context Protocol) server that enables AI assistants to interact with Jamf Pro for complete Apple device management. Works with Claude Desktop and ChatGPT (via MCP Connectors).
106 tools | 12 resources | 12 workflow prompts | 5 skills
What's New in v2.0
106 tools (up from 56) — expanded coverage across the full Jamf Pro API and Classic API
12 resources — all returning live data including compliance, storage, OS versions, encryption, and patch reports
12 workflow prompts — guided templates for common admin tasks like onboarding, offboarding, security audits, and staged rollouts
Compound tools — single-call operations like
getFleetOverview,getDeviceFullProfile,getSecurityPosture, andgetPolicyAnalysisthat combine multiple API calls behind the scenesBearer Token authentication on Classic API — full OAuth2 Client Credentials support without needing a username/password
Parallel API calls — batch operations and compound tools run requests concurrently for faster results
Correct Jamf terminology — all documentation and tool descriptions align with official Jamf developer documentation
Quick Start
For Claude Desktop Users
Configure your credentials in Claude Desktop (see Configuration below).
For ChatGPT Users
See our ChatGPT Quick Start Guide for 5-minute setup.
What You Can Do
Ask natural language questions about your Jamf fleet:
"How is my fleet doing?" — uses
getFleetOverviewfor a single-call summary"Tell me about LAPTOP-001" — uses
getDeviceFullProfileto resolve by name, serial, or ID"What's our security posture?" — uses
getSecurityPosturefor encryption and compliance analysis"How is the Software Install policy performing?" — uses
getPolicyAnalysiswith auto-resolve by name"Find all devices that haven't checked in for 30 days"
"Deploy software updates to the marketing team"
"Retrieve the LAPS password for this device"
"Show me patch compliance across the fleet"
Tools (106)
Compound Tools (Start Here)
These combine multiple API calls into a single operation:
getFleetOverview: Comprehensive fleet summary — inventory counts, compliance rates, and mobile device status in one call
getDeviceFullProfile: Complete device profile by name, serial, or ID — resolves automatically and fetches details, policy logs, and history in parallel
getSecurityPosture: Fleet security analysis — FileVault encryption rates, compliance status, and OS version currency
getPolicyAnalysis: Policy analysis by ID or name — configuration, scope, compliance, and performance
Device Management
searchDevices: Find devices by name, serial number, IP address, or username
getDeviceDetails: Detailed device information by ID
checkDeviceCompliance: Find devices that haven't reported in X days
getDevicesBatch: Get details for multiple devices in a single request
updateInventory: Force inventory update on a device
debugDeviceDates: Debug tool for raw device date fields
Computer History & MDM Commands
getComputerHistory: Full computer history — policy logs, MDM commands, audit events, screen sharing, user/location changes
getComputerPolicyLogs: Policy execution logs showing success/failure per device
getComputerMDMCommandHistory: MDM command history with status and timestamps
sendComputerMDMCommand: Send MDM commands to macOS — lock, wipe, restart, shutdown, remote desktop (requires confirmation)
flushMDMCommands: Clear pending/failed MDM commands to unstick devices (requires confirmation)
Policy Management
listPolicies: List all policies with optional category filter
getPolicyDetails: Detailed policy info including scope, scripts, and packages
searchPolicies: Search policies by name
executePolicy: Run a policy on specific devices (requires confirmation)
createPolicy: Create a new policy with full configuration (requires confirmation)
updatePolicy: Update an existing policy (requires confirmation)
clonePolicy: Clone a policy with a new name (requires confirmation)
setPolicyEnabled: Enable or disable a policy (requires confirmation)
updatePolicyScope: Add/remove computers and groups from policy scope (requires confirmation)
Script Management
listScripts: List all scripts
searchScripts: Search scripts by name
getScriptDetails: Full script content, parameters, and metadata
deployScript: Execute a script on devices (requires confirmation)
createScript: Create a new script (requires confirmation)
updateScript: Update an existing script (requires confirmation)
deleteScript: Delete a script (requires confirmation)
Configuration Profile Management
listConfigurationProfiles: List profiles (computer or mobile device)
getConfigurationProfileDetails: Detailed profile information
searchConfigurationProfiles: Search profiles by name
deployConfigurationProfile: Deploy a profile to devices (requires confirmation)
removeConfigurationProfile: Remove a profile from devices (requires confirmation)
Package Management
listPackages: List all packages
searchPackages: Search packages by name
getPackageDetails: Detailed package information
getPackageDeploymentHistory: Deployment history via policy analysis
getPoliciesUsingPackage: Find all policies using a specific package
getPackageDeploymentStats: Deployment statistics and scope analysis
Computer Group Management
listComputerGroups: List groups (smart, static, or all)
getComputerGroupDetails: Group details including membership and smart group criteria
searchComputerGroups: Search groups by name
getComputerGroupMembers: List all members of a group
createStaticComputerGroup: Create a static group (requires confirmation)
updateStaticComputerGroup: Update group membership (requires confirmation)
deleteComputerGroup: Delete a group (requires confirmation)
Advanced Computer Searches
listAdvancedComputerSearches: List all saved advanced searches
getAdvancedComputerSearchDetails: Get search configuration and results
createAdvancedComputerSearch: Create a new advanced search (requires confirmation)
deleteAdvancedComputerSearch: Delete a saved search (requires confirmation)
Mobile Device Management
searchMobileDevices: Search mobile devices by name, serial, or UDID
getMobileDeviceDetails: Detailed mobile device information
listMobileDevices: List all mobile devices
updateMobileDeviceInventory: Force inventory update on a mobile device
sendMDMCommand: Send MDM commands — lock, wipe, clear passcode, lost mode, settings (requires confirmation)
listMobileDeviceGroups: List mobile device groups
getMobileDeviceGroupDetails: Group details including membership
Reporting & Analytics
getInventorySummary: Fleet inventory summary — device counts, OS distribution, model distribution
getDeviceComplianceSummary: Compliance summary — check-in rates, failed policies, missing software
getPolicyComplianceReport: Policy compliance — success/failure rates, scope coverage
getSoftwareVersionReport: Software version distribution across devices
getPackageDeploymentStats: Package deployment statistics and policy usage
Buildings, Departments & Categories
listBuildings / getBuildingDetails: Organizational buildings for multi-site scoping
listDepartments / getDepartmentDetails: Departments for scoping and reporting
listCategories / getCategoryDetails: Categories for organizing policies, scripts, and profiles
Local Administrator Password Solution (LAPS)
getLocalAdminPassword: Retrieve the current LAPS password for a device (requires confirmation)
getLocalAdminPasswordAudit: Audit trail of password views and rotations
getLocalAdminPasswordAccounts: List LAPS-managed accounts on a device
Patch Management
listPatchSoftwareTitles: List patch software title configurations
getPatchSoftwareTitleDetails: Patch title details with versions and definitions
listPatchPolicies: List patch policies with deployment status
getPatchPolicyDashboard: Patch compliance dashboard — latest version, pending, failed
Extension Attributes
listComputerExtensionAttributes: List all custom extension attributes
getComputerExtensionAttributeDetails: Full EA details including script content
createComputerExtensionAttribute: Create a new extension attribute (requires confirmation)
updateComputerExtensionAttribute: Update an extension attribute (requires confirmation)
Managed Software Updates
listSoftwareUpdatePlans: List active and completed OS update plans
createSoftwareUpdatePlan: Create an OS update plan for specific devices (requires confirmation)
getSoftwareUpdatePlanDetails: Update plan status and device progress
PreStage Enrollments
listComputerPrestages / getComputerPrestageDetails / getComputerPrestageScope: Computer PreStage Enrollment configuration and device assignments
listMobilePrestages / getMobilePrestageDetails: Mobile device PreStage Enrollments
Network Segments
listNetworkSegments: List network segments for location-based management
getNetworkSegmentDetails: Segment details including IP ranges and building assignment
Accounts & Users
listAccounts / getAccountDetails / getAccountGroupDetails: Jamf Pro admin accounts and groups with privileges
listUsers / getUserDetails / searchUsers: End-user records (not admin accounts)
App Installers
listAppInstallers: List Jamf App Catalog titles
getAppInstallerDetails: Detailed app installer information
Restricted Software
listRestrictedSoftware: List restricted software entries
getRestrictedSoftwareDetails: Restricted software configuration details
createRestrictedSoftware: Create a new restricted software entry (requires confirmation)
updateRestrictedSoftware: Update an existing restricted software entry (requires confirmation)
deleteRestrictedSoftware: Delete a restricted software entry (requires confirmation)
Webhooks
listWebhooks: List configured webhooks
getWebhookDetails: Webhook configuration details
Resources (12)
Resource URI | Description |
| Paginated computer inventory |
| Paginated mobile device inventory |
| Security and patch compliance report |
| Mobile device compliance and management status |
| Disk usage analytics |
| OS version breakdown |
| Fleet-wide patch compliance by software title |
| FileVault encryption compliance |
| Extension Attributes collection summary |
| PreStage Enrollment assignments overview |
| Devices with stuck or failed MDM commands |
| LAPS password access audit trail |
Prompts (12 Workflow Templates)
Prompt | Description |
| Step-by-step device troubleshooting |
| Software deployment workflow |
| Comprehensive compliance reporting |
| Bulk device operations |
| Disk space management |
| Full security posture audit — encryption, OS currency, compliance, failed policies |
| Verify new device enrollment — profiles, policies, group memberships |
| Device offboarding — unscope, wipe/lock, retire from inventory |
| OS version distribution review and update planning |
| Comprehensive fleet health — devices, compliance, storage, OS, mobile |
| Deep device investigation — profiles, policies, groups, scripts |
| Staged policy rollout — clone, test group, verify, expand to production |
Skills (ChatGPT Integration)
Advanced multi-step operations for the ChatGPT connector:
skill_device_search: Intelligent device search with natural language processing
skill_find_outdated_devices: Identify devices not checking in
skill_batch_inventory_update: Update multiple devices efficiently
skill_deploy_policy_by_criteria: Deploy policies based on device criteria
skill_scheduled_compliance_check: Automated compliance reporting
Configuration
Jamf Pro API Authentication
In Jamf Pro, go to Settings > System > API Roles and Clients
Create a new API Role with necessary permissions
Create a new API Client — note the Client ID and generate a Client Secret
Claude Desktop Configuration
Add to your Claude Desktop config file:
macOS:
~/Library/Application Support/Claude/claude_desktop_config.jsonWindows:
%APPDATA%\Claude\claude_desktop_config.json
ChatGPT Configuration
See ChatGPT Connector Setup for detailed instructions.
Enhanced Mode (Optional)
Installation
Development
Security
Read-Only Mode: Set
JAMF_READ_ONLY=trueto prevent any modificationsConfirmation Required: All destructive operations require explicit
confirm: trueTool Annotations: Each tool declares
readOnlyHintanddestructiveHintfor client-side safetyClient Credentials Authentication: Supports Jamf Pro API roles and clients
Rate Limiting: Optional built-in rate limiter
Circuit Breaker: Optional circuit breaker for failure protection
Recommended API Permissions
For full functionality:
Read access to computers, policies, scripts, configuration profiles, packages, mobile devices, buildings, departments, categories, Extension Attributes, Patch Management, PreStage Enrollments, network segments, accounts, users, webhooks
LAPS password access (for LAPS tools)
Update access for inventory updates, policies, scripts, extension attributes
Execute access for policies, scripts, and MDM commands
For read-only mode:
Read access to all resources only
Architecture
The server uses a hybrid API client that supports both the Jamf Pro API and Classic API, with automatic fallback between them for maximum compatibility across Jamf Pro versions.
Troubleshooting
Authentication Issues
Verify your API credentials (Client ID and Secret)
Ensure the API client has the required permissions
For Classic API endpoints, the server automatically uses Bearer Token authentication
503 Errors on Classic API
If using Client Credentials only (no username/password), ensure you're running v2.0+ which supports Bearer Token authentication on Classic API endpoints
Timeouts on Compound Tools
The default request timeout is 30 seconds
Compound tools like
getFleetOverviewmake parallel API calls and may need more time on slower instances
Contributing
Contributions are welcome! Please:
Fork the repository
Create a feature branch
Add tests for new functionality
Submit a pull request
License
MIT
Resources
Support
Built with ❤️ for the Jamf, Claude, and ChatGPT communities