What's changed

New inventory fields: last MDM-reported login

Computer and mobile device inventory responses now include the username and timestamp of the last login reported over MDM.

• GET /v1/computers-inventory, /v2/computers-inventory, /v3/computers-inventory (and the /{id} and computers-inventory-detail/{id} variants)

  Added lastLoggedInUsernameMdm and lastLoggedInUsernameMdmTimestamp keys

• GET /v2/mobile-devices/detail, GET /v2/mobile-devices/{id}/paired-devices, and the smart/static group-membership endpoints for /v1 and /v2 mobile device groups

  Added lastLoggedInUsernameMdm and lastLoggedInUsernameMdmTimestamp keys

These are additive — existing integrations keep working and simply see the new keys.

Configuration profile UUIDs in computer inventory

• GET /v1/computers-inventory-detail/{id}, /v2/computers-inventory-detail/{id}, /v3/computers-inventory-detail/{id} (and the computers-inventory/{id} variants)

  Added uuid key to each configuration profile

Platform division identifiers

• GET /v1/auth

  Added divisionId key (per site) and currentDivisionId key (account)

• POST /auth/current

  Added divisionId key (per site)

• GET /v2/mobile-devices/{id}/detail, PATCH /v2/mobile-devices/{id}

  Added divisionId key (site)

divisionId is the Platform division identifier (UUID) for the site.

Mobile device detail can tolerate problem devices

• GET /v2/mobile-devices/detail

  Added the exception-handling query parameter. STRICT (the default) preserves past behavior - a single problem device returns a 500 with details. LENIENT returns a 200 even when some devices have data-processing issues, so one bad record no longer fails the whole request. Default behavior is unchanged.

Jamf Remote Assist returns a clearer status when off

• GET /v1/jamf-remote-assist/session, GET /v1/jamf-remote-assist/session/{id}, GET /v2/jamf-remote-assist/session, GET /v2/jamf-remote-assist/session/{id}, POST /v2/jamf-remote-assist/session/export

  Now return 403 instead of 404 when Jamf Remote Assist isn't available on the instance. The 403 signals the feature isn't enabled, distinct from a missing resource. If your integration treats 404 as "feature unavailable," switch it to check for 403.

Other changes

• GET /v1/auth, POST /auth/current

  The id key for sites is now a string instead of an integer.

• GET /v3/computer-prestages, POST /v3/computer-prestages, GET /v3/computer-prestages/{id}, PUT /v3/computer-prestages/{id}

  Removed the authUrl key.

Computer commands

Endpoints:

• POST /computercommands/command/{command}
• POST /computercommands/command/{command}/id/{id}

Removed from the supported-commands list:

• BlankPush — deprecated 2025-05-27
• DeleteUser — deprecated 2025-02-25

Mobile device commands

Endpoints:

• POST /mobiledevicecommands/command
• POST /mobiledevicecommands/command/{command}
• POST /mobiledevicecommands/command/{command}/id/{id_list}

Removed from the supported-commands list:

• ClearPasscode — deprecated 2025-04-03
• BlankPush — deprecated 2025-05-27
• RestartDevice — deprecated 2025-02-25
• DisableLostMode — deprecated 2025-05-30

Healthcare Listener Rule

Endpoints:

• POST /healthcarelistenerrule/id/{id}
• PUT /healthcarelistenerrule/id/{id}

The mdm_command path parameter's documented valid values changed.

• Before: EraseDevice, DeviceLock, ClearPasscode, EnableLostMode, DisableLostMode
• After: EraseDevice, DeviceLock, EnableLostMode

Smart Group criteria: stricter andOr validation in V2

The new UnifiedSmartGroupCriteriaV2, ComputerSmartGroupCriteriaV2, and MobileDeviceSmartGroupCriteriaV2 schemas validate andOr against an enum of and or or (case-insensitive). The legacy V1 SmartGroupCriteria schema accepted any string, which made silent misspellings possible. If you've been sending values like AND or Or, those still work; anything outside the enum will now be rejected on the V2 endpoints.

Static group assignments are now sets

StaticComputerGroupAssignment.assignments is now declared as uniqueItems: true. Sending the same computer ID twice in a single request is no longer meaningful — duplicates are collapsed.

Group names are capped at 255 characters

Static group and static computer group payloads now enforce maxLength: 255 on the name field. Existing groups longer than 255 characters (if any exist) will not be retroactively trimmed, but new and updated names must fit.

MembershipTestSearchResponse adds isMemberByUuid

Membership test responses now include both isMember and isMemberByUuid, giving you a UUID-based membership signal alongside the existing ID-based one.

EnableLostModeCommand documentation clarifications

The Lost Mode command schema now documents that at least one of lostModeMessage or lostModePhone must be provided, and the field-level descriptions explain what each value renders on the device's Lock Screen. The behavior is unchanged.

SettingsCommand.bootstrapTokenAllowed is deprecated

The bootstrapTokenAllowed field on SettingsCommand is now marked deprecated. macOS 11 and later manage bootstrap tokens automatically, so the field is no longer necessary. It remains functional for backward compatibility.

Deprecated

The 29 endpoints below are now marked deprecated. They still work in 11.28, but new integrations should target the v2 or v3 replacements.

Unified groups (v1):

• GET /v1/groups
• GET /v1/groups/{id}
• PATCH /v1/groups/{id}
• DELETE /v1/groups/{id}

Mobile device groups (v1):

• GET /v1/mobile-device-groups
• GET /v1/mobile-device-groups/smart-groups
• GET /v1/mobile-device-groups/smart-groups/{id}
• GET /v1/mobile-device-groups/smart-group-membership/{id}
• POST /v1/mobile-device-groups/smart-groups
• PUT /v1/mobile-device-groups/smart-groups/{id}
• DELETE /v1/mobile-device-groups/smart-groups/{id}
• GET /v1/mobile-device-groups/static-groups
• GET /v1/mobile-device-groups/static-groups/{id}
• GET /v1/mobile-device-groups/static-group-membership/{id}
• POST /v1/mobile-device-groups/static-groups
• PATCH /v1/mobile-device-groups/static-groups/{id}
• DELETE /v1/mobile-device-groups/static-groups/{id}
• POST /v1/mobile-device-groups/{id}/erase

Computer groups (v2):

• GET /v2/computer-groups/smart-groups
• GET /v2/computer-groups/smart-groups/{id}
• GET /v2/computer-groups/smart-group-membership/{id}
• POST /v2/computer-groups/smart-groups
• PUT /v2/computer-groups/smart-groups/{id}
• DELETE /v2/computer-groups/smart-groups/{id}
• GET /v2/computer-groups/static-groups
• GET /v2/computer-groups/static-groups/{id}
• POST /v2/computer-groups/static-groups
• PUT /v2/computer-groups/static-groups/{id}
• DELETE /v2/computer-groups/static-groups/{id}

Added

GET /v1/m2m/tenant-id — new

Returns the M2M-sourced tenant ID. Useful when a client running under M2M authentication needs to identify the tenant it's operating against without inferring it from another resource.

Response: M2mTenantIdInfo

{
  "tenantId": "a1b2c3d4-e5f6-7a8b-9c0d-e1f2a3b4c5d6"
}

Unified groups — v2

The unified group endpoints — which return both computer and mobile device groups in one call — are promoted from v1 to v2.

The PATCH endpoint now uses the new GroupUpdateDtoV2 payload, which adopts the V2 Smart Group criteria format described below.

Mobile device groups — v2

A complete v2 surface for mobile device Smart Groups and Static Groups.

Smart Group create and update calls now use MobileDeviceSmartGroupCriteriaV2, and Static Group payloads use SmartGroupAssignmentV2 and SmartGroupDetailV2.

Computer groups — v3

A complete v3 surface for computer Smart Groups and Static Groups, replacing the v2 equivalents.

Smart Group payloads use the new SmartComputerGroupV3 and ComputerSmartGroupCriteriaV2 schemas. Static Group assignments now treat the assignments array as a set with uniqueItems: true, and group names are capped at 255 characters.

GET /v1/cloud-information

Tags: cloud-information

Response 200 — Properties added

GET /v1/groups

Tags: groups

Parameter changed: filter (query)

The filter parameter description was updated to add support for a new filterable field groupPlatformId. The supported operators for this field are =in= (match any in list) and =out= (exclude all in list).

New example:

filter=groupPlatformId=in=('uuid1','uuid2','uuid3')

GET /v1/jamf-remote-assist/session

Tags: jamf-remote-assist

Response added

GET /v1/jamf-remote-assist/session/{id}

Tags: jamf-remote-assist

Response description changed: 404

• Before: Session with given id does not exist
• After: Session history item not found. This may occur when the session with the given id does not exist, or when Jamf Remote Assist is not available on this instance.

GET /v1/login-customization

Tags: login-customization

Response 200 — Properties added

GET /v2/jamf-remote-assist/session

Tags: jamf-remote-assist

Response added

POST /v2/jamf-remote-assist/session/export

Tags: jamf-remote-assist

Response added

GET /v2/jamf-remote-assist/session/{id}

Tags: jamf-remote-assist

Response description changed: 404

• Before: Session with given id does not exist
• After: Session history item not found. This may occur when the session with the given id does not exist, or when Jamf Remote Assist is not available on this instance.

PATCH /v2/mobile-devices/{id}

Tags: mobile-devices

Response 200 — Property type changed

The site property in the response now references the new V1SiteBase schema (containing only id and name) instead of the full V1Site schema.

POST /v3/sso/disable

Tags: sso-settings

Response added

GET /v1/account-groups

Tags: account-groups

Get all account groups with pagination, sorting, and filtering support.

GET /v1/account-groups/{id}

Tags: account-groups

Gets the account group for the given id.

PUT /v1/accounts/{id}

Tags: accounts

Updates the user account for the given id.

GET /v1/last-login

Tags: last-login

Returns the date of the last login event.

GET /v1/user-sessions/active

Tags: user-sessions

Returns detailed information about currently logged in users.

GET /v1/user-sessions/count

Tags: user-sessions

Returns the number of currently logged in users.

• POST /v2/mdm/commands

  Added ProfileListCommand

• GET /v1/ddm/{clientManagementId}/status-items

  Added 400 error response

• GET /v1/ddm/{clientManagementId}/status-items/{key}

  Added 400 error response

GET /v1/users

POST /v1/users

GET /v1/users/{id}

PUT /v1/users/{id}

DELETE /v1/users/{id}

• DELETE /v1/notifications/{type}/{id}

Added DIRECTORY_CACHE_AWAITING_SYNC key

• GET /v1/sites/{id}/objects

Removed BYO Profile from filter options

• GET /v1/notifications

Added DIRECTORY_CACHE_AWAITING_SYNC

• GET /v1/packages

Added sha3512 key

• PUT /v1/packages/{id}

Added sha3512 key

• GET /v1/packages/{id}

Added sha3512 key

• POST /v1/packages/{id}/manifest

Added sha3512 key

• GET /v3/enrollment/languages/{languageId}

personalText, personalButton, personalProfileName, personalProfileDescription : Deprecated as of 11.25. This field always returns empty string in GET responses and ignores any input values in PUT requests. Personal device profiles have ben removed from Jamf Pro in 11.25

• PUT /v3/enrollment/languages/{languageId}

personalText, personalButton, personalProfileName, personalProfileDescription : Deprecated as of 11.25. This field always returns empty string in GET responses and ignores any input values in PUT requests. Personal device profiles have ben removed from Jamf Pro in 11.25

• GET /v1/mobile-device-groups/static-group-membership/{id}

Removed personalDeviceProfileCurrent from filter and sort options

• POST /v2/mdm/commands

Added PROVISIONING_PROFILE_LIST option

• GET /v2/mobile-devices/detail

Removed personalDeviceProfileCurrent from sort and filter options

• GET /v2/mobile-devices/{id}/paired-devices

Removed personalDeviceProfileCurrent from sort and filter options

• PUT /v1/self-service/settings

Added ServiceDiscoveryVersion key