Added the TRIGGER_ENHANCED_LOG_COLLECTION and CANCEL_ENHANCED_LOG_COLLECTION command options. Use TRIGGER_ENHANCED_LOG_COLLECTION to start enhanced log collection on a managed device and CANCEL_ENHANCED_LOG_COLLECTION to stop an in-progress collection.
Computer and mobile device inventory responses now include the username and timestamp of the last login reported over MDM.
GET /v1/computers-inventory, /v2/computers-inventory, /v3/computers-inventory (and the /{id} and computers-inventory-detail/{id} variants)
Added lastLoggedInUsernameMdm and lastLoggedInUsernameMdmTimestamp keys
GET /v2/mobile-devices/detail, GET /v2/mobile-devices/{id}/paired-devices, and the smart/static group-membership endpoints for /v1 and /v2 mobile device groups
Added lastLoggedInUsernameMdm and lastLoggedInUsernameMdmTimestamp keys
These are additive — existing integrations keep working and simply see the new keys.
Configuration profile UUIDs in computer inventory
GET /v1/computers-inventory-detail/{id}, /v2/computers-inventory-detail/{id}, /v3/computers-inventory-detail/{id} (and the computers-inventory/{id} variants)
Added uuid key to each configuration profile
Platform division identifiers
GET /v1/auth
Added divisionId key (per site) and currentDivisionId key (account)
POST /auth/current
Added divisionId key (per site)
GET /v2/mobile-devices/{id}/detail, PATCH /v2/mobile-devices/{id}
Added divisionId key (site)
divisionId is the Platform division identifier (UUID) for the site.
Mobile device detail can tolerate problem devices
GET /v2/mobile-devices/detail
Added the exception-handling query parameter. STRICT (the default) preserves past behavior - a single problem device returns a 500 with details. LENIENT returns a 200 even when some devices have data-processing issues, so one bad record no longer fails the whole request. Default behavior is unchanged.
Jamf Remote Assist returns a clearer status when off
GET /v1/jamf-remote-assist/session, GET /v1/jamf-remote-assist/session/{id}, GET /v2/jamf-remote-assist/session, GET /v2/jamf-remote-assist/session/{id}, POST /v2/jamf-remote-assist/session/export
Now return 403 instead of 404 when Jamf Remote Assist isn't available on the instance. The 403 signals the feature isn't enabled, distinct from a missing resource. If your integration treats 404 as "feature unavailable," switch it to check for 403.
Other changes
GET /v1/auth, POST /auth/current
The id key for sites is now a string instead of an integer.
GET /v3/computer-prestages, POST /v3/computer-prestages, GET /v3/computer-prestages/{id}, PUT /v3/computer-prestages/{id}
Smart Group criteria: stricter andOr validation in V2
The new UnifiedSmartGroupCriteriaV2, ComputerSmartGroupCriteriaV2, and MobileDeviceSmartGroupCriteriaV2 schemas validate andOr against an enum of and or or (case-insensitive). The legacy V1 SmartGroupCriteria schema accepted any string, which made silent misspellings possible. If you've been sending values like AND or Or, those still work; anything outside the enum will now be rejected on the V2 endpoints.
Static group assignments are now sets
StaticComputerGroupAssignment.assignments is now declared as uniqueItems: true. Sending the same computer ID twice in a single request is no longer meaningful — duplicates are collapsed.
Group names are capped at 255 characters
Static group and static computer group payloads now enforce maxLength: 255 on the name field. Existing groups longer than 255 characters (if any exist) will not be retroactively trimmed, but new and updated names must fit.
MembershipTestSearchResponse adds isMemberByUuid
Membership test responses now include both isMember and isMemberByUuid, giving you a UUID-based membership signal alongside the existing ID-based one.
The Lost Mode command schema now documents that at least one of lostModeMessage or lostModePhone must be provided, and the field-level descriptions explain what each value renders on the device's Lock Screen. The behavior is unchanged.
SettingsCommand.bootstrapTokenAllowed is deprecated
The bootstrapTokenAllowed field on SettingsCommand is now marked deprecated. macOS 11 and later manage bootstrap tokens automatically, so the field is no longer necessary. It remains functional for backward compatibility.
Returns the M2M-sourced tenant ID. Useful when a client running under M2M authentication needs to identify the tenant it's operating against without inferring it from another resource.
Smart Group create and update calls now use MobileDeviceSmartGroupCriteriaV2, and Static Group payloads use SmartGroupAssignmentV2 and SmartGroupDetailV2.
Computer groups — v3
A complete v3 surface for computer Smart Groups and Static Groups, replacing the v2 equivalents.
Method
Path
Replaces
GET
/v3/computer-groups/smart-groups
GET /v2/computer-groups/smart-groups
GET
/v3/computer-groups/smart-groups/{id}
GET /v2/computer-groups/smart-groups/{id}
GET
/v3/computer-groups/smart-group-membership/{id}
GET /v2/computer-groups/smart-group-membership/{id}
POST
/v3/computer-groups/smart-groups
POST /v2/computer-groups/smart-groups
PUT
/v3/computer-groups/smart-groups/{id}
PUT /v2/computer-groups/smart-groups/{id}
DELETE
/v3/computer-groups/smart-groups/{id}
DELETE /v2/computer-groups/smart-groups/{id}
GET
/v3/computer-groups/static-groups
GET /v2/computer-groups/static-groups
GET
/v3/computer-groups/static-groups/{id}
GET /v2/computer-groups/static-groups/{id}
POST
/v3/computer-groups/static-groups
POST /v2/computer-groups/static-groups
PUT
/v3/computer-groups/static-groups/{id}
PUT /v2/computer-groups/static-groups/{id}
DELETE
/v3/computer-groups/static-groups/{id}
DELETE /v2/computer-groups/static-groups/{id}
Smart Group payloads use the new SmartComputerGroupV3 and ComputerSmartGroupCriteriaV2 schemas. Static Group assignments now treat the assignments array as a set with uniqueItems: true, and group names are capped at 255 characters.
Information whether this instance is a FedRAMP instance
fipsEnabled
boolean
Information whether this instance has FIPS enabled
highComplianceInstance
boolean
Information whether this instance is a High Compliance instance
GET /v1/groups
Tags:groups
Parameter changed: filter (query)
The filter parameter description was updated to add support for a new filterable field groupPlatformId. The supported operators for this field are =in= (match any in list) and =out= (exclude all in list).
Jamf Remote Assist is not available on this instance.
GET /v1/jamf-remote-assist/session/{id}
Tags:jamf-remote-assist
Response description changed: 404
Before: Session with given id does not exist
After: Session history item not found. This may occur when the session with the given id does not exist, or when Jamf Remote Assist is not available on this instance.
GET /v1/login-customization
Tags:login-customization
Response 200 — Properties added
Property
Type
fedRampInstance
boolean
highComplianceInstance
boolean
GET /v2/jamf-remote-assist/session
Tags:jamf-remote-assist
Response added
Status Code
Description
404
Jamf Remote Assist is not available on this instance.
POST /v2/jamf-remote-assist/session/export
Tags:jamf-remote-assist
Response added
Status Code
Description
404
Jamf Remote Assist is not available on this instance.
GET /v2/jamf-remote-assist/session/{id}
Tags:jamf-remote-assist
Response description changed: 404
Before: Session with given id does not exist
After: Session history item not found. This may occur when the session with the given id does not exist, or when Jamf Remote Assist is not available on this instance.
PATCH /v2/mobile-devices/{id}
Tags:mobile-devices
Response 200 — Property type changed
Property
Old Type
New Type
site
V1Site
V1SiteBase
The site property in the response now references the new V1SiteBase schema (containing only id and name) instead of the full V1Site schema.
POST /v3/sso/disable
Tags:sso-settings
Response added
Status Code
Description
409
SSO cannot be disabled due to existing dependencies to it. This might happen if there are enrollment customizations depending on it or if SSO is the only authentication method available for the users.