Jamf Pro Inventory Update and recon functions – alike, but not the same

As part of discussing the outcome of a troubleshooting session concerning Jamf Pro and profile deployment with a teammate, I learned that the two functions that Jamf Pro uses to update its computer inventory worked in a similar fashion, but they weren’t identical.

The differences turned out to be important for profile deployment. For more details, please see below the jump.

There’s a couple of ways that you can request a computer inventory using Jamf Pro:

1. Using the Jamf agent’s recon function

2. Using a Jamf policy’s Update Inventory function.

With regards to profiles, the two inventory update processes run the DeviceInformation MDM command at different times in the inventory gathering process, with relationship to when the inventory update process checks extension attributes.

When running an inventory update using the Update Inventory function in a Jamf Pro policy, the following items are run in this order:

1. The DeviceInformation MDM command is run.
2. Extension attributes are checked and updated.

When running an inventory update using the recon function of the Jamf agent, the following items are run in this order:

1. Extension attributes are checked and updated.
2. The DeviceInformation MDM command is run.

Why is this important?

If you have profiles scoped to the results of an extension attribute, having that extension attribute checked and updated before profile assignments change will result in that profile being deployed correctly once.

If the extension attribute hasn’t been checked before profile assignments change, you may see that profile not deploy, deploy based on what is incorrect information, or even deploy multiple times as first incorrect and then correct data comes in from the extension attribute.

What to do?

If you have profiles scoped to extension attributes, my recommendation is to use the Jamf agent’s recon function to run inventory updates. If you need to run an inventory as part of a policy, you can use the Jamf agent’s recon function to run an inventory update by using the following process:

1. Select the policy in question.
2. Go to the Files and Processes section.
3. Go to the Execute Command blank.
4. Enter the following command:

/usr/local/jamf/bin/jamf recon

This will trigger the Jamf agent on the individual computers to run a recon using the Jamf agent.