Identifying Intel Macs with Secure Enclave using Jamf Pro
As part of a recent task, I needed to identify using Jamf Pro which Macs in our environment have Secure Enclave and which Macs do not. For Intel Macs, having Secure Enclave means that you have one of the following Macs:
Macs with the Apple T1 Security Chip
- MacBook Pro (13-inch with Touch Bar, Late 2016)
- MacBook Pro (15-inch with Touch Bar, Late 2016)
- MacBook Pro (13-inch with Touch Bar, Mid-2017)
- MacBook Pro (15-inch with Touch Bar, Mid-2017)
Macs with the Apple T2 Security Chip
- iMac (Retina 5K, 27-inch, 2020)
- iMac Pro
- Mac Pro (2019)
- Mac Pro (Rack, 2019)
- Mac mini (2018)
- MacBook Air (Retina, 13-inch, 2020)
- MacBook Air (Retina, 13-inch, 2019)
- MacBook Air (Retina, 13-inch, 2018)
- MacBook Pro (13-inch, 2020, Two Thunderbolt 3 ports)
- MacBook Pro (13-inch, 2020, Four Thunderbolt 3 ports)
- MacBook Pro (16-inch, 2019)
- MacBook Pro (13-inch, 2019, Two Thunderbolt 3 ports)
- MacBook Pro (15-inch, 2019)
- MacBook Pro (13-inch, 2019, Four Thunderbolt 3 ports)
- MacBook Pro (15-inch, 2018)
- MacBook Pro (13-inch, 2018, Four Thunderbolt 3 ports)
Jamf Pro doesn’t have a specific “this Mac has Secure Enclave” inventory identifier, so I decided to use Apple’s documentation on which Intel Mac models have Secure Enclave to build Jamf Pro smart groups with model identifiers. With Apple’s move to Apple Silicon processors, this list of models should not be added to in the future.
For Intel Macs equipped with T1 chips, here are the relevant model identifiers:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| MacBookPro13,2 | |
| MacBookPro13,3 | |
| MacBookPro14,2 | |
| MacBookPro14,3 |
For Intel Macs equipped with T2 chips, here are the relevant model identifiers:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| iMac20,1 | |
| iMacPro1,1 | |
| MacPro7,1 | |
| Macmini8,1 | |
| MacBookAir8,1 | |
| MacBookAir8,2 | |
| MacBookAir9,1 | |
| MacBookPro15,1 | |
| MacBookPro15,2 | |
| MacBookPro15,3 | |
| MacBookPro15,4 | |
| MacBookPro16,1 | |
| MacBookPro16,2 | |
| MacBookPro16,3 | |
| MacBookPro16,4 |
For more details, please see below the jump.
To create a smart group that contains the list of all Intel Macs equipped with Secure Enclave, I’ve created the following smart group XML file:
Jamf Pro smart group containing model identifiers for Intel Macs with Secure Enclave:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <computer_group> | |
| <name>Intel Macs with Secure Enclave</name> | |
| <is_smart>true</is_smart> | |
| <criteria> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>0</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>MacBookPro13,2</value> | |
| </criterion> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>1</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>MacBookPro13,3</value> | |
| </criterion> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>2</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>MacBookPro14,2</value> | |
| </criterion> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>3</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>MacBookPro14,3</value> | |
| </criterion> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>4</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>iMac20,1</value> | |
| </criterion> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>5</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>iMacPro1,1</value> | |
| </criterion> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>6</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>MacPro7,1</value> | |
| </criterion> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>7</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>Macmini8,1</value> | |
| </criterion> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>8</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>MacBookAir8,1</value> | |
| </criterion> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>9</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>MacBookAir8,2</value> | |
| </criterion> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>10</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>MacBookAir9,1</value> | |
| </criterion> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>11</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>MacBookPro15,1</value> | |
| </criterion> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>12</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>MacBookPro15,2</value> | |
| </criterion> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>13</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>MacBookPro15,3</value> | |
| </criterion> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>14</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>MacBookPro15,4</value> | |
| </criterion> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>15</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>MacBookPro16,1</value> | |
| </criterion> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>16</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>MacBookPro16,2</value> | |
| </criterion> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>17</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>MacBookPro16,3</value> | |
| </criterion> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>18</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>MacBookPro16,4</value> | |
| </criterion> | |
| </criteria> | |
| <computers/> | |
| </computer_group> |
To narrow down if the Mac has a T1 or T2 chip installed, I also created the following smart group XML files:
Jamf Pro smart group containing model identifiers for Intel Macs with T1 chips:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <computer_group> | |
| <name>Intel Macs with T1 chips</name> | |
| <is_smart>true</is_smart> | |
| <criteria> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>0</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>MacBookPro13,2</value> | |
| </criterion> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>1</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>MacBookPro13,3</value> | |
| </criterion> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>2</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>MacBookPro14,2</value> | |
| </criterion> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>3</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>MacBookPro14,3</value> | |
| </criterion> | |
| </criteria> | |
| <computers/> | |
| </computer_group> |
Jamf Pro smart group containing model identifiers for Intel Macs with T2 chips:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <computer_group> | |
| <name>Intel Macs with T2 chips</name> | |
| <is_smart>true</is_smart> | |
| <criteria> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>0</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>iMac20,1</value> | |
| </criterion> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>1</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>iMacPro1,1</value> | |
| </criterion> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>2</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>MacPro7,1</value> | |
| </criterion> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>3</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>Macmini8,1</value> | |
| </criterion> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>4</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>MacBookAir8,1</value> | |
| </criterion> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>5</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>MacBookAir8,2</value> | |
| </criterion> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>6</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>MacBookAir9,1</value> | |
| </criterion> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>7</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>MacBookPro15,1</value> | |
| </criterion> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>8</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>MacBookPro15,2</value> | |
| </criterion> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>9</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>MacBookPro15,3</value> | |
| </criterion> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>10</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>MacBookPro15,4</value> | |
| </criterion> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>11</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>MacBookPro16,1</value> | |
| </criterion> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>12</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>MacBookPro16,2</value> | |
| </criterion> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>13</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>MacBookPro16,3</value> | |
| </criterion> | |
| <criterion> | |
| <name>Model Identifier</name> | |
| <priority>14</priority> | |
| <and_or>or</and_or> | |
| <search_type>is</search_type> | |
| <value>MacBookPro16,4</value> | |
| </criterion> | |
| </criteria> | |
| <computers/> | |
| </computer_group> |
These smart group XML files can be imported into a Jamf Pro server via Jamf’s Classic API. To upload it using the Classic API, download the XML file to a convenient location, then run the command shown below (substituting as appropriate):
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl -su username:password https://jamfpro.server.here:port.number.here/JSSResource/computergroups/id/0 -T /path/to/filename.xml -X POST |
For on-premise Jamf Pro servers, this API command will be similar to what’s shown below:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl -su username:password https://jamfpro.server.here:8443/JSSResource/computergroups/id/0 -T /path/to/filename.xml -X POST |
For Jamf Cloud-hosted Jamf Pro servers, this API command will be similar to what’s shown below:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl -su username:password https://jamfpro.server.name.here.jamfcloud.com/JSSResource/computergroups/id/0 -T /path/to/filename.xml -X POST |
If the smart group was successfully uploaded, you should next see output similar to that shown below:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?><computer_group><id>64</id></computer_group>computername:~ username$ |