Security Toolv2.4.0Production Ready

Jamf Connect Privilege Monitor

A comprehensive monitoring and automated remediation system for Jamf Connect privilege elevation events with legitimate elevation tracking, enterprise Configuration Profile management, and real-time detection capabilities.

View on GitHub

About This Project

This enterprise-grade security solution provides complete visibility and control over macOS administrative privileges. It detects unauthorized admin accounts, distinguishes between legitimate Jamf Connect elevations and unauthorized administrative access, and automatically removes unauthorized privileges when violations are detected.

Key Features

Webhook Platform Selection - Native support for Slack and Microsoft Teams with proper formatting

Legitimate Elevation Tracking - Distinguish between authorized Jamf Connect elevations and unauthorized admins

Elevation Analytics - Track elevation frequency, duration, and reasons with elevation-report command

MonitorJamfConnectOnly Mode - Event-driven monitoring that only checks after Jamf Connect elevations

SMTP Provider Selection - Gmail, Office 365, SendGrid, AWS SES, and more with auto-configuration

Real-time & Periodic Monitoring - Immediate or 5-minute interval detection modes

Configuration Profile Management - Centralized settings via Jamf Pro JSON Schema

Automated Remediation - Instantly removes unauthorized admin privileges with configurable grace periods

Jamf Pro Integration - Extension Attributes, Smart Groups, and automated policy triggers

Comprehensive Logging - Detailed audit trails in /var/log/jamf_connect_monitor/

Production Verification Tools - Built-in scripts to validate deployment success

ACL Security - Extended Attribute clearing prevents permission bypass

Zero User Interaction - Silent deployment and operation across your fleet

Requirements

macOS 10.14 or later
Jamf Connect 2.33.0 or later with privilege elevation enabled
Jamf Pro 10.19 or later (for Configuration Profile JSON Schema support)
Root/administrator access for installation

CLI Commands

sudo jamf_connect_monitor.sh status

Check current status with Configuration Profile info

sudo jamf_connect_monitor.sh test-config

Test Configuration Profile settings

Log Files

/var/log/jamf_connect_monitor/monitor.log

Main monitoring activity and system events

/var/log/jamf_connect_monitor/admin_violations.log

Unauthorized admin detections with full context

Tech Stack

BashJamf ProSlack APIMicrosoft TeamsSMTPJSON SchemaLaunchDaemon

License

MIT License

Quick Links

GitHub Repository Report an Issue Documentation

Slack Support

Get direct support from the MacJediWizard team in our private Slack channel.

Need Help?

We offer professional support and custom development for this project.

Need Custom Development?

We can customize this tool for your environment or build something completely new.

Get in Touch View All Projects