# Jamf Pro MCP

> Jamf Pro MCP connects your AI agent directly to the Jamf Pro API, letting you audit and manage entire Apple device fleets. Use it to list all managed computers, check mobile security status, track inventory details like disk encryption, or see which users are assigned where. It's essential for IT teams needing a full view of their hardware and software deployment.

## Overview
- **Category:** fort-knox
- **Price:** Free
- **Tags:** mobile-device-management, it-automation, asset-tracking, endpoint-security

## Description

This MCP lets your AI client work with the Jamf Pro API to manage your entire Apple ecosystem. Your agent can list all managed computers and mobile devices, giving you an immediate inventory count and status overview. Need to know who's using what? You can look up users and see which departments they belong to. The system also tracks physical locations by listing buildings or analyzing device distribution across specific categories. For automation tasks, your AI client doesn't just read data; it pulls details about available software packages or existing management scripts for remote execution. When you connect this via Vinkius, you give your agent the full capability to audit everything from user accounts and computer serial numbers to department assignments in one place.

## Tools

### get_computer
Retrieves detailed information for one specific computer, including its installed apps and disk encryption status.

### get_mobile_device
Pulls comprehensive data on a single mobile device, showing its security status, assigned user, and OS version.

### list_buildings
Lists all physical buildings configured within the Jamf Pro management system.

### list_categories
Retrieves a list of all management categories, useful for understanding the hierarchy used in device grouping.

### list_computers
Lists every managed computer on the network, providing names, IDs, and serial numbers for fleet auditing.

### list_departments
Provides a list of all configured business departments, allowing analysis of device distribution by unit.

### list_mobile_devices
Lists every managed mobile device, providing their names, IDs, and models for asset auditing.

### list_packages
Returns a list of all software packages available in Jamf Pro's distribution points for deployment checks.

### list_scripts
Lists all management scripts stored within Jamf Pro, which can be used for remote automation execution.

### list_users
Retrieves a full list of users in the system and identifies their current associations with devices.

## Prompt Examples

**Prompt:** 
```
List all computers managed in Jamf Pro.
```

**Response:** 
```
I'll fetch the list of managed computers and their inventory details for you.
```

**Prompt:** 
```
Show me details for mobile device ID '456'.
```

**Response:** 
```
I'll retrieve the full inventory and management data for that mobile device.
```

**Prompt:** 
```
List all management scripts configured in the system.
```

**Response:** 
```
I'll look up the list of available management scripts in Jamf Pro.
```

## Capabilities

### Audit all managed computers
The MCP retrieves detailed records for every Mac on the network, including installed applications and disk encryption status.

### Investigate specific mobile devices
You can pull deep data on any single mobile asset, showing its operating system version, assigned user, and security state.

### Map organizational structure
The MCP lists all configured departments, buildings, and management categories to understand how devices are distributed across the company.

### Track users and assets
You can pull a list of every user in the system and view which specific machines or mobile devices they are associated with.

### Review deployment resources
The MCP lists all available software packages, management scripts, and custom categories ready for deployment across the fleet.

## Use Cases

### The Quarterly Compliance Audit
A security analyst needs to prove all corporate Macs have disk encryption enabled. They ask the agent to run `list_computers` first, then iterate through the results calling `get_computer` for each one, compiling a single report showing every machine's current status.

### Onboarding a New Department
A sysadmin needs to provision 50 new employee laptops. They use `list_departments` to find the correct unit ID and then call `get_computer` repeatedly to ensure every device assigned to that department is accounted for.

### Investigating Lost Devices
A manager loses track of company phones. They ask their agent to run `list_mobile_devices` to get a master list, and then use `get_mobile_device` on specific IDs to verify the last known OS version.

### Pre-Rollout Check
An IT team is prepping an OS update. Before deployment, they check `list_packages` to confirm the correct software is available and then use `list_scripts` to ensure any necessary pre-run scripts are ready.

## Benefits

- Stop manually checking compliance. By using `get_computer`, you can instantly audit a machine's disk encryption status, which is crucial for security reporting.
- Get location context immediately. Tools like `list_buildings` or `list_departments` let your agent map device distribution across physical sites and business units.
- Improve asset visibility by using `list_mobile_devices`. You can quickly get a list of all managed phones and tablets, speeding up inventory checks.
- Streamline software deployments. Instead of guessing what's available, use `list_packages` to see every software package ready for rollout across the entire organization.
- Simplify user-asset mapping. Running `list_users` lets your agent instantly pair users with their assigned devices, making audit reports simple and accurate.

## How It Works

The bottom line is that your AI client uses this MCP to talk directly to Jamf Pro, giving it real-time asset and user information.

1. You tell your AI client exactly what you need to audit—for example, 'Find all Macs without disk encryption.'
2. The client calls the relevant tool in this MCP (like `list_computers` or `get_computer`), which executes a request against the Jamf Pro API.
3. Your agent receives structured data containing the specific inventory details, user assignments, or deployment status you requested.

## Frequently Asked Questions

**Can Jamf Pro MCP list all managed hardware?**
Yes, the MCP can list both Mac computers using `list_computers` and mobile devices via `list_mobile_devices`, giving you a comprehensive inventory count.

**How do I check if an individual computer is encrypted?**
You call the `get_computer` tool, passing in the specific device ID. The returned data includes the current disk encryption status for that machine.

**Does Jamf Pro MCP help me find devices by location?**
Yes, you can audit distribution using tools like `list_buildings` and `list_departments`, allowing you to filter or analyze assets based on their assigned physical site or business unit.

**What if I need to see available software packages?**
Use the `list_packages` tool. It retrieves a list of every `.pkg` or `.dmg` file available in Jamf Pro's distribution points, so you know exactly what can be deployed.

**Can I see which user owns a specific device?**
You use `list_users` to view the full roster and then cross-reference that data with device details retrieved from tools like `get_computer` or `get_mobile_device`.