Jamf MCP server
Manage Apple devices, query Jamf Protect alerts, and assess device risk across Jamf Pro, Protect, and Security Cloud.
About
Connect Tracecat to Jamf to manage Apple fleets and respond to endpoint alerts for SOC analysts and Mac admins working across Jamf Pro, Protect, and Security Cloud. You can pull a Jamf Protect alert and look up the affected device in Jamf Pro inventory for a complete picture of the host. From there, check device risk in Jamf Security Cloud, trigger remediation policies, and create risk overrides with confidence.
Setup
- 1
Create an API key
The Jamf MCP Hub starts in an onboarding mode without credentials and then asks for Jamf Pro API client credentials, plus optional Jamf Protect and Jamf Security Cloud RISK API keys for each product you want to enable.
- 2
Select the
Jamftile in the Tracecat MCP catalogOpen the
MCP catalogin your workspace, select theJamftile, and paste your API key. - 3
Enable
Jamfin your agentIn your
ai.agentaction orAgents→toolstab, selectJamffrom theMCP integrationsdropdown.
Tools
list_computers | List Macs and other Apple devices managed by Jamf Pro with inventory details. |
search_computers | Search Jamf Pro inventory by smart group, criteria, or saved search. |
get_computer_details | Retrieve full inventory and management details for a specific device. |
list_policies | List Jamf Pro policies and their scope, triggers, and payloads. |
list_configuration_profiles | List macOS and iOS configuration profiles deployed via Jamf Pro. |
list_jamf_protect_alerts | List Jamf Protect security alerts across enrolled Macs. |
list_jamf_protect_computers | List computers enrolled in Jamf Protect with their security posture. |
get_device_risk | Query Jamf Security Cloud for device risk status by device or user. |
create_risk_override | Create or update a device risk override in Jamf Security Cloud. |