Jamf MCP server
Manage Apple devices, query Jamf Protect alerts, and assess device risk across Jamf Pro, Protect, and Security Cloud.
About
Connect Tracecat to Jamf to manage Apple fleets and respond to endpoint alerts for SOC analysts and Mac admins working across Jamf Pro, Protect, and Security Cloud. You can pull a Jamf Protect alert and look up the affected device in Jamf Pro inventory for a complete picture of the host. From there, check device risk in Jamf Security Cloud, trigger remediation policies, and create risk overrides with confidence.
Setup
- 1
Create an API key
The Jamf MCP Hub starts in an onboarding mode without credentials and then asks for Jamf Pro API client credentials, plus optional Jamf Protect and Jamf Security Cloud RISK API keys for each product you want to enable.
- 2
Select the
Jamftile in the Tracecat MCP catalogOpen the
MCP catalogin your workspace, select theJamftile, and paste your API key. - 3
Enable
Jamfin your agentIn your
ai.agentaction orAgents→toolstab, selectJamffrom theMCP integrationsdropdown.
Tools
list_computersList Macs and other Apple devices managed by Jamf Pro with inventory details.
search_computersSearch Jamf Pro inventory by smart group, criteria, or saved search.
get_computer_detailsRetrieve full inventory and management details for a specific device.
list_policiesList Jamf Pro policies and their scope, triggers, and payloads.
list_configuration_profilesList macOS and iOS configuration profiles deployed via Jamf Pro.
list_jamf_protect_alertsList Jamf Protect security alerts across enrolled Macs.
list_jamf_protect_computersList computers enrolled in Jamf Protect with their security posture.
get_device_riskQuery Jamf Security Cloud for device risk status by device or user.
create_risk_overrideCreate or update a device risk override in Jamf Security Cloud.