Skip to main content
Veridominus logo
Veridominus
Scope Inspector

Show what targets a device, what excludes it, and where scope reasoning stops.

Scope Inspector is a device-focused targeting view. It reads supported Jamf scope data for a specific computer and keeps inclusion evidence, exclusion evidence, and unresolved paths separate instead of flattening the result into a simple applies or does not apply label.

Direct scopeExclusions stay visibleUnknown stays explicit

What the current release supports

  • Lookup by computer name or serial number
  • Policy scope and exclusion review
  • Configuration profile scope and exclusion review
  • Patch policy scope review where returned by the Jamf API
  • Group-based scope resolution when memberships can be expanded

How to use it

  1. Open Scope Inspector and search for a Jamf-managed computer.
  2. Run the inspection.
  3. Review applies, excluded, and unknown results separately.
  4. Inspect the evidence rows before using the result for scope change review.

How results are classified

  • Confirmed means direct scope, direct exclusion, or resolved group membership supports the result.
  • Derived is the final applicability summary computed from confirmed Jamf scope inputs.
  • Unknown means unresolved groups, departments, buildings, or incomplete API data prevented a full explanation.

Why Unknown matters

Scope Inspector does not guess a full causal chain when Jamf does not expose enough targeting detail. Unknown is used to preserve trust, not to avoid showing work.

What the feature does not claim

  • It is not a universal targeting explainer for every Jamf object family.
  • It does not hide exclusions.
  • It does not replace Jamf-side review for unsupported targeting paths.