Structured around dependency review, scope clarity, and day-to-day Jamf operations.
Veridominus is broader than a cleanup utility and narrower than a management platform. This page explains the product by workflow, not by marketing theme.
Feature groups
The product surface is organized around three kinds of administrative work: reviewing impact, understanding targeting and state, and acting with clearer operational context.
Dependency and cleanup review
Workflows for verifying what is referenced, what is uncertain, and what can be reviewed more safely before change.
Supported dependency analysis with confirmed references, unsupported exact references, review-required signals, and explicit coverage boundaries.
Conservative orphaned and cleanup candidate review with evidence, confidence, and Unknown when downstream coverage is incomplete.
Supported downstream impact review before a supported object is changed or removed.
Conflict classification and payload overlap review for macOS configuration profiles.
Scope and targeting clarity
Workflows that show why something targets a device or group, where exclusions matter, and where Jamf does not expose complete causality.
Direct scope, group-based scope, exclusions, and partial-resolution limits surfaced in one view.
Structured criteria presentation, current membership review, and explicit limits around per-device causal explanation.
Compliance reporting based on real Jamf patch data, with drillable version and inventory state.
Current Apple release context and fleet OS exposure from the available data sources.
Operations and follow-up
Fast investigation, controlled command workflows, and a durable remediation queue for day-to-day Jamf administration.
Fast search by supported identifiers with authoritative device detail, freshness context, and operational actions.
Bulk command submission with explicit submission state, partial success handling, and no fake execution certainty.
Readable script inspection, guarded editing, and usage context where Jamf linkage can be confirmed.
Persistent local follow-up tracking for remediation work, notes, and linked findings.
Major workflows
Each workflow below is described with the same public structure used across the site: what it does, why it matters, and how it works.
Overview Dashboard and Fleet Health
The dashboard shows point-in-time operational signals, data freshness, and direct routes into the workflows that need attention.
Admins need to know what needs review now, why it matters, and where to go next. Vanity health scores do not help with production work.
Metrics stay tied to real Jamf data. Freshness, unavailable counts, and local-only state remain explicit instead of being flattened into decorative summaries.
EA Dependency Scanner
Review where an extension attribute is referenced across supported Jamf surfaces before you edit or remove it.
Extension attributes turn into shared dependencies quickly. The risk is rarely the EA itself; it is the policy, group, search, or managed configuration logic attached to it.
Veridominus keeps confirmed references separate from unsupported exact references and review-only signals. Coverage rows show what was checked and what was not.
Ghost Hunter
Audit stale devices, zero-scope policies, empty groups, and other cleanup candidates without overstating what is safe.
Cleanup work is where weak tools do real damage. If evidence is partial, the result must read as uncertain, not safe.
Ghost Hunter separates Safe Candidate, Likely Candidate, Review Required, and Unknown. Evidence and coverage are visible in the review flow.
Profile Conflict Detection
Inspect overlapping configuration profile payloads with explicit classification, scope overlap evidence, and comparable payload keys.
Profile conflicts are difficult to reason about from Jamf alone, especially when payload overlap and scope overlap are both involved.
The conflict view separates confirmed payload overlap, derived scope overlap, and unresolved scope detail so the operator can see what is proven and what is partial.
Scope Inspector and Smart Groups
Explain what targets a device or group, what excludes it, and what a smart group means operationally.
Targeting often fails because the administrator cannot quickly answer why something applies, why it does not, or whether the current explanation is only partial.
Scope Inspector surfaces inclusion, exclusion, observed membership, and partial-resolution limits. Smart Groups shows criteria directly and keeps causal limits honest.
Script Library
Browse scripts with metadata, inspect bodies cleanly, review supported usage context, and make guarded edits when permissions allow it.
Large Jamf environments accumulate scripts quickly. Without readable context, change review becomes slow and error-prone.
The library keeps metadata, usage context, and the current script body together. It distinguishes supported Jamf linkage from unsupported external use.
Patch Compliance and Apple Updates
Review patch status, version distribution, and current Apple release context in a way that stays tied to source data.
Patch posture matters operationally only when admins can see the denominator, unknown states, and drill-down evidence.
Compliance calculations use real Jamf counts, unknown states stay out of the denominator, and version distributions are labeled when partial.
Workbench
Track remediation follow-up with durable local persistence, notes, status, due dates, and source context.
Review only helps if it can turn into tracked action. Bookmark-style follow-up is not enough in real administrative work.
Workbench stores server-scoped remediation items locally on the Mac and links them back to source findings where supported.
Supporting workflows
These capabilities matter because they reduce friction around the primary review and operations workflows. They are part of the product, but they are not marketed as separate platforms.
Global Search
Fast navigation into supported objects and workflows so the operator can get from question to evidence quickly.
Exporting
CSV, JSON, and HTML export where the feature supports it, with evidence and coverage boundaries preserved.
Multiple server profiles
Separate Jamf Pro environments can be stored and switched locally from the same Mac.