I would be awesome if I could apply configuration profiles at the user level and then exclude myself and local admin accounts...I vaguely remember that this was not something that worked. Anyone have any successes with this? And would they share how they succeeded?
Question
Configuration Profiles applied per user?
+8
+14You can only deploy user-level configuration profile to MDM-enabled users on the Mac, which is always the account created during PreStage enrollment (and most likely your end-user account). For non-DEP enrollments, this is the logged in user at the time of enrollment:
https://docs.jamf.com/10.30.0/jamf-pro/administrator-guide/MDM-Enabled_Local_User_Accounts.html
This will automatically exclude your local admin account and, unless you are an MDM-enabled user on the Mac in question, yourself.
+14You can only deploy user-level configuration profile to MDM-enabled users on the Mac, which is always the account created during PreStage enrollment (and most likely your end-user account). For non-DEP enrollments, this is the logged in user at the time of enrollment:
https://docs.jamf.com/10.30.0/jamf-pro/administrator-guide/MDM-Enabled_Local_User_Accounts.html
This will automatically exclude your local admin account and, unless you are an MDM-enabled user on the Mac in question, yourself.
If you really want to be safe you can build a smart group with the usernames you want to exclude and add those to the configuration profile exclusions, but this isn't always reliable since Jamf uses the logged in user at last inventory to decide scoping for user-level MDM profiles.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.