As you may know, macOS devices can break in numerous ways and stop behaving as expected in JAMF. Many of these scenarios have been fixed now that JAMF considers the device managed even without a management account. However, there's one covert issue that I've noticed recently that I'd like some help on both detecting and fixing, in some automated way.
First, what's the problem? Well, difficult to say, but it manifests itself in the following way:
When an MDM command is issued to the device, the command fails with the following reason:
"The device token is not active for the specified topic."
My assumption at this point is that the MDM profile on the client is somehow broken as this isn't a general problem. But anyway, is there some way we can detect these devices in bulk somehow? By search? By data in the JAMF DB? Or by looking for error messages in the jamf pro server logs?
Now, once a method to identify affected devices has been found, how can this be remedied? Note that the JAMF agent is still active, checks in and executes policies as usual. What command can be run through a policy to resolve this automatically?
..or is the real-world method here to just ignore it as it's difficult to find and difficult to fix? The users will notice sooner or later once their wifi certificate expires anyway. :)