Skip to main content

I'm posting this in case others encountered this issue with bootstrap tokens on macOS 10.15. Particularly, we were running Jamf Pro 10.23.0 but were still seeing our devices show that tokens were not supported on the server.

Checking the status:
sudo profiles status -type bootstraptoken

Results:
profiles: Bootstrap Token supported on server: NO

Our devices met all the requirements, namely:
1. Registered in Apple Business / School Manager
2. Enrolled via pre-stage enrollment.
3. Running macOS 10.15.4 or later.
4. Enrolled after Jamf was upgraded to 10.18.0

The issue was that an undocumented requirement (possibly a bug) is that the pre-stage enrollment must have the following option checked:

Prevent user from enabling Activation Lock

Once changed, we were able to fix existing devices by issuing the Remove MDM Profile command, then on the device enrolling again with the following command:

sudo profiles renew -type enrollment

Once the device re-enrolled the results showed as expected that the tokens were supported, and we were able to manually install the bootstrap token with the following command:

sudo profiles install -type bootstraptoken

Hopefully that helps someone else!

Is there a specific solution in that thread you found useful? 


I actually posted in that thread, the link is supposed to take you to it, however it seems the page no longer wants to do that.

We don't use pre-stage enrollment for classroom computers.  Has anyone been successful in getting bootstrap tokens to work via user-initiated enrollment?

We don't use pre-stage enrollment for classroom computers.  Has anyone been successful in getting bootstrap tokens to work via user-initiated enrollment?


Yes, it should work after the device is enrolled and a user with a secure token logs in. We have a workflow right now though to create and grant an administrative user a secure token, and we're using that account with the commands I originally put above to add the bootstrap token. That said, you really need to look at getting your devices into Apple School/Business Manager and using a pre-stage. There are quite a few things that are more challenging without it.

Terms & ConditionsCookie settingsAccessibility statement