Skip to main content
Question

Jamf Connect Pre-stage profiles removed after installing why would this happen?

  • July 21, 2025
  • 3 replies
  • 93 views
J
Forum|alt.badge.img+3

Has this ever happened to anyone else or do you know why this might occur. Our Jamf Connect config profiles like menu bar, login and license installed before the users start date and then it appears that when the user tried to turn on the laptop and sign in they uninstalled which left them with the message in the image below that their version of Jamf Connect was unlicensed. 

 

3 replies

AJPinto
Forum|alt.badge.img+26
  • AJPinto
  • Legendary Contributor
  • July 21, 2025

The configuration profiles installed by the prestage only exist as the device is enrolling. If you want the profiles to persist you will need to scope the Configuration Profiles themselves to the devices. If you don’t scope the Configuration Profiles themselves to the devices, they will fall off nearly instantly after enrolling finishes.

J
Forum|alt.badge.img+3
  • jmahabeer
  • Author
  • New Contributor
  • July 21, 2025

The configuration profiles installed by the prestage only exist as the device is enrolling. If you want the profiles to persist you will need to scope the Configuration Profiles themselves to the devices. If you don’t scope the Configuration Profiles themselves to the devices, they will fall off nearly instantly after enrolling finishes.

Hey AJPinto, from our side the device record had looked as if it never got enrolled to begin with. Could this happen if a user potentially started enrollment but did not fully complete it/login. Our configuration profiles are scoped once the user creates an account as everything gets scoped to our departments. 

AJPinto
Forum|alt.badge.img+26
  • AJPinto
  • Legendary Contributor
  • July 21, 2025

The configuration profiles installed by the prestage only exist as the device is enrolling. If you want the profiles to persist you will need to scope the Configuration Profiles themselves to the devices. If you don’t scope the Configuration Profiles themselves to the devices, they will fall off nearly instantly after enrolling finishes.

Hey AJPinto, from our side the device record had looked as if it never got enrolled to begin with. Could this happen if a user potentially started enrollment but did not fully complete it/login. Our configuration profiles are scoped once the user creates an account as everything gets scoped to our departments. 




It is possible enrollment can fail, but it’s very difficult to make happen. The only time I have ever seen enrollment fail is when there is a network constraint blocking traffic like TLS filtering. 

My guess is how you are scoping things is the problem.

  • Your prestage is loading configuration profiles, which is only good for things that need configurations at the time of enrollment. These profiles are removed very soon after enrollment, within seconds.
  • You are scoping your Configuration Profiles to Smart Groups which is fine. However, those smart groups are not being populated by something that is a persistent value. Your devices are not falling in to scope until something is manually set like a department. 

My suggestion, make baseline configuration profiles, and exclude them from the scopes you are using to target your existing configuration profiles. 

  • For example. Have a single Jamf Connect Configuration Profile that targets all devices with your baseline configuration you would want targeted at your most hardened devices. Then Add exclusions for the smart groups that you want to use to target your more departmentally focused Jamf Connect Configuration Profiles. This way your devices will always have a configuration targeting them, and when you add the department the Configuration Profiles will just swap out.
Terms & ConditionsCookie settingsAccessibility statement