Skip to main content
Question

MDM failure. Inability to Lock or Wipe machine.

  • June 3, 2026
  • 5 replies
  • 140 views
S
Forum|alt.badge.img+3

We recently laid off 14 people and were going to gift them their M1 Laptops after they were off-boarded.  I issued Lock Computer commands from JAMF Pro to each machine and, to my surprise, found that only 3 of the 14 had actually locked out the user.   Luckily, these folks were all friends of the company (sad) and they did not do anything malicious, but I was able to use my TeamViewer link to the machine to go in and ‘removeFramework’ and re-enroll.   After that, I was able to wipe the machines normally.  

 

Is there a way to get the rest of my machines back into compliance without removing the framework and re-enrolling them, one by one?  Will a ‘renewDeviceCert’ work?  Thanks. 

5 replies

S
Forum|alt.badge.img+3
  • SynapticCleft
  • Author
  • New Contributor
  • June 4, 2026

To add to my post, or maybe ‘jamf manage’?

ThomM
Forum|alt.badge.img+22
  • ThomM
  • Jamf Heroes
  • June 5, 2026

You could try the Redeploy Framework API call: /v1/jamf-management-framework/redeploy/{id}

Basically does programmatically what you did manually.

We heard you like space.
    Chubs
    Forum|alt.badge.img+26
    • Chubs
    • Jamf Heroes
    • June 5, 2026

    Are they still polling in JAMF?  What’s the status of the devices?  A MDM lock should not cause any binary issues….but without knowing the state of devices, it’s hard to say what should be done.

    Were the devices locked or were they unmanaged?  Can you post the management history logs of a device so we can get a better story of what happened?

    I find your lack of faith disturbing
    Jordy-Thery
    Forum|alt.badge.img+16
    • Jordy-Thery
    • Valued Contributor
    • June 5, 2026

    You have two possible scenario’s of something going wrong:

    1. The Jamf binary still communicates (check-in and inventory update work) but the device does not respond to MDM commands. A profiles renew -type enrollment (given the devices are in ABM) would resolve that. You could put this in Self Service.
    2. The device responds to MDM commands but the Jamf binary no longer communicates (no check-in / inventory update). A redeploy framework would work (either through API or via this tool). 

    As ​@Chubs said, a little more info would help. :) 

      sayr01
      Forum|alt.badge.img+7
      • sayr01
      • Contributor
      • June 8, 2026

      We recently laid off 14 people and were going to gift them their M1 Laptops after they were off-boarded.  I issued Lock Computer commands from JAMF Pro to each machine and, to my surprise, found that only 3 of the 14 had actually locked out the user.   Luckily, these folks were all friends of the company (sad) and they did not do anything malicious, but I was able to use my TeamViewer link to the machine to go in and ‘removeFramework’ and re-enroll.   After that, I was able to wipe the machines normally.  

       

      Is there a way to get the rest of my machines back into compliance without removing the framework and re-enrolling them, one by one?  Will a ‘renewDeviceCert’ work?  Thanks. 

       

      I have never witness this in our environment.  the lock and wipe command always works unless there is an issue with communication.    

      Terms & ConditionsAccessibility statement