Skip to main content
Solved

Proper way to reset a managed device without losing management profile?

  • March 11, 2023
  • 8 replies
  • 155 views
F
Forum|alt.badge.img+3

Hello,

I would like to know what the proper way is to reset a device while still keeping it under management.

I have a MacBook that was added to ABM using Configurator 2 and was prestaged and is now managed in Jamf Pro. It has several policies and packages installed. Now, I want to take the MacBook back from a colleague and send it to a new colleague. He can then start with the MacBook as if it's new (=PreStage). It's important for me that the device is not removed from ABM, because everything is managed remotely.

Should I simply click on "Wipe Computer"? Will the MacBook rerun the policies, etc., if it's still in scope? Or do I need to take further steps, such as flushing all policies for that MacBook?

Best regards,
Floh

Best answer by jcarr

As long as the device is assigned to Jamf from Apple Business (or School) Manager, and assigned to a PreStage enrollment, it will re-enroll when the end user completes setup assistant after it has been erased.  Mac computers with macOS 12.0.1 or later and either an Apple T2 Security chip or an Apple Silicon processor, support Erase all Content and Settings. 

 

If the computer has escrowed a bootstrap token with Jamf Pro, the Wipe Computer command will attempt to do an Erase all Content and Settings.  If your re-enrollment settings are set to clear commands and policy history, everything should re-run when the device re-enrolls, as if it were a new computer.

    8 replies

    J
    Forum|alt.badge.img+21
    • jcarr
    • Valued Contributor
    • Answer
    • March 11, 2023

    As long as the device is assigned to Jamf from Apple Business (or School) Manager, and assigned to a PreStage enrollment, it will re-enroll when the end user completes setup assistant after it has been erased.  Mac computers with macOS 12.0.1 or later and either an Apple T2 Security chip or an Apple Silicon processor, support Erase all Content and Settings. 

     

    If the computer has escrowed a bootstrap token with Jamf Pro, the Wipe Computer command will attempt to do an Erase all Content and Settings.  If your re-enrollment settings are set to clear commands and policy history, everything should re-run when the device re-enrolls, as if it were a new computer.

    F
    F
    Forum|alt.badge.img+3
    • floh
    • Author
    • New Contributor
    • March 12, 2023

    Thank you for your previous response. I want to clarify my understanding of the re-enrollment process after removing the MDM profile from a device. If I understand correctly, I should not click "Wipe Computer" but instead choose "Remove MDM Profile." However, I'm unsure about the next steps. If I understand correctly, even after removing the MDM profile, the old account with data will still be present on the computer, so I need to wipe it afterward. Is this correct?

    If I do need to wipe the computer, I don't think I need to remove it from the Jamf Pro computer list because I could just enable "Clear policy logs on computers" in the re-enrollment settings. Is this correct?

    I appreciate your guidance on this matter. Thank you.

    J
    Forum|alt.badge.img+21
    • jcarr
    • Valued Contributor
    • March 12, 2023

    If the device is new enough to support Erase all Contents and Settings, that's the best way to redeploy it to a new user.  The Wipe Computer command should do the trick.

    F
    Forum|alt.badge.img+3
    • floh
    • Author
    • New Contributor
    • March 12, 2023

    Thanx, will test it and report back here.

    AJPinto
    Forum|alt.badge.img+26
    • AJPinto
    • Legendary Contributor
    • March 13, 2023

    There is nothing that can be done on the device to remove it from Apple Business Manager. So long as the device is assigned to your MDM instance the proper way to reprovision is simply to reinstall macOS however you deem fit. When macOS goes to activate Apple will redirect activation to your MDM, and the device will enroll in to management before the user can do anything.

    F
    F
    Forum|alt.badge.img+3
    • floh
    • Author
    • New Contributor
    • March 13, 2023

    Hi, as promised, I tested "Wipe Computer" and nothing else. The MacBook (M1) was erased and I was able to set it up again. It is still managed by Jamf Pro, and all profiles (if still in scope) were reapplied. So, it works as expected. Thank you very much, everybody!

    As @jcarr mentioned, be sure to adjust the "re-enrollment setting" since it is disabled by default.


    @AJPinto: Thank you for the additional information. This is good to know!

    J
    Forum|alt.badge.img+2
    • joejoe
    • New Contributor
    • October 21, 2023

    There is nothing that can be done on the device to remove it from Apple Business Manager. So long as the device is assigned to your MDM instance the proper way to reprovision is simply to reinstall macOS however you deem fit. When macOS goes to activate Apple will redirect activation to your MDM, and the device will enroll in to management before the user can do anything.


    @AJPinto 

    I am curious about the process. I already erased the disk. Mac asks me to connect to the Internet to activate it. I assume Mac doesn’t have any Jamf or MDM data after I erased the disk. How could this Mac know it needs to re-install Jamf or MPM back?

    J
    Forum|alt.badge.img+21
    • jcarr
    • Valued Contributor
    • October 21, 2023

    @AJPinto 

    I am curious about the process. I already erased the disk. Mac asks me to connect to the Internet to activate it. I assume Mac doesn’t have any Jamf or MDM data after I erased the disk. How could this Mac know it needs to re-install Jamf or MPM back?


    @joejoe if the device is configured for Automated Device Enrollment,it will re-enroll with your MDM during Setup Assistant after being erased.

    Terms & ConditionsCookie settingsAccessibility statement