Touch ID login - Disabled and now we want to enable it

So the goal is to enable Touch ID, yes? If your configuration profile is targeted to just disable Touch ID, then just remove the profile from the Mac by removing it from scope in Jamf. Once the profile is removed, then your users can enable Touch ID for unlocking the Mac in System Preferences (or you can create a policy using bioutil to enable this for your users).

If your Touch ID setting is bundled as part of a larger profile with additional security settings, then you should consider splitting apart that profile so that all of your other preferred settings remain, with just Touch ID removed.

From your description I'm not sure why you would re-install the profile after you run bioutil because if disabling Touch ID is part of the profile, it will just disable it again if you reinstall that same profile on your Macs.

I just used the “Restriction” policy in Configuration profile where there is one Allow touch id for login.

I actually have made more profiles with different settings adjustet to different Scope.

So even one config profile has not checked allow Touch id then if another config profile has is allowed which one of Them Will “win”
If some users are in scope for both config profiles

Sorry hijacking the thread a bit

@jameson The more restrictive setting will always "win." So if you have 1 profile with it allowed, and another set to disable, it will be disabled.

Actually that is a good question Jameson

In configuration profiles under the restriction payload I have different settings for different user scope. Is it possible to make a custom config profile for each setting inside the restriction, so I don´t have to use the restriction at all but instead use my own default settings