We have a user who while setting up his personal mac Mini device, was given the option to restore backup that was from his corporate managed macbook. This enrolled his personal device in JAMF, and while I know that we can just delete it, I was wondering if there was a way for us to identify other possible machines in our JAMF that may be from a similar circumstance.
Well, first off is why did your org allow a user to use and enroll their personal computer to Jamf? I don't how org is structured in regards to policies but I wouldn't allow any user to use their personal computer for work and especially enrolling it to Jamf. Users should never be given the option to use their personal computer. But, back to your question. Since the only way to enroll a mac that is not enrolled via prestage is through user-initiated enrollment. I would create a smart group with the criteria of macs that were enrolled user-initiated. Then once those macs are in that smart group. You can probably either view the history to get all the serial numbers and compare them to your list of assigned macs to your Jamf or ABM. So, whatever isn't assigned to your Jamf, investigate further with the user.
If they have user initiated enrollment enabled there is not really anything you can do to restrict the users to have access to enroll devices from enrolling anything they want.
We typically have FileVault disabled for many reasons. Its a consumer feature not an enterprise feature, there are too many data security loopholes with it. I would love for Apple to implement something like VSS, but that will be a cold day in you know where.
When I was managing Macs in K-12, we'd every now and then have a graduating Senior take their Time Machine backup drive and use the Restore option to essentially clone their Time Machine backup to their personally-owned machine. This, of course, kept the enrollment in place and their personally-owned Mac would show up in our Jamf Pro. As a "fix" for this, we published instructions to use Migration Assistant to migrate a user profile only, and directed the users to NOT do a Time Machine restore. And then, later one, we began configuring Time Machine to backup only the user profile and not the whole machine. And then, eventually, we stopped issuing Time Machine drives and had users backing up with Backup & Sync from Google.
So, how can you find personally-owned Macs in your Jamf? A few things come to mind:
- watch for the enrollment date. Sometimes, depending on your Jamf version and the OS version, a Mac may be in your Jamf but not actually be enrolled because the UUID changed and Jamf started using UUIDs instead of serial numbers as the unique identifier. I don't recall when this occurred. So, you might be able to look for enrolled, but not managed machines. Or enrolled, and managed, but not Supervised.
- Do you have a naming syntax for your computer name and/or user names? If so, you might be able to create a Smart group to look for machines/user names that don't match.
- Is your Jamf Pro pointing to an identify provider? Like LDAP to AD? You might be able to look for users that have more than one machine assigned to them.