Help

Loaner Mac Best Practice?

Phinull_Girl
New Contributor

Posted on ‎12-08-2023 11:14 AM

I have a small collection of loaner Macs that I need to give to staff, sometimes for a day, sometimes for a few weeks.

My current process had been to issue a 'Wipe' command through Jamf. I am wondering, hoping if there's a better and quicker solution. I've read some people say that you could delete the user and their home directory. Would that be suitable?

Basically, I just want a way to wipe their data and account without having to re-enroll the device in Jamf over and over. We do use Jamf Connect for our SSO.

0 Kudos
6 REPLIES 6

andrew_nicholas
Valued Contributor

‎12-08-2023 11:22 AM - edited ‎12-08-2023 11:25 AM

We standardize on models so that there is no loaning, just an outright replacement while the other device is serviced/disposed/etc.

This is where the use of zero touch setup with ABM and DEP comes into play. Get a device back, wipe it, possibly delete the record from Jamf depending on best practice, and then let the next user setup clean when necessary. 

0 Kudos

Phinull_Girl
New Contributor
In response to andrew_nicholas

Posted on ‎12-08-2023 11:35 AM

This won't be acceptable for our use.

0 Kudos

AJPinto
Honored Contributor II

‎12-08-2023 12:18 PM - edited ‎12-08-2023 12:19 PM

We maintain standards, and only allow 3 Mac configurations. In most cases device A is swapped for device B and life moves on. In the event a loaner is needed, our support team usually deploys an old device that is already in queue for disposal. So it does not matter if the device is returned quickly. 

 

As far as provisioning a loaner device, it's provisioned just like any other device. The OS is reinstalled between users. As we age out intel devices, the erase all contents and settings MDM command is making device repovisioning really quick with Apple Silicon Macs.

  • Support sends the command, the device is wiped within about 10 seconds. 
  • Device gets access to a network to clear recovery activation (personally I feel this step is stupid and apple should remove it)
  • Device activates macOS, hits our prestige and the next user authenticates and enrolls the Mac
  • JAMF Connect and the rest of the config drop, and the user logs in.

The entire process of configuring the device takes about 10-15 minutes, and enrollment is done by the user.

sdagley
Esteemed Contributor II
In response to AJPinto

‎12-08-2023 12:27 PM - edited ‎12-08-2023 12:27 PM

I'll 2nd @AJPinto 's recommendation, a loaner Mac should be deployed just like a regular Mac.

@Phinull_Girl  As for the most effective mechanism for erasing a Mac, if it's an Apple Silicon device and you're not using DFU restore to wipe and re-install the latest macOS do yourself a favor and take look at https://mrmacintosh.com/restore-macos-firmware-on-an-apple-silicon-mac-boot-to-dfu-mode/

Phinull_Girl
New Contributor
In response to AJPinto

Posted on ‎12-08-2023 01:18 PM

This is where my issue lies. Between the time I wipe the machine and the time I hand it off. That means it's sitting unmanaged waiting for the next user. This plays havoc with the statistics I watch. I want to be able to wipe the previous user and their content WITHOUT removing and reinstalling the MDM.

0 Kudos

sdagley
Esteemed Contributor II
In response to Phinull_Girl

Posted on ‎12-08-2023 08:27 PM

What statistics are you watching? For my org any Mac that isn't actively deployed is removed from Jamf Pro (it's a Management, not an Inventory, system) so that it doesn't skew reports of Macs that are overdue for check in or have out of date software.

0 Kudos