Help

Stop all Macs below a certain OS level from enrolling into Jamf

user-MygFNHEclO
New Contributor III

Posted on ‎04-06-2022 07:22 AM

Hi,
Is there a way to stop all Macs (zero touch and user initiated) below a certain OS level (eg, all os's below Catalina) from enrolling into Jamf in the first place?
Thanks.

0 Kudos
2 REPLIES 2

Jalves
Contributor

Posted on ‎04-06-2022 07:44 AM

I'm pretty sure the prestage enrollment portion of jamf that is enrolling your devices after they have been added to dep is going to be a static group that cannot be modified with criteria like OS version. I think if these devices are undesirably auto enrolling, you might need to manually remove those devices from the prestage enrollment or from DEP all together if you are not planning on re-deploying them.

0 Kudos

scottlep
Contributor II

Posted on ‎04-06-2022 11:01 AM

There is no way to block a certain version like you can with some other MDM solutions. What we have done is edited the manual enrollment screen with a warning and also created a Smart Group for older OSes that we don't want used with an enrollment after XXX date and use that for an exclusion for all policies and profiles, so that way they can enroll the older OS, but will get nothing. Then we also have a single policy that is scoped to that same smart group that gets a recurring JamfHelper message that notifies the user that they enrolled a non-approved OS version and the device must be wiped, upgraded and re-enrolled. We also have an email notification set for the mentioned Smart Group so when someone enrolls a Mac that falls into the group we get notified and can act accordingly.

 

Screen Shot 2022-04-06 at 1.53.40 PM.png

 

Screen Shot 2022-04-06 at 1.56.11 PM.png

 

Screen Shot 2022-04-06 at 1.58.31 PM.png