Help

Best practice for enrolling iOS devices without wiping them

jlococo
New Contributor II

Posted on ‎08-14-2019 11:51 AM

This should be pretty simple, but just curious if this is the best method for enrolling our user's company issued phones without having to wipe them.

All phones are in DEP through ASM, but not enrolled in jamf.
From what I can see the solution would be to use enrollment invitations to have the devices enrolled, without affecting current apps, and functionality
We would also like to have all the phones in jamf to be renamed to the serial # of the device.

Is there another method we can use besides enrollment invitations that won't wipe or reset the devices and then how can we have them renamed to the serial? We probably don't want users having the ability to enroll the devices themselves, and would also like to not allow them to remove the MDM profile.

Thanks for the help

Labels:
0 Kudos
2 REPLIES 2

Look
Valued Contributor III

Posted on ‎08-14-2019 04:38 PM

You could enable the enrollment webpage in JAMF, they will need credentials of some type to enroll, it works pretty well, but it does require some process on the local device, we used to use this on devices that weren't in DEP for whatever reason before Apple allowed you to add them at a later date.
Unless something has changed, manually enrolled devices (no matter the method) bestow slightly less rights to the JSS compared to those enrolled during setup, it's still useful, just something to be aware of as some functions aren't available so enrollment during DEP/Setup is better.

0 Kudos

cdenesha
Valued Contributor II

Posted on ‎08-15-2019 05:04 AM

Also remember that a manually enrolled device can always have the MDM Profile removed. DEP is better in this way as it doesn't allow this.