Best practice for fixing MDM-Enabled User for user level configuration profile

MehdiYawari
New Contributor III

Hi Jamf nation

For user level configuration profile to get applied, is required that the account is MDM-enabled User.

We no longer bind our Macs to the active directory, instead we use local admin account with Apple SSO Extension for the connectivity to the AD.

Using ADCS, we were able to deploy certificates in computer-level configuration profile and everything works smooth and flawlessly.

As most of our users still have incorrect MDM-Capable user, is a reenrollment to fix this issue not an option for us.
Did someone find any solution for fixing the MDM-Capable user?
Any other ideas to fix this without reenrolling the device?

1 REPLY 1

jtrant
Valued Contributor

I don't think a user account needs to be MDM Capable, but user-level MDM profiles are only applied at recon. Have you tried updating Jamf inventory for the device in question?

You are correct, users need to be MDM Capable (MDM-enabled).