- Jamf Nation Community
- Products
- Jamf Pro
- Re: Best Practice to Managing Multiple Locations?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-05-2023 04:54 PM
Hello All,
I'm still learning JAMF so I apologize if this is a basic question, but I would like some help with figuring out the best practice in order to manage multiple locations on Jamf Pro. My IT team is in charge of taking care of users in California along with users in England and I am trying to find out what is the best practice in order to do so. For example, people in England might need to have access to different applications, or if we needed to modify our Zero Touch Deployment for them, we would like to keep it separate from our California side.
I have looked into using Sites that is offered within Jamf Pro, but I hear that this is not the best way to go about this.
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-06-2023 07:09 AM
Never apologize for a question you ask because the question you ask, however basic it may seem, might be the same question someone else is afraid to ask! Plus, we all started out new at one time or another.
Finding a way to identify what country a device is in is key here. That can be via the user that's assigned to the device or it can be via an Extension Attribute that you use, but once you have that information in the computer record in Jamf you can then use Smart Groups to collect devices into the proper "containers". From there you can use those Smart Groups to scope configuration profiles, policies, applications, etc. The Extension Attribute way could be as simple as a pop-up EA that allows you to choose the country, either on the computer record in Jamf Pro or via the API if you're so inclined. You can also write to a file on the device to store that information (along with anything else you want) and read it back into an Extension Attribute. The point being, get the country (or however you want to identify where a device belongs) into Jamf Pro and use that to create your groups.
For your Zero Touch deployment, you can have multiple PreStage configurations. While it is a manual process to move devices between the PreStage configurations, you can use two different PreStage configurations to have a device go through the proper Zero Touch deployment. You can then use a Smart Group looking at "Enrollment Method: PreStage enrollment" to gather devices based on what PreStage they ran. This can then be used to scope a specific "Enrollment Complete" policy/workflow for those devices.
Sites can be useful, but they are really for situations where you need to control what a Jamf Pro admin has access to in the console, not for scoping situations. So if your IT team needs to have access to all devices, leave it without using Sites. If your IT team is broken into a California team and an England team, and the two teams should not have access to effect change on the other's devices, then you should look at Sites.
Previously I had a team managing devices across the globe and we utilized a plist file stored on the device to store country, along with other information, and would use an Extension Attribute (using the defaults command) to read in that info.
Reply
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-06-2023 07:09 AM
Never apologize for a question you ask because the question you ask, however basic it may seem, might be the same question someone else is afraid to ask! Plus, we all started out new at one time or another.
Finding a way to identify what country a device is in is key here. That can be via the user that's assigned to the device or it can be via an Extension Attribute that you use, but once you have that information in the computer record in Jamf you can then use Smart Groups to collect devices into the proper "containers". From there you can use those Smart Groups to scope configuration profiles, policies, applications, etc. The Extension Attribute way could be as simple as a pop-up EA that allows you to choose the country, either on the computer record in Jamf Pro or via the API if you're so inclined. You can also write to a file on the device to store that information (along with anything else you want) and read it back into an Extension Attribute. The point being, get the country (or however you want to identify where a device belongs) into Jamf Pro and use that to create your groups.
For your Zero Touch deployment, you can have multiple PreStage configurations. While it is a manual process to move devices between the PreStage configurations, you can use two different PreStage configurations to have a device go through the proper Zero Touch deployment. You can then use a Smart Group looking at "Enrollment Method: PreStage enrollment" to gather devices based on what PreStage they ran. This can then be used to scope a specific "Enrollment Complete" policy/workflow for those devices.
Sites can be useful, but they are really for situations where you need to control what a Jamf Pro admin has access to in the console, not for scoping situations. So if your IT team needs to have access to all devices, leave it without using Sites. If your IT team is broken into a California team and an England team, and the two teams should not have access to effect change on the other's devices, then you should look at Sites.
Previously I had a team managing devices across the globe and we utilized a plist file stored on the device to store country, along with other information, and would use an Extension Attribute (using the defaults command) to read in that info.
Reply
