Jamf Nation Community

I see it states there is a limitation that you can't push config profiles.  We'd need to push PPPC profiles...any guidance around that?

The profiles piece depends on how you build and enroll the device. If you build a custom, pre-enrolled base image, you cannot push profiles. If you leverage either manual enrollment or Amazon's Event Bridge automation to enroll the EC2 Mac, you will have full profile capabilities.

We did some round abouts with Mac Stadium last year which is a similar platform to EC2. We ultimately decided to stick with our own datacenter hosted mac solution internally. 

DEP is off the table, so anything that requires DEP like using MDM commands to issue Software Updates will not work. You are stuck with users installing Software Updates manually. Once the device has been provisioned, IT would need to connect to the device and manually enroll with Device Enrollment, then manually trigger your configuration (or let recurring checkin handle it). Once the device is configured give the user access to it. Since you cannot enroll to MDM with CLI or PKG anymore, this enrollment part is manual. In theory you could have the user enroll their device, but who trusts users...

Again, my experience is with Mac Stadium and a bit old. I would not be shocked if Amazon has some obtuse workaround that apple will break without warning.

I am working on a similar issue/setup. I have been able to get our AWS EC2 instances enrolled using our enrollment link, and it does appear to pull down and install at least some of the enrollment items (installs Jamf Connect, Microsoft Defender, access to our self-service store, etc) but does not appear to pull down any of the scoped configuration profiles. I can log into Jamf Pro and download/install the configurations manually, but that sort of dulls some of the shiny benefits and purposes of the enrollment process.

So, in Jamf Pro, I can see the instances in our device inventory and they appear to be regularly checking in just fine, so it's not that there isn't a line of communication between them and Jamf. I can see their "Last Enrollment" date and they show as "Managed by JAMFadmin" (though not supervised). Even though I can see the MDM profile on the instance (complete with its 2-year expiration date) and a number of other Jamf profiles, in Jamf Pro they show as "MDM Capability: No" which is, I assume, why it isn't pulling down the scoped profiles. It sounds like trying to orchestrate an auto-enrollment via Amazon EventBridge isn't going to help me out either? I'd love to be able send these instances through some sort of enrollment and have them mostly configured through those hoops rather than needing to do the bulk of the work manually. Am I correctly understanding here we are just out of luck given the current state of things? Or is this something worth trying to drag Jamf Support technicians into via ticket?