Jamf Nation Community

Thanks! We don't use DEP, and I have ONLY ever done QuickAdd.

I assume I start here? https://docs.jamf.com/10.25.0/jamf-pro/administrator-guide/User-Initiated_Enrollment_for_Computers.html

Also, I assume the user will have to be an admin on the machine to do this?

@mikemangino Yes. The last time I did a UIE it prompted for admin creds. I assume you must have a small install base if you were using the QuickAdd to enroll and don't use DEP/ADE?

@mikemangino Is there a reason you're not using DEP/ADE? It's pretty clear that Apple is moving to a model where managing Macs will necessitate they be in ASM/ABM and enrolled with an MDM.

We have a support case in with Jamf for this. Case #: JAMF-2100576

Even enrolling via Jamf Remote we have this issue.

For our computers with Big Sur installed, no Configuration Profiles are installing. All Configuration Profiles are in a Pending state.
From Terminal:
profiles status
There are no configuration profiles installed on this system

Also on opening Self-Service.app there is a request to Approve the MDM Profile, this happens on each launch of the app. If the request box is clicked, opens System Preferences/Profiles which is showing no profiles.

Big Sur has completely change the way profiles can be interacted with
If you are not using ADE (including Auto Advance and Apple Configurator) then UIE is the only other supported method by Apple for macOS 11 Big Sur currently.
i.e. https://yourjamfserver.com/enrol
Normally all other methods will use a profiles command in the background at some point which is no longer allow to run un-inactive or without the direct input from the enduser

This article outlines why Apple has stopped this method
https://www.zdnet.com/article/new-apple-macos-big-sur-feature-to-hamper-adware-operations/

Here is a slide from a Apple Big Sur deep drive presentation - the first point is the killer for older methods of enrolment into MDM for Big Sur

If you still wish to use the old methods then they must be enrolled when still running macOS Catalina (or earlier) and then upgraded to macOS Big Sur post enrolment

I'm sure some clever developer may possibly find a way around this, but also I'm sure Apple will shut that door soon after like they have done with Imagining and you will end up swimming against the tide of change.

Saying that, I'm finding the new UIE process is a worse user experience in Big Sur than in Catalina
Previously once the profile was downloaded it installed and brought up the System Profiles - Profiles presence right up front for the user to approve the MDM profile.
Now is Big Sur it installs it (but doesn't activate) and just shows a small notification banner in the top right corner (which Is very easily missed by a user) that they have to open System Profiles - Profiles and manually activate

@mikemangino Yes. The end-user must be an admin and should be the holder of the secure token. At least for this specific process. It's super easy though and will likely save you the hassle of having to install the quickadd.pkg each time. You just log into the enrollment site and install the profiles. If these are company-owned, check out DEP. It makes this much simpler.

@sdagley Plenty of us still have older purchases that weren't put into ASM/ABM. I only ever got on the old Apple Deployment Program in 2018, so with, generally, a 4 year lifecycle on any given machine, only about half my fleet has been "converted" over.

@wmehilos The potential for it working varies from vendor to vendor, but you should be able to ask that your purchases made prior to joining the DEP program in 2018 be added to your ASM account.

@garybidwell We think our main issue is that we do not see the MDM Profile to to Approve it. Just comes back with a blank Profile Preference dialog box. See screenshot.

.

Ugh, UIE can't be used with the local users in Jamf, you HAVE to connect back to LDAP? This is deeply suboptimal.

BigSur 11.3. | Jamf disabled profiles, as part of sec polices, but the installation failed; and I cannot reinstall Self Service, is there a way to re-enable Profiles? currently is grayed out. Thank you

Hello all has any one figured out how to use UIE successfully? Please give specific configuration adjustments or pics. Please do not right "it's super easy" We know quick add does not work. Steps please. TY