I am looking for any insight or direction to block users from wiping their computers. Currently we have a department that likes to take it upon themselves to wipe their computers and start fresh whenever they run into a problem which results in JAMF being removed and no longer reports back. I've blocked Disc Utility through Restricted Software but realize this is not the solution.
Any help with knowing how to block them from doing a net boot or recovery would be greatly appreciated. Thanks for any help
You will want to enforce an EFI password on the machine! This is done via a policy and is best scoped out to hit the machine just after it is enrolled into your Jamf instance for the first time.
That way when the users decide to be a major PITA, they wont be able to boot into Internet Recovery or a bootable USB drive without knowing the password.
Then they have to come to you, probably looking very sheepish at having to explain why they can't use their machine.....