Jamf Nation Community

@RBlount Thanks for your response.
Users won't be able unlock unless we share remote login PIN with them. You are right once they are able to login then they can boot, login, and unlock the FV2 encryption therefore this might not be a good option.
We want to lock a personal computer to give a warning so that users should only use devices provided by company.

My goal is to protect company data in case device is stolen or lost and at the same find a solution/process that stops users to enroll personal devices.

That totally makes sense to me. For break/fix scenarios we are allowing users (who have MacBook assigned to them) to re-enroll devices which I believe is a loophole.

DEP was configured and is currently working without any issue. We have devices in multiple countries. Some regions still waiting for suppliers to onboard existing purchased devices. Will provide feedback to my team on this.

I would like to thank you for taking a time to reply and provide some guidance on this. Have a great day!

If we've lost the PIN (device was removed from Jamf because we'd put it in our recycle pile) how can we get it unlocked. I've contacted AppleCare Enterprise Support thinking it was an activation lock... but they say the Activation Lock isn't enabled on the machine.

@cwaldrip, JAMF support should be able to get device PIN for you if it was pushed using JAMF. We had similar situation, then we figured out the log flushing was set to 1 week which we changed to 6 months. This will keep management command history for 6 months.

@yadwinder.devgan do you think they can recover it if the machine is no longer in our Jamf? Once it goes on the recycle pile we delete it... :-

@cwaldrip This is a tricky one. I would lodge a ticket with JAMF to get an answer for this.