Posted on 10-05-2022 07:45 AM
We're trying to setup an ipad to use to track some airtags but we can't add them. We get "Cannot set up AirTag. Your device management settings do not support AirTag pairing on this iPad."
We have no restrictions in JAMF for this yet sure enough if you look at the profiles there's one that says "Devices tab in Find My app is disabled" but we don't have any restriction for that turned on.
If we wipe it and remove it from our enrollments it works fine but then we're not managing it.
Solved! Go to Solution.
Posted on 10-05-2022 02:13 PM
Check the 'Profiles' section of the inventory for that device to see which profiles are installed. Then check each profile for a Restrictions payload. You may have multiple profiles with the same payload and the most restrictive wins, so if you have one that says 'Allow,' another that is set to 'Restrict' will be enforced.
Posted on 10-05-2022 02:13 PM
Check the 'Profiles' section of the inventory for that device to see which profiles are installed. Then check each profile for a Restrictions payload. You may have multiple profiles with the same payload and the most restrictive wins, so if you have one that says 'Allow,' another that is set to 'Restrict' will be enforced.
10-06-2022 04:48 AM - edited 10-06-2022 04:49 AM
Unfortunately I've already checked all that. We do have one profile for restricting Find My but it does not apply to the ipad we're attempting to set up. In jamf that particular ipad is getting the below profiles. I've triple checked each one to make sure there isn't an errant restriction in one but they do exactly what they're supposed to do. I suppose at this point I ca just try disabling one at a time and wiping the ipad a few times to see if one of them is the cause even without showing the Restriction.
-----
Check your Wifi connection! (Web Clip to a connection check page. |
Connect to (actual wifi) |
Delay iOS Updates |
Disable MAC Randomization for (more wifi) |
Disable MAC Randomization for (for yet another wifi) |
Disable MAC Randomization for (for other wifi) |
Disable MAC Randomization for (our wifi) |
Enforce Auto Date/Time |
Enforce Passcode |
Posted on 10-06-2022 07:28 AM
Just made a fresh enrollment to test with. Zero configurations pushed to it. The Enrollment itself has nothing checked except for Allow Pairing since I assume that may be necessary.
It still has a Restriction listed under MDM profile on the ipad for "Devices tab in Find My app is disabled."
Posted on 10-06-2022 07:33 AM
That is odd. If you have no restriction payloads in scope, but a restriction payload on the device, you may need to submit a ticket to Jamf to investigate.
Posted on 10-06-2022 08:14 AM
Think I got it. I deleted it from the JAMF Inventory and set it back up. It still pulled the wrong profile but redid its entry in JAMF. I let it sit for a few minutes while I stewed. Wiped it one more time and removed/readded the ipad from the Disable Find My exclusion. This time it worked. For whatever reason JAMF was just holding on to this thing for dear life.
Posted on 03-21-2023 12:49 PM
I know this is old post, but I'm curious about your airtag setup. Did you create apple managed IDs? Any other "gotchas" you encountered setting up? It's been a year since i last looked at this, so any info you can provide and how you used jamf to help would be good? Did you reach the 16 device limit, and how did you handle that?
I'm also curious about you're webclip connection page. That sounds like a good idea. I did something similar to show external IP when I was troubleshooting an issue, but I'm curious what info you are displaying in your webclip or how you achieved that. Thanks in advance for any insights you provide!
Posted on 03-21-2023 01:07 PM
Once I got past the "JAMF kept disabling Find My" thing the airtag setup was pretty straight forward. I know it's not necessarily best practices but we don't use managed apple ids. We found them obnoxious for the amount we'd need.
In this instance we just created a generic email distribution list and the Library tech contact created an Apple ID with it. We only have 2 airtags so we haven't hit a limit. Wasn't even aware there was one! If we do ever hit it I imagine we'd just create a second Apple ID.
For the webclip, we use SafeConnect as our NAC. We just created a simple webpage that redirects to the page that forces login just in case they don't automatically get redirected. It was way easier to tell people to check their home screen for "wifi check" and tap that instead of "open up a browser. Any browser. No that's not a browser. Now type at the top--not the search box in the middle. The very top....." you get the point. Made the icon for it our logo and easy peasy on campus connection check. Now that you've got me thinking about it I may create another webclip for "Off campus wifi Connection check" or some such and redirect to fast.com or some such. Quick and dirty way to make sure they're actually online.