I stumbled across an issue in JSS 9.101 that causes (at least) configuration profiles to be pulled off of devices when they become part of a Smart Mobile Device Group. At the next inventory update, the profiles go back on - UNLESS one of the profiles that got pulled off was a WiFi payload, in which case communication with the JSS would need to be restored manually. I found this out earlier today; the support tech I was working with said they became aware of the product issue a couple of days ago. I suggested they get this info out there to let people know.
We started getting complaints after I created a new smart mobile device group this morning and a lot of users were added to it, at which point restrictions came off, as well as their email accounts. After speaking with jamf, the workaround at this time is to delete all smart mobile device groups and wait to re-create them until the next update they roll out that should resolve this. After cleaning out our list of smart mobile device groups, we waited 5 minutes and sent an update inventory command to all devices; then restrictions were replaced, as well as email accounts. Users did have to sign back in, it of course didn't remember credentials.
We are seeing this on 9.100 as well. Also occurs with Static Groups.
This is a major problem when all of your restrictions for Student Devices get removed so that they have a free-for-all until the next check in.
We've had a support ticket open: JAMF-0404269 since September 13 if you want to reference it.
This is one of many reasons we are looking to switch MDMs as we are tired of all of the bugs associated with running JAMF in our K12 environment.
We are also seeing this in 9.101 (we skipped 9.100) and have had a case open since September 25 (JAMF-0408768). I have only heard back that it is a known product issue, impacting many customers, but Support Guy didn't know if the fix would be issued as a hotfix to 9.X or included in the illusive Jamf Pro 10.
I can say that this isn't my first product issue but in the past my "Buddy" would have stayed in constant contact with me about a disruptive issue like this. The only way I get any updates is to call in and ask...
Current workaround documented:
Use device based only scoping for critical Configuration Profiles
and then I got some automated response: " We’re ready to move this case towards a resolution for the issue at hand, but just need a reply to the most recent correspondence in order to take the next steps."
At least while Casper isn't working like it should, it's giving me time to evaluate Mosyle and Zuludesk.
I haven't heard anything back on this yet. I basically deleted Smart Mobile Device Groups except for the ones that I still need to get immediate notification emails re: membership changes. Those are the ones where hosers do something they shouldn't and I'm locking their device down with lost mode to force them up to the tech office, so I don't care if they have to re-enter their email password after the fact because I'm about to take a whole bunch of other stuff away regardless. As a workaround I'm just using Advanced Searches, but not getting email notifications on some of them and having to go and look for it is a pain in the ass.
They mark it as a product issue; I don't see it under my open cases, but I never got a closed case followup requesting feedback. I surmise it's in some kind of weird cold case limbo where nobody has too look at it or acknowledge it anymore. And then we just move on with our lives I guess.
Thanks for reviving this thread - I had lost my rage over the situation but this brought me right back to where I should be.
How are Mosyle and Zuludesk looking for you? 😉