Jamf Nation Community

TeaK · ‎03-25-2025

Hello,

We're working to put together new device personas (engineering, creative, etc), and all have been going well, except for our "lab" devices. Basically, they want a clean macOS device to use for testing, but it should still be enrolled in Jamf for asset tracking purchases.

All the other devices, I've just added a trigger after enrollment for special_installs, and scoped/limited them by appropriate AD group. But for the clean devices, I need them to stop the normal enrollment process entirely. No config profiles (outside of the jamf required ones) and no software installed.

I'd normally add them to an exclusion group, but I can't think of a way to do that automagically prior to enrollment...

BGhilardi · ‎03-25-2025

Perhaps by simply making a second Service for the lab computers which will allow them to be reset at will or by using SetupManager and setting configurations based on user entry.

BGhilardi · ‎03-25-2025

Second Prestage, sorry.

dsavageED · ‎03-26-2025

Conceptually having an unmanaged device, in device management doesn't work... I think there is a danger in not defining a reasonable usecase. Why does the device need to be "clean", for the most part, minimal base config/application install will not interact with application development, especially as the application should have sandboxing.

TeaK · ‎03-26-2025

It's not for development, it's for virus lab testing.

also base application install uses M$oft licenses that we otherwise wouldn't need.

PaulHazelden · ‎03-26-2025

Make a smart group, use the Serial number as the criteria. Use that group as your exclusion group.

Serial numbers for me are listed on the paperwork when we purchase, in Apple School Manager, as well as on the box. And for existing devices it will be on a plate somewhere under the Mac.

Jamf Nation Community

clean unmanaged device personas