company deployed many Macs before creating a DEP association - how to resolve

New Contributor II

so the company Im currently assisting, deployed many Mac computers before they figured out they could manage these Macs even better using DEP. The problem is their MDM is showing "this device is not DEP enrolled" and they cannot update their Big Sur OS's to the next dot release. Apple is now warning that 11.5.1 contains some key patches as you may be aware.

Yes, I know this is a JAMF forum, but Im a big fan of JAMF, and promise I will push JAMF in place of their existing paltry solution. 

How does the company unwind from their current predicament - inability to upgrade to the next OS because their machines are MDM managed, but not DEP enrolled? 

Thanks for any time spent on this! 



Valued Contributor

Make sure the Macs all get put into DEP, then get the DEP pointed to the MDM. Then run a re-enrol on each one. This should get them DEP enrolled. If there is a command line access in your MDM then try and build a way of using that to do the heavy lifting.

I can't think of an easier way to do it, and yes it might mean having to manually access each and every one.

If the Users who have them are allowed to enrol devices, you can get them to do it for you.

thanks! Does the re-enroll run from DEP or did you mean from the MDM?

MDM re enroll. Once the MDM and DEP are paired up, re enrolling the devices will then take the DEP registration into account. Most MDM solutions I have seen have some way to re-enroll a device. 

If you do an re-enroll without wiping, I don't think the devices will supervised.

New Contributor III

@niteboater - I had some computers that I post enrolled into DEP after they were set up and I ran the "Enrolling a Computer via Automated Device Enrollment Post Setup Assistant"