DEP workflow

Good day,

In the JSS, go to Computers, then select PreStage Imaging

You will find everything you need in there.

You can then scope this via Serial Number, Mac Address or Network segment.

cheers!

How far along are you with DEP? Have you got it setup at deploy.apple.com?

Of course, you need to enroll them as per @Retrac

We have Apple DEP in place with some test machines. Also the connection with Jamf Pro is working. We created a pre-stage enrollment but there is no Jamf Binary installed on the computer.

Do you have user-initiated enrollment enabled? and then in the pre-stage account settings a management account configued to match?

I have entered details about a management account in the user-initiated section AND in the pre stage enrollment section but the machines should not be enrolled by the user-initiated url but automatically when started for the first time.

Should the binary be installed automatically or do I have to do some extra configuration for this to happen somewhere?

What OS version is the iMac running? I have seen what you are describing with DEP on 10.11. The machine would remain unmanaged in JAMF unless it was logged into.

What version of the JSS are you running? 9.101 has a product issue that can prevent the jamf binary if the Accounts payload is configured in a prestage.

[PI-003771] When the Account Settings payload is configured for a computer PreStage enrollment, the MDM profile is installed on the computer, but the jamf binary may not install due to a timeout.

This seems to be fixed in 10, but it was extremely frustrating in 9.101.

I think you need to create a smart group. The prestage enrollment only gets you so far. I have a Smart Computer Group that has the criteria "Enrollment Method: Prestage enrollment is DEPname." Then I have a policy scoped to that Smart Group that installs all software packages, scripts, printers, dock items, and menu items. The policy is triggered by enrollmentComplete.

I assumed the binary was installed with DEP Prestage enrollment but if that is not the case, I will create a smartgroup with prestage enrollment is DEPname and target a policy to this group to install the binary.

BTW, from watching this JNUC 2017 session @ 4:15 there is no mention about getting the binary on the machine with some policy or whatso ever. Or am I missing something here? [https://www.youtube.com/watch?v=vrYXgoOwbtw](link URL)

I have been having major issues testing DEP and prestage enrollments. The binary should enroll during the PSE. In my testing it works less than half the time. You know it isn’t going to work when you don’t get the “Configuration Available”, “This Mac will be configured by “XXXXXX” screen, which means that the computer has/hasn’t been recognized as being in DEP. At that point if you look at the scope of the PSE it shows as complete for that computer even though nothing has happened and the entire DEP/PSE process has failed. I have a case open with JAMF support. I have had the same failures with v9.101 and v10.0.0. Not sure if this is an Apple DEP problem, a JAMF problem, or a combination of both.

Could it perhaps be due to the need for a valid signed certificate for the binary?

My issues are sporadic. Sometimes I can get DEP to work, other times I cannot. Tested it this morning and the JSS crashed. Send the crash logs to Jamf in the case I already have open.