Departments getting removed from Mobile Devices

karthikeyan_mac
Valued Contributor

We are noticing the Departments in User and Location inventory getting removed automatically for Mobile Devices. We manually update the Department in User and Location but it gets removed as soon as the device updates inventory. 

We are not noticing this in Computers. 

Thanks.

 

12 REPLIES 12

mainelysteve
Valued Contributor II

If you have "Collect user and location information from LDAP" selected under Device Management > Inventory Collection in Settings that will change any manually updated user or location data. Computer inventory collection has a separate settings pane so that's why you're seeing this on Mobile Devices and not on Computers.

Thank you @mainelysteve I will check disabling it but we do have the "Collect user and location information from LDAP" enabled for both computers and mobile devices. We are noticing this only in mobile devices.

The departments you've changed on the Macs are the same as the ones the mobile devices were changed to?  Also just to clarify that the spelling of the departments is the same in both Jamf Pro and your directory service?

karthikeyan_mac
Valued Contributor

Thank you @mainelysteve Disabling the option for Mobile Devices did not remove the department.

Yes the department I am changing are same for Mobile and Computers. We do not have department populated our directory services currently. 

I think this is a bug for mobile devices.

MikePh
New Contributor III
New Contributor III

Do we have anything in Settings -> Global Management -> Inventory Preload? That information would override other changes as it is viewed as the source of truth. 

We do have few devices there but affecting all the devices which are not part of preload as well. Anyway, disabled the "Collect user and location information from LDAP" selected under Device Management > Inventory Collection.

Long term you need to mirror your departments you have in Jamf Pro in your directory service. 

djs9812
New Contributor III

We are seeing the same issues here.  I have also experienced the ipads removing the serial number as well.  

MarkPinfold
New Contributor II

Had the same problem and figured it out.
I found that its the mapping from Cloud Identity Providers. We linked to Entra ID as we dont have LDAP (As onboarding suggests) and mapped DepartmentID to department. Makes solid sense. In theory.
Howeverrrrr..... In Entra, we dont use this field. So whenever the devices checked in, it would appear they were reapplying the blank field from Entra over the mapped equivalent field in Jamf.
Shouldnt be a big deal, except its a huge deal because I scope most apps and config profiles via department, but at least I figured it out. Its a total user derp, but also not the best handled onboarding guides from Jamf tbh. (Ok mostly... mostly user derp)
TLDR; Head over to Settings > System > Cloud Identity Provieders > [Your Connection] and delete the content in the Department (Or Building or whatever mapped field is causing your issue).

This helps tons, thanks! In my case, though, the problem was that the department was mistyped in Jamf so every time we manually added users to the department, it was getting wiped out with every sync. Users were like, "I just had this app yesterday and now it's gone – WTF" lol. Now I'm hoping at the next sync, users in that department specifically are fixed in Jamf. Wish there was a way to force a sync.

Cheers!

Glad it helped! We had the exact same user feedback.

IT: "All is well, here is your device, sign off youre confirmed as happy"

User: "Its all gone! You said this MDM voodoo was going to be helpful!"

Well. Its more helpful than running 60 phones and 30 Apple TVs off a spreadsheet and managing individual login credentials at the physical device, ironically over the phone. But once the wrinkles get found, theyre into it. I did read a document somewhere that said most Jamf Administrator issues are due to trying to overcook things too soon in the roll-out piece. Definitely guilty of that one.

9/10 issues so far with my experience have been Admin user derp. Im glad this community provides a central resource for common user derps that we can help each other with :P

Glad it helped! We had the exact same user feedback.

IT: "All is well, here is your device, sign off youre confirmed as happy"

User: "Its all gone! You said this MDM voodoo was going to be helpful!"

Well. Its more helpful than running 60 phones and 30 Apple TVs off a spreadsheet and managing individual login credentials at the physical device, ironically over the phone. But once the wrinkles get found, theyre into it. I did read a document somewhere that said most Jamf Administrator issues are due to trying to overcook things too soon in the roll-out piece. Definitely guilty of that one.

9/10 issues so far with my experience have been Admin user derp. Im glad this community provides a central resource for common user derps that we can help each other with :P