Jamf Nation Community

We are going with the sorting at the ABM side and are not big fans (trying to limit going into ABM), would like to move to scripting it into our pre-enrollment so the build tech or end user can pick it but time and lack of script-fu is keeping us from fixing this.

Depends on your workflow.

We have roughly 120 Sites, and around 90 DEP Tokens (aka MDM Servers in ABM/ASM) and this works just fine in regards to device assignment (minus the issues this causes because of Jamf/Apple).

While I do want to condense our large number of Sites, we will always have a DEP Token per Site. We have separate IT Groups that are completely unrelated that need to manage their own systems. I have no desire to move their devices to their Site after it enrolls. Besides the fact that they wouldn't be able to provide "enrollment Policies" for their devices then.

Also, the same way, enrolling into one location and then having some scripted method, to move to a Site, also prevents enrollment Policies based on that Site. Besides, I don't want to write a script for something that can be automatically done in the first place; seems unnecessary to me.

Now, with that all said. I do not recommend Sites by any stretch of the imagination and I'm actively working towards condensing the number we have. They leave a lot to be desired, have limited functionality especially when you start getting into advanced workflows, or have Site Admins that actually know what they're doing. To top it off, they are a management nightmare, cause massive duplication of work, etc. But I acknowledge they have their place, at least in our environment for now, but do strongly wish Site functionality is increased.

The easiest way to explain this is the most basic functionality that is missing: Site-based identification is not supported natively in Jamf.
In other words:

• You cannot search/filter/scope based on Site.
• You cannot create an Advance Search and tell which Site a device is assigned to.

Oh, and the API scripted method only works for macOS. This won't work for Mobile Devices.

Thanks for all the feedback.

This presents me with another question -- Using the "enrollment complete" trigger for policies.

I'm hoping to effectively trigger policies based on when they join or are assigned to a site. With this workflow, I couldn't use "Enrollment Complete" triggers. Can I use a different one?

Thanks again.

@mhinsz I'm looking into this now. We name our computers based on their specific site. My site specific thin images appear in Self Service whenever a computer is renamed. I'm currently working on getting my rename script to work after DEP enrollment. Once the user's account is created, I can use Splash Buddy to automatically run the site specific image. I may require another script the asks the technician's location to begin the site specific image.

Not sure if somebody has wrote a script for it, but how about using the public IP for that office? The script would get the public IP and match it to the office and then use the Jamf Pro API to set it.

@mhinsz Natively, no, there is not any functionality to "execute Policies" based on a Site change. You could do a custom trigger however and call that during your workflow, if that's the direction you want to take.

Jared's idea is an interesting approach that could work for some organizations.