Jamf Nation Community

This is going to be a big topic for us next year on the iOS side (we have fairly good laptop/desktop procedures now) as this is the first year we are decommissioning well over 100 iPads en-masse. We are replacing some very early iPad 2s with iPad Airs and we typically allow scrap vendors to put in bids on the decommissioned hardware as a large group.

With the iPads, I will have to permanently remove them from the DEP. Once they are removed from there, they are useless to us remaining in Casper for anything other than stale inventory information simply because from time to time the police ask for information on stuff and I would like to be able to help when asked. that being said, JAMF licensing does have a per device cost so we kinda don't want to pay for that anymore either.

I'm posting mainly so I get notified to watch this discussion. I'm very eager to see what other folks do for their end of lifecycle processes, especially with iPads.

I'm also curious about this. We have a few broken Mac Airs within our system that were damaged or stolen and we've kept them in JAMF for our own records. However, @blackholemac has made a good point that in the future we'll end up paying for this. I'm not sure what the right answer is, but I'm also looking forward to hearing how others keep track of these records, with both iPads and Macs.

We don't use JSS for asset management - we use webhelpdesk for that.

If a computer is retired from our fleet, we power it off and mark it retired in asset management, and delete it from the JSS (techs have an extension attribute drop down to set it retired, then I have a saved computer group so I can mass delete these retired devices).

If we need to run a report on retired devices, we have webhelpdesk for that.

If a computer is retired and decided to be reused, it's reimaged which brings it back to our JSS. If a tech retires something that they shouldn't have, when it powers on, caspercheck will re-enroll it and put it back into the JSS.

I wish Jamf would give us the self heal ability that caspercheck gives us now. There's a FR for that somewhere.

Like @bentoms I set devices that have been sent back on lease return to unmanaged. This gets around the licensing cost issue, as Jamf does not charge for unmanaged devices, just the managed ones. At least that has been our experience for the last 9 years with them.

I go one step further, however, and remove the devices from Jamf Pro. I generate an Advanced Search (I use lease expire date for criteria in our case) and then export that list from the server before deleting them from the server. The resulting CSV file is stored on our file server, along with other information about the lease return (copy of FedEx manifest, lease return docs, etc). We do not currently have another asset management system (besides my Google Sheet), but we are in the process of implementing ServiceNow so we will most likely store these machines there.

I leave stolen devices (computers only) in as managed because we use DEP and I have a policy scoped to those machines (use an EA to scope) to deploy Prey. I was able to recover one of our stolen devices last year using this method, so I am keeping it in place.

A belated thanks for all your comments, folks. A few things for me to think about.

I was at an Apple meeting late last week and brought up the lifecycle management question. A different aspect in the lifecycle process is self-recovery or re-issuing devices to new owners.

Is everyone encountering the bug with one MDM-enabled local user per computer record for Sierra machines? It basically breaks user self-recovery because the local user account on the rebuilt machine doesn't get MDM-enabled properly. Requires user hand-holding and the administrator must either delete the computer record or the associated push magic from the database.

John