Device Re-provisioning Best Practice

gavin_las
New Contributor

Hi all,

Just wondering what you all consider best practice when a device is returned to our team into stock waiting to be issued to a new user.

a) Remove the machine from Jamf Pro inventory and then enrol the machine as if it were brand new when it's issued out again?

b) Leave the machine in Jamf Pro and enrol 'over the top' of the existing device record?

At this stage I'm thinking 'option a' is cleaner provided we make sure the device isn't activation locked or anything like that before we remove the device record.

Cheers,
Gavin

5 REPLIES 5

davidhiggs
Contributor III

Might depend if you are doing an erase on the machine when re-issuing. Some of the re-enrolment options (in settings) to clear history and pending commands might cover most of your concerns.

If wiping the device, i would delete the computer record to ensure the cleanest computer object in your JSS. You could build a de-provisioning script to delete the computer object after an erase command is issued (i haven't tried this myself).

Look
Valued Contributor III

The later versions of JAMF have options for removing most details on re-enrollment.
The biggest issue I have seen is that depending on the age of the device their can be a fiarly significant delay between re-enrollment and some smart groups updating, especially devices enrolled before the fix to User & Location data. In practice this means we have a script that generates a 2 minute delay on enrollment to make sure all the processing is finished before checking for any policies.

gavin_las
New Contributor

Thanks for the replies.

I should clarify that the machines are wiped when they come back in, which is why my thoughts are that deleting the record is the way to go. Just trying to make sure I'm not missing some significant upside to keeping the record in the JSS.

Cheers,
Gavin

Look
Valued Contributor III

If they are wiped they are no longer under management anyway so unless you need the historical records (Application Usage, User and Location Data perhaps) I can't see why to keep them.
Also your charged per device so it may be costing them to keep them.

gavin_las
New Contributor

For Macs, we delete the record, and then wipe the machine. We have all M1 Macs now, so we just use configurator to do a Revive and then restore. They then go in the drawer ready to go as a brand new machine.

For iOS, we wipe the device from within Jamf, which marks it as unmanaged and gives us the chance to clear activation lock, then we delete the record and since it is already wiped, it goes straight in the drawer ready as a new device.

Works really well for us.

Cheers
Gavin