- Jamf Nation Community
- Products
- Jamf Pro
- Re: Devices not always deploying/enrolling correct...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-07-2023 03:13 AM
Hi all, we are trying to finalise a roll-out of Jamf for Mac management, with zero-touch from IT. Devices are enrolled automatically to our Jamf MDM server in Apple Business Manager, and ideally we'd like to send devices directly to users, for them to unbox and run through Jamf Pre-Stage Enrollment.
The issue I have seen, maybe one in every 10 builds, is enrollment will not complete correctly. We have a device at the moment that hasn't renamed correctly, hasn't deployed all Enrollment Complete software/policies, and hasn't deployed all config profiles (including FileVault enablement).
Running this command locally on the device will essentially re-run enrollment:
sudo jamf policy -event enrollmentComplete
but my concern is sending a device to an end-user, the device doesn't enrol correctly, the user tries to work on the device but doesn't have Office apps, or the device doesn't meet security requirements, such as disk encryption.
Does anyone have any advice please?
Thank you
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-07-2023 07:23 AM - edited 03-07-2023 07:24 AM
@verticalben Using the DEP-Notify script to drive DEPNotify will be more reliable than multiple policies triggered by Enrollment. It's not the new hotness, but it still works. I would suggest that you have some sort of verification script that runs after your enrollment is finalized to verify that everything ran as expected.
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-07-2023 05:41 AM
@verticalben How are you driving your enrollment process? Are you triggering multiple policies with the Enrollment trigger, or are you using something like DEPNotify-Starter that uses one Enrollment triggered policy to run script that in turn triggers other polices and uses the DEPNotify app to provide progress feedback?
Another thing that can cause problems with device enrollment is having "Allow Network State Change Triggers" enabled in Settings->Computer management->Check-in
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-07-2023 06:44 AM
Hi there, we are triggering multiple policies with the Enrollment trigger. Is the DEPNotify best practice?
"Allow Network State Change Triggers" was enabled - I have now unticked this. Thank you
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-07-2023 07:23 AM - edited 03-07-2023 07:24 AM
@verticalben Using the DEP-Notify script to drive DEPNotify will be more reliable than multiple policies triggered by Enrollment. It's not the new hotness, but it still works. I would suggest that you have some sort of verification script that runs after your enrollment is finalized to verify that everything ran as expected.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-07-2023 09:20 AM
You might also want to look at what you have in your prestage. You want the bare minimum in there. not loads of apps ( Security config) the first policy you should deploy to M1 machines is prob still a Rosetta install. You could create a single policy which runs a script to run the other policies on a trigger, rather than setting them all to run at enrollement.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-08-2023 12:58 AM
