Just wondering what the effect of this setting is when you go to apply a configuration profile. Through research I can't find a clear answer.
When you go and make a configuration change, for example setting a restriction so that find my ipad is disallowed, it gives you two options. Option 1, apply to all devices and Option 2, apply to new devices only. This is for "redistribution options".
So if i read that literally, the changes to my profile will not apply unless i push it out to all devices. But in conversations with jamf, they often get me to apply to "new devices only" and it does seem to apply the change to all devices in scope anyways.
if i want to change a configuration profile and i do want it to apply to all machines, which is the correct setting? or do both work identically, and then what would be the difference in these two settings?
please let me know. thanks.
The main difference is that choosing Distribute to all redeploys the profile out to Macs that already have it installed versus the 'Newly Assigned Devices' option, which only pushes it to any Macs that now fall into scope (possibly new scope since the last push) that didn't previously get the profile.
So as an example, let's say you want to exclude a Mac or group of Macs from the profile, which may already have it installed. If you add some Macs or Smart Groups/Static Groups in the Exclusion tab and click Save, it asks you the question about deployment. You can choose Distribute to Newly Assigned Devices Only and it will send out a command to remove the profile on those Macs now scoped into the Exclusion tab, and not touch anything on other Macs that already have it.
One important point here is that if you make a fundamental change to the settings of a profile and choose the Distribute to Newly Assigned Devices Only option, the changes you saved in your profile may never make it down to Macs that already have it installed, meaning if you didn't change your scope in some way, the changes may not actually take effect on any machines at all, at least not until some new Macs come along and get enrolled into your Jamf Pro MDM.
As a general rule, when I'm adding/excluding any machines to the scope of a profile but not making actual changes to the profile, I usually use the Distribute to Newly Assigned Devices Only option. If I'm changing the profile settings in a way that it's important to ensure all my Macs have that change, then I use the Distribute to All option.
Lastly, even something as simple as changing the category a profile is assigned to inside Jamf will cause that message to come up when saving it. I generally use the more limited Newly Assigned Devices Only option in those cases since I don't care if the profile details show the new category or not. I prefer not to repush a profile that has no functionality changes in it unless there's a good reason to do so.
Edit: I just re-read your post and saw this line:
But in conversations with jamf, they often get me to apply to "new devices only" and it does seem to apply the change to all devices in scope anyways.
I haven't experienced that myself. If it does actually work this way now (or possibly always), then I agree with you that the 2 options are fundamentally the same and Jamf is just trolling us, kind of like how a lot of "Close Doors" buttons don't actually do anything in elevators. They are just there to make people feel like they have control ;) It would make no sense to offer such an option if choosing the Newly Assigned Devices option actually just re-pushes the profile out to all machines anyway.
I'll have to run some tests and take note of what actually happens in a real world scenario, but my understanding of this has always been that it does what I explained originally above.
>>But in conversations with jamf, they often get me to apply to "new devices only" and it does seem to apply the change to all devices in scope anyways.
I would consider this behavior to be a bug in the product and suggest escalating to Jamf Support.
my test i just did, "Distribute to Newly Assigned Devices Only" did nothing to an existing ipad. But when i selected "distribute to all" it got the new settings i had applied. So it does seem it works as you say mm2270.
Is the number of devices current assigned often an inaccurate amount? I'm building a configuration profile and I have the scope set to Specific Computers and Specific Users with only one device assigned and when I go to save, it saids 23 devices assigned. Each time I save it, it seems to go up.. now it's currently 29.