Hello everyone! Back again looking for some assistance.
Has anyone figured out a solid way to receive reliable email alerts when a machine has had Jamf removed from it?
I am having some issues with some of our tech savvy users who have local admin removing their machines from management. I assume they are just using the removeFramework command in terminal... or just deleting the binary...
Either way, due to the job titles of some of the users, I can't just blast them with emails about policy and security notices to convince them to re-enroll their machines. It would be better for me to have emails or retroactive logs that I can review to see who has removed management and when for record keeping purposes.
Any help is greatly appreciated!
I would check out Rich Trouton's CasperCheck process. You could either implement it as is, which would get any Macs re-enrolled when the framework is removed or they fall out of management for any reason, or I imagine you could modify it to send out an email when it detects an issue instead, if all you really want is a reporting mechanism.
While you can use Smart Groups as mentioned above, its by no means instantaneous, since the lowest value you could set in the Smart Group would be machines having not checked in within 1 day. So it could be up to 24 hours or more before receiving an email about the group change. Also, there are many reasons a Mac may not check in with Casper, like being off as a simple example, so you will undoubtedly get false positives with that approach.