Jamf Nation Community

raphhyyy · ‎12-16-2019

sorry for the bland title, but my current company we utilize DEP when "imaging"/enrolling etc... we just acquired a new company recently and are planning on getting them into our Jamf environment with our proper security settings/apps/etc... Catch is we plan on doing this rollout in stages:
- stage 1 is since we have no way in deploying anything to them currently, we want to enroll the machines and put the management profiles on their machines to start (remember we utilize DEP)
- stage 2 and 3 are just pushing policies like adding admin account and removing local admin and other things (which is easily enough done via payloads which i don't have any questions about, just stating the plan)

Since we use DEP for enrollment, which triggers certain policies, is there a way to enroll these machines with just the management profiles/certs so none of these are triggered?

mm2270 · ‎12-16-2019

I suggest using either the "Enrollment Method: PreStage enrollment" or "Enrolled via DEP" Smart Group criteria in any Smart Groups that are assigned to policies or profiles that you would like to only apply to Macs enrolled in DEP.

By adding that criteria in, it will let you make sure to exclude Macs that get enrolled via some other method, like user initiated, from receiving those policies or profiles.

Does that make sense?

raphhyyy · ‎01-01-2020

Yeah that makes sense! thanks @mm2270 for the info Sounds simple enough! almost too simple... lol

raphhyyy · ‎01-14-2020

just an update @mm2270 - doesn't look like that method works.
Created those smart groups for all those policies/profiles that we didn't want the user to receive but it still initiated the DEP aspect of things.

All i did for testing was going to our /enroll page and enrolled that way.

Jamf Nation Community

Enroll recently bought company, without DEP?