Our institution's push certificate expired, a new one was created and uploaded.
My question is around getting the MDM profiles updated on our machines. Is there an easy way I can utilize JAMF (or even ARD?) to automatically update the MDM profile on all of our machines? We have ~200 Macs and I'm hoping we don't have to manually re-enroll them all.
Thank you in advance for any advice you can offer!
In my experience, you will need to re-enrol. I had it happen once, the warnings came in when I was on leave. Came back to chaos.
You might be able to get ARD to run the Jamf command line enrol command.
Usage: jamf enroll [-prompt | -invitation] [-noRecon] [-noManage] -prompt Prompts for JSS and SSH credentials. -invitation Uses an invitation ID for credentials instead of a user name and password. -noRecon Stops enroll from acquiring inventory. -noManage Stops enroll from enforcing the management framework. -noPolicy Stops enroll from checking for enrollment policies.
But getting your credentials in there will be the hard bit.
It also depends on if they were DEP/ADE enrolled originally. If they were the MDM profile may be non-removable and require a hands on re-enrollment to rid the machine of the expired one. You'll either need to attempt to remove it with the jamf binary or inside the recovery partition.
Either way I see a pair of sneakers and running from person to person in your future.
The sudo profiles renew -type enrollment command does work on DEP enrolled Macs, not sure if it will work with an expired push cert. You have to be logged in to the Mac as an administrator to make it work as there are GUI pop ups that you have to accept.