Our institution's push certificate expired, a new one was created and uploaded.
My question is around getting the MDM profiles updated on our machines. Is there an easy way I can utilize JAMF (or even ARD?) to automatically update the MDM profile on all of our machines? We have ~200 Macs and I'm hoping we don't have to manually re-enroll them all.
Thank you in advance for any advice you can offer!
In my experience, you will need to re-enrol. I had it happen once, the warnings came in when I was on leave. Came back to chaos.
You might be able to get ARD to run the Jamf command line enrol command.
Usage: jamf enroll [-prompt | -invitation] [-noRecon] [-noManage] -prompt Prompts for JSS and SSH credentials. -invitation Uses an invitation ID for credentials instead of a user name and password. -noRecon Stops enroll from acquiring inventory. -noManage Stops enroll from enforcing the management framework. -noPolicy Stops enroll from checking for enrollment policies.
But getting your credentials in there will be the hard bit.
It also depends on if they were DEP/ADE enrolled originally. If they were the MDM profile may be non-removable and require a hands on re-enrollment to rid the machine of the expired one. You'll either need to attempt to remove it with the jamf binary or inside the recovery partition.
Either way I see a pair of sneakers and running from person to person in your future.