I'm working with a client who just had their second Mac stolen in a year. This one was only a few weeks old.
We sent a "Lock Computer" command, but as he pointed out, there are very few situations where the thief is able to unlock the Mac with a fingerprint and connect to a valid network to receive the MDM command rather than just wipe and re-install. It's also been pointed out in these forums that if the thief bypasses the network during Setup Assistant, DEP won't get a shot at it either.
They are not currently using firmware passwords or the like, and the user isn't signed into iCloud to use Find My Mac.
At this point, the machine is just gone. But I'm not writing to find out how to get it. I'm hoping to start a more modern conversation about how people are preventing loss or handling when a machine is stolen from a technical standpoint in 2018 and beyond.
What tools do you use?
Absolute is a very solid company to go with. They work with local law enforcement to locate and retrieve a stolen device. They can track the device not only to a location but also what ever floor it may be on if its a large building.
Also, if they cannot retrieve the device for you, they actually pay you back, pay back prices are predicated upon the device/year/model. They will also send a representative to sit down with you and discuss what you want to do, make sure it will work for your environment, etc.
With this software you can set up geofences, so if a device leaves a certain area or pings outside of the geofence, it can lock down, etc, before you even realize its gone and have a chance to lock it with Jamf.
It's worth taking a look and participating in the free trial.
We're using Prey along with JAMF to lock computers out and then ultimately look up where they are etc. through Prey if somehow someone figures out how to get past the JAMF remote lock (Its possible). In the test cases we've had we used these really old computers as a proof of concept to see if we could gather enough information about who, what and where, etc. for our computers and so far (knock on wood) haven't had to use it for a real computer. We know we have tools at our disposal now to do so should the situation come up.
For the setup, we have a special DEP environment setup for stolen devices and they get Prey as soon as they touch the internet and finish enrolling etc.
This is a link to the session I first attended about Prey at JNUC 2017: https://www.jamf.com/resources/videos/security-woes-now-what/
Another from JNUC 2018: https://www.jamf.com/resources/videos/loss-prevention-using-prey/
Hoping that helps!
Do Prey or Absolute solve for whether or not a thief bypasses network configuration during setup? So far as I can tell, if the setup is completed without an active network connection, then Jamf won't have an opportunity to push Prey out to a machine flagged as being stolen.
Disclaimer: I haven't tested with Absolute yet.