Jamf Nation Community

BCPeteo · ‎07-09-2020

We are getting some iOS devices and working with apple school manager for the first time. How are you setting up Automated Device Enrollment in your organization?
Are you making different Automated Device Enrollment instances for each department? or letting them come in to one instance an then manually assigning devices to different sites after?

kevin_v · ‎07-09-2020

We are treating Sites as Departments for our org. Each site has it's own MDM Server in Apple School Manager.

The downside to this is the lack of granularity within Jamf Pro to delegate permissions. Some things require Full Site access where Department Administrators get the "keys to the castle" per se to modify things we don't want them modifying.

I would advise not going this route having dug ourselves as deep as we have now. Utilize the Department field in Inventory > User and Location.

BCPeteo · ‎07-13-2020

Got it, I'm using Department field in my test right now. I tried to add another New Automated Device Enrollment instance, but it would not take my apple MDM token again so it did not look like you could add a new instance using the same mdm I set up in apple school manager. but it sounds like this is not a good idea anyways.

Asnyder · ‎07-13-2020

I'm using one Automated Device Enrollment server (ASM) and multiple prestage enrollments that set the department of the device. I then scope policies to those departments. K-12 EDU Here.

reddrop · ‎07-13-2020

We enroll all of our macs into a single DEP site and then use a script to change the site via API. We scope the script to smart groups based on information pulled from the users LDAP attributes.

cbd4s · ‎07-26-2020

So what is exactly the difference between Options (General) > Department (Department to associate with the PreStage enrollment) and Options (User and Locations) > Department in the Devices PreStage Enrollments?

Jamf Nation Community

How are you setting up Automated Device Enrollment with different departments?