Posted on 10-29-2019 10:35 AM
We are in the midst of getting JAMF completely configured to support our company's growth. Currently about 80% of our devices (laptops) were purchased pre-JAMF, so they are currently sitting as Unassigned in PreStage Enrollment Status.
How can we enroll them without having to resort to wiping them clean and starting over? We are talking about 70+ laptops all currently being in use. With the ipads we were able to simply wipe and start fresh, but doing so with the macbooks is not possible. Any advice? Thanks!
Posted on 10-29-2019 10:59 AM
You can manually enroll them.
Apple has given the "heads up" that manual enrollment after 10.16 they will be a BYOD and will NOT have as many management options as we do now with this method.
I do believe to have the full management, they have to be wiped / reinstalled and in the DEP or Apple School/Business Manager.
Posted on 10-29-2019 11:00 AM
If you're reasonably sure that the clients using those Macs will be cooperative with getting their Macs enrolled into Jamf on their own, you can send out an enrollment invitation email with a link for them to self enroll. You will first need to set up the User Initiated Enrollment settings in your Jamf console (Settings > Global Management > User-Initiated Enrollment), and then also make sure you have an SMTP server set up in your console so you can send out emails from it. Or, you could send out emails from another system with a link to your Jamf console's enrollment page, which will be something like https://your.jamf.url/enroll/
If these Macs are all on a relatively up to date version of the OS, they can follow the steps and it should direct them to install a Configuration Profile, which once installed, will get them enrolled and begin pulling down the rest of the Jamf local tools.
The only other method would be to use something like Recon.app to build a QuickAdd.pkg for enrollment and push that out using something like ARD, if that's even an option for you. I don't recommend this method now because it leaves the device in a state where the user must give full authorization to the MDM profile, otherwise certain types of profiles and operations won't be permitted (look up UAMDM for more on that). The other enrollment method bypasses that issue I believe.
Hope the above helps.
Posted on 10-29-2019 11:33 AM
It is possible to retroactively add Macs into JAMF through DEP. Make sure they are pointing at your JAMF instance, as well as assign them to a prestage enrollment. then run "sudo profiles renew -type enrollment" in terminal. This will retrigger the DEP enrollment without having to wipe the machine. If the machine is over a year old on its current image however, you will have to delete the apsd.keychain file and restart in order for the command to work.