All user are login with manager Apple ID but some haver manage to log out and download there own apps, I have added a restriction policy which stops this happening.
But I would like to find out who is currently logged in with their own Apple IDs.
Is there any way of doing this on jamfcloud?
An MDM Server like Jamf can not see the Name of the logged in Apple ID. This is a decision from Apple in their great wisdom. We can like it or not, but it is what it is. You might want to file Feedback with Apple, to grant MDM Servers the capability to do so. (Probably not likely to be changed, as Apple considers the Name of the Apple ID to be private).
MDM Servers can only query a hash of the logged in Apple ID. But not the clear text Name.
@Gotti I have been looking for something like this for a long-time myself. But @Andreas_Schenk is right; there is no way, right now, of getting this information. However, if you are interested in doing it on a Mac, there is a solution. I have been using this extension attribute for over a year in our environment.
Maybe someday we will be able to get that info.
@Gotti We have an EA that does this for us:
#!/bin/sh ## Get logged in user loggedInUser=$(stat -f%Su /dev/console) icloudaccount=$( defaults read /Users/$loggedInUser/Library/Preferences/MobileMeAccounts.plist Accounts | grep AccountID | cut -d '"' -f 2) if [ -z "$icloudaccount" ] then echo "<result>No Accounts Signed In</result>" else echo "<result>$icloudaccount</result>" fi
Off topic, why is bash/shell not a code option in JN?!
The EA script that @jmahlman posted, does work in my setting (for macOS; original post asked for iOS).
You might want to look at the parts of that script and its results. What is the result if you run it on those computers as an Extension Attribute and what is the result if you run it on your admin computer?
Personally I added the script as an extension attribute and then it populates in the inventory section of the computer in the section I wanted. This will run on its own during an inventory check-in. If anyone finds a mobile device (iPad) solution please update this thread. Since everyone is posting about Desktop instead of iPad. :D
The script in this Jamf Nation thread has worked for us. This will show if someone is signed into their Apple ID in System Settings/Preferences, which works perfectly for my environment. However, if you are trying to see if someone is signed in with their Apple ID to a single service (for example Apple Music), this won't work.
The OP asked about doing this on the iPad. On the User side, Jamf can tell you if the devices are logged in with the same Apple ID that content was assigned to.
For example, I assign a free children's book to every user, and I have the setting "Automatically register only users with Managed Apple IDs and skip invitation" configured for every user. When I look up my username, then click on the VPP account on the left sidebar, it'll list which devices are signed in with the MAID.
Technically, Jamf is using that hash value, so it is a true/false of whether they are using the Apple ID that agreed to VPP.