Posted on 04-22-2020 10:51 AM
I've got the serial numbers of a couple machines in our JSS that were stolen, and have since been remote locked and wiped, but once they get re-imaged and are back on the internet (one is in Russia), I have to then manually search for them by serial number.
Is there a better process or workflow to flag or alert me when and if they show up again? Or should I just create a static group with these two serial numbers and remind myself to peek at them from time to time?
Posted on 04-22-2020 11:03 AM
Maybe you could create a "Stolen Device" PreStage Enrollment. It could be helpful to set an alert or a DEP package with a tracker program.
Posted on 04-22-2020 11:03 AM
If these machines are in DEP you can create a second MDM server in Apple Business Manager, assign these devices to that MDM, and then create a PreStage in your Jamf server for the devices. Then create a Smart Group that looks for any devices enrolled via that PreStage. Be sure to turn on notifications for that Smart Group.
That is how we handle stolen DEP devices.
For non-DEP devices there's nothing you can do since they will never re-enroll in your Jamf automatically.
Posted on 04-22-2020 02:07 PM
I have a Stolen computer config profile that locks it down as much as I can, and I exclude our stolen computer smart group from all policies and other config profiles. Computers are scoped in by serial number, so even if they wipe and re-enroll they'll go back in that group again.
Posted on 04-22-2020 02:54 PM
@strayer this seems like a really good solution, thanks for the suggestion!