Jamf Nation Community

jazza1756 · ‎02-28-2024

Hey all,

I'm looking to offboard a few devices from our JAMF Pro environment completely and would like some clarification. I've ran the 'Remove MDM profile' on all devices, and had users run the 'sudo jamf removeFramework' cmd to ensure that there is no underlying Jamf connection remaining. I've also removed JAMF as their connected MDM server in ABM, but noticed that even in Jamf the PC still checks in.

Same with FileVault 2, it is still active and the recovery key remains in JAMF. If I delete the record after these steps, what is expected to still remain on the device? (other than service accounts or apps that I haven't removed)? Is there a preferred way to completely remove JAMF from the device?

sayr01 · ‎02-29-2024

Hi,

the steps you described should remove all association. also delete the entry from JAMF.

easyedc · ‎02-29-2024

If you're truly off-boarding the devices, make sure you release them in ABM as well. Don't want to donate them or whatever is happening and have the user try to set them up the first time and they get re-enrolled into your Jamf.

AJPinto · ‎02-29-2024

In addition to removing the MDM profile and MDM framework, you need to delete the device in Jamf. However, know this does not remove whatever Jamf did to a device like installed software or stuff configured by scripts. Releasing a device, you really want to wipe it.

howie_isaacks · ‎02-29-2024

BEFORE YOU DELETE FROM JAMF PRO..... Get the FileVault recovery key from the inventory in case it's needed later.

roiegat · ‎03-05-2024

Almost sounds like a launchdaemon is still running to send that information in. I would run the following command on that machine:

sudo Profiles show -type enrollment

If its still thinking its in ABM somewhere (regardless if your removed it) it would return back data with your ABM and JAMF info. If you see this run the following:

Note: you'll need the computer connected to the internet for this

sudo Profiles renew -type enrollment

What this does is reach out to Apple and ask it if this machine is associated with any MDM. It should return back no if got rid of the record. Run the command above to verify again.

lisagk1 · 2 weeks ago

Steps to Remove JAMF Pro Without Wiping:

Remove Profiles
Go to System Preferences > Profiles (macOS) or Settings > Device Management (iOS) and remove JAMF profiles (admin rights needed).
Uninstall JAMF Binary
In Terminal, run:
```
sudo jamf removeFramework
```
Delete JAMF-Installed Apps
Manually remove apps installed via JAMF from Applications or Terminal.
Disable MDM Enrollment
Remove the MDM profile from System Preferences > Profiles.
Clean Residual Files
Delete files in:
- /Library/Application Support/JAMF/
- /Library/LaunchDaemons/com.jamfsoftware.*
- /usr/local/jamf/
Verify
Run which jamf in Terminal. No result confirms complete removal.

Consult IT if the device is institutionally owned.

lisagk1 · 2 weeks ago

How to Fully Remove JAMF Pro Without Wiping

If you're looking to remove JAMF Pro from your device without performing a full wipe, follow these steps:

Remove MDM Profiles:
Navigate to System Preferences > Profiles or Settings > Device Management, and remove the JAMF-related profiles.
Uninstall Framework:
Open Terminal and execute:
```
sudo jamf removeFramework
```
Clear Installed Apps:
Manually delete JAMF-installed apps from the Applications folder or use Terminal commands.
Remove Residual Files:
Check and delete leftover JAMF files in these directories:
- /Library/Application Support/JAMF/
- /usr/local/jamf/
Verify Removal:
Run which jamf in Terminal to confirm it’s fully removed.

For more tools to help with device management, Discover more about Goodwill.

Jamf Nation Community

How to fully remove JAMF Pro from devices without wiping?

Steps to Remove JAMF Pro Without Wiping:

How to Fully Remove JAMF Pro Without Wiping