I can not enroll a Big Sur Mac into jamf

ateazzie
New Contributor III

I tried to enroll a test machine with Big Sur into our Jamf but it doesn't work.

has anyone else seen this?

22 REPLIES 22

mark_mahabir
Valued Contributor

As it is currently in beta, you will probably find that that Jamf won't support it until v10.23.0 or even v10.24.0.

Samstar777
Contributor II

We are also facing same issue and got to know that we need to wait for new Jamf binaries for this to work.

ateazzie
New Contributor III

I manually enrolled it, got self service, so far so good
but then I checked and it didn't enroll in the server where I wanted it to be, it ended up in our production server
tried again, make sure I had the correct address, but still enrolled in the wrong server (which doesn't support this OS as of yet)

hepvd
Contributor

Worked with 10.22 (manual enroll) not went deep further tho

bradtchapman
Valued Contributor II

@ClassicII posted this a few days ago:

Big Sur Beta 1 & Jamf Pro = Enrollment Problems + Workaround

TL;DR: it's a manual process until Jamf updates the product to support enrollment.

Samstar777
Contributor II

This issue seems till Open with JAMF, Can anyone from JAMF Confirm when will they support macOS Big Sur ? for Enrollments

mschroder
Valued Contributor

Not being able to test JAMF workflows is quite bad. I can understand that the JSS can not yet support all new features, but not being able to enroll a BS Mac is quite annoying. But then again it is not clear whether this is a JSS issue or a macOS issue...

A statement from JAMF would be useful, but does the NDA allow them to make one?

GregE
Contributor

How about non-DEP devices? Running quickadd.pkg gets it enrolled but it won't install the MDM Profiles as you can't do that via command line anymore. Looks like you've got to download them via your https://jamfcloud.com/enrol then open System Preferences -> Profiles (which doesn't exist) and manually add them.

Edit: You can get in to the Profiles system preference by opening Self Service and having it prompt that you need to manually approve the MDM Profile (ah High Sierra good times) but that's still a no-go.
683f516ef62143c892ea0cef7c073cf5

walt
Contributor III

@GregE i believe quickadd is or will be depreciated. using the User-Initiated Enrollment method (profiles) is the way to go forward. Manual enrollment and DEP enrollments in Jamf with Big Sur have been working for me, however, none of the System Extensions seem to be taking.

GregE
Contributor

I started looking at the Cisco AnyConnect System Extension on Friday but we're deploying 4.9.01 and it looks like you need 4.9.02028 for the System Extension to work. Same deal with Microsoft Defender and needing to be using the InsiderFast rather than Production version.
From a security/licensing perspective we just looked at turning User Initiated Enrollment off to try and block the external URL so was surprised to learn that it's required for DEP to work!

GregE
Contributor

If anyone is testing/deploying System Extensions:
1. Install Application and manually Allow the extension using System Preferences.
2. Open terminal and run systemextensionsctl list
3. Create Config Profile and enter the details in to your System Extensions payload (its down the bottom). Change the drop down to Allowed System Extensions.

Cisco AnyConnect 4.9.0208
Team ID: DE8Y96K9QP
Extension: com.cisco.anyconnect.macos.acsockext

Microsoft Defender ATP
Team ID: UBF8T346G9
Extension: com.microsoft.wdav.netext
Extension: com.microsoft.wdav.epsext

1729patrick
New Contributor

@GregE can you show where create the config profile, please?

GregE
Contributor

Just remember that System Extensions need to be supported by the vendor so if it doesn't work, check what version of the app you're running.
Computers -> Configuration Profiles
e64ac3f577844248b2e186692b65d885

bcbackes
Contributor III

Looking for advice. I have a VM that had Catalina and was NOT enrolled in Jamf Pro. I updated it to Big Sur via Software Update, then, enrolled it in Jamf Pro via user initiated enrollment. The CA installed correctly and the MDM installed and shows it's verified. However, when I go into Jamf Pro it shows that it's unmanaged. Can't figure out what the issue is. Thoughts?

I should say that when I try to run an inventory in terminal I receive "sudo: jamf: command not found". Almost like it enrolled and didn't pull in the binary. Could this be related to the fact that I'm still running Jamf Pro 10.22.1 and it may not know what to do with Big Sur? The VM shows in the Jamf Pro console is unmanaged. FYI, I have two other VMs running Catalina and Mojave that enrolled without any issues.

jose_torres3
New Contributor II

@bcbackes Using the quickadd method will install the Jamf Pro Binaries

https://your.jps.com/enroll/?type=QuickAdd

where "your.jps.com:8443" is your JSS server

rkeleghan
New Contributor III

Im now having this issues on Big Sur 13" Intel machines.
I have tried the QuickAdd.pkg but I get an error of package "not Trusted" and doesnt install.

mark_mahabir
Valued Contributor

@rkeleghan With macOS Big Sur, you'll need to use either Automated Device Enrollment or User-Initiated Enrollment.

QuickAdd packages are dead.

CodeNameTwinkie
New Contributor II

OK if this the same thing I ran in to..... You run a quickAdd package to add your hidden Admin account and then I run the https://yoursite.jamfcloud.com/enroll this will enroll the device and add the MDM and then you can run recon at any point.

rkeleghan
New Contributor III

So .. What i have found it .. DEP for macOS 11.3.0 or 11.3.1 fails.. but ... If i just setup mac with a local user who is admin and then enrol via jamfcloud.com/enroll .. it works ..
I believe its because my JSS on version 10.26 and that only support Big Sur 11.0.1 or 11.1.0 .. Im in the process of upgrading my JSS ...

guliciuk
New Contributor III

So, from what i found after some tests, there are issues with DEP for macOS 11.2 ( that came preinstalled on the last 16" macbook pro's ). It will enroll, but won't run the policies that have "run after enrollment" trigger, and SelfService seldom installs, it takes a "jamf policies" to get it, and even then, nothing in it is working properly.
My workaround would be to boot directly into recovery mode, erase ssd, and reinstall macOS from there,( seems to get the latest 11.3.1 version) and then DEP will go ok.
(oh, JSS 10.28)

gachowski
Valued Contributor II

Is your Setup Assistant is crashing ? I missed it the 1st few times : )

https://www.jamf.com/jamf-nation/discussions/38791/intel-macbook-pros-not-creating-new-user-accounts#responseChild216970

guliciuk
New Contributor III

No, i don't use setup assistant to create new users. DEP creates one admin account and IT logs in to create end-user account and some fine-tuning.