iOS User Enrollment: No serial number

jacobnt
New Contributor

I am running into an issue where my iOS devices are not logging a serial number after Account-driven enrollment. I have enrolled multiple devices, but the Serial Number does not get reported in the Jamf Pro console. VPP licenses will not apply to iOS devices that do not have serial license so I am unable to assign any applications to my end users.

1 ACCEPTED SOLUTION

mark_buffington
Contributor II
Contributor II

That's expected behavior with User Enrollment, as managed devices don't share persistent identifier info like serial numbers to MDM servers for privacy reasons.

Because of that, user-based VPP licensing needs to be used for those devices instead, which assigns the license to the Managed Apple ID instead. User-based volume licensing has a few more steps to set up, which the admin guide can shed some light on.

Here's how I have it set up for testing:

  • Volume Purchasing settings - Check the box for "Automatically register with volume purchasing if users have Managed Apple IDs"
  • Create MAID Smart User Group to target program invitations and license assignment - Criteria can be set to, "Managed Apple ID" like "@yourfederatedMAID.domain"
  • Invite MAID users to your organization's program - In Jamf Pro Settings, go to: Users > Invitations > New, and when creating it, select the options to automatically register users with Managed Apple IDs to your invitation. Scope this Invitation to the Smart Group previously created for MAID users.
  • Assign app licenses to your target group(s) - In the Users section, use the "Volume Assignments" section to scope a number of app licenses to the Users or User Groups you wish to target. Again, using the previously-created Smart User Group should work fine.
  • Target apps to install - Use the Mobile Device Apps section to scope apps to the devices as you see fit. Any app record can be simultaneously set to do device-based license assignment as well as user-based license assignment. User Enrollment devices don't have successful app install commands when the "Make app managed if currently installed as unmanaged" though, so be sure that box is unchecked.

View solution in original post

4 REPLIES 4

mark_buffington
Contributor II
Contributor II

That's expected behavior with User Enrollment, as managed devices don't share persistent identifier info like serial numbers to MDM servers for privacy reasons.

Because of that, user-based VPP licensing needs to be used for those devices instead, which assigns the license to the Managed Apple ID instead. User-based volume licensing has a few more steps to set up, which the admin guide can shed some light on.

Here's how I have it set up for testing:

  • Volume Purchasing settings - Check the box for "Automatically register with volume purchasing if users have Managed Apple IDs"
  • Create MAID Smart User Group to target program invitations and license assignment - Criteria can be set to, "Managed Apple ID" like "@yourfederatedMAID.domain"
  • Invite MAID users to your organization's program - In Jamf Pro Settings, go to: Users > Invitations > New, and when creating it, select the options to automatically register users with Managed Apple IDs to your invitation. Scope this Invitation to the Smart Group previously created for MAID users.
  • Assign app licenses to your target group(s) - In the Users section, use the "Volume Assignments" section to scope a number of app licenses to the Users or User Groups you wish to target. Again, using the previously-created Smart User Group should work fine.
  • Target apps to install - Use the Mobile Device Apps section to scope apps to the devices as you see fit. Any app record can be simultaneously set to do device-based license assignment as well as user-based license assignment. User Enrollment devices don't have successful app install commands when the "Make app managed if currently installed as unmanaged" though, so be sure that box is unchecked.

Thank you! The licenses are assigning to devices now. However, I have run into a new issue. I have the applications set up so that they are available for download in Self Service. For some reason, Self Service is not automatically installing even though I have it set to 'Automatically install Self Service app' under the iOS tab.

That method of "automatic" can't take into account volume purchasing licensing, and the preferred/default method of deploying Self Service is manually with volume purchasing. You'll want to paste in the App Config from the admin guide that includes the `MANAGEMENT_ID` key pair as well.

thank you so much!🙏