Posted on 03-16-2023 07:11 AM
New to Jamf.
We're finding that a fair few of our users are no longer checking in on the frequency we've set. Also finding that sending blank pushes etc doesn't seem to be doing anything, so the assumption is they've deleted the MDM profile. Is there a way to tell this for sure without having access to the Macbook itself?
Posted on 03-16-2023 07:43 AM
@miszerkyst Short of having a LaunchDaemon triggered script that looks for the MDM profile and sends a notification via a non-Jamf Pro mechanism (e.g. via SMTP) your only indication will be a Mac stops checking in.
Posted on 03-16-2023 09:26 AM
Taking a step back, it is a common issue that devices stops syncing with Jamf, specially when not rebooted in a long time.
Our steps
* If the device is checking-in but not doing full sync (Device history -> Policy logs, Management history), Redeploy Jamf Framework via API.
* Ask users to run "sudo jamf policy && sudo jamf recon"
* Ask users to reboot
Posted on 03-20-2023 07:44 AM
Just deleting the MDM Profile should not stop a device from checking in as the MDM Profile has very little to do with the JAMF Framework and Recon itself. There is really nothing you can do to be alerted if the JAMF Framework is removed. Security clients that rely on Configuration Profiles would stop working. You would be stuck with a LaunchDaemon to do an API or SMTP thing.
To rule out the obvious, have you had a user reboot to see if a device comes back up? The JAMF Binary and MDM Framework can hang up just like any other Daemon.