Is there a way to find out if a user has deleted the MDM profile without having access to their Mac?

miszerkyst
New Contributor

New to Jamf.

 

We're finding that a fair few of our users are no longer checking in on the frequency we've set. Also finding that sending blank pushes etc doesn't seem to be doing anything, so the assumption is they've deleted the MDM profile. Is there a way to tell this for sure without having access to the Macbook itself?

3 REPLIES 3

sdagley
Esteemed Contributor II

@miszerkyst Short of having a LaunchDaemon triggered script that looks for the MDM profile and sends a notification via a non-Jamf Pro mechanism (e.g. via SMTP) your only indication will be a Mac stops checking in.

channy-cl
New Contributor III

Taking a step back, it is a common issue that devices stops syncing with Jamf, specially when not rebooted in a long time.

Our steps

* If the device is checking-in but not doing full sync (Device history -> Policy logs, Management history), Redeploy Jamf Framework via API.

* Ask users to run "sudo jamf policy && sudo jamf recon"

* Ask users to reboot

 

 

AJPinto
Honored Contributor II

Just deleting the MDM Profile should not stop a device from checking in as the MDM Profile has very little to do with the JAMF Framework and Recon itself. There is really nothing you can do to be alerted if the JAMF Framework is removed. Security clients that rely on Configuration Profiles would stop working. You would be stuck with a LaunchDaemon to do an API or SMTP thing.

 

To rule out the obvious, have you had a user reboot to see if a device comes back up? The JAMF Binary and MDM Framework can hang up just like any other Daemon.