I have an issue where Macs (ARM and Intel) on macOS 13.5 do not get the Jamf binary after enrolling (ADE or manual) and appear unmanaged in Jamf Pro (on-prem 10.48.2). Macs on 13.4.1 and below (inc latest Monterey 12.6.8 have no issues at all). MDM commands are fine, no issues.
The Macs effected do not have the ‘Allow Jamf Pro to perform management tasks’ checked. Enabling this and rebooting the Mac can, on a few instances get the binary installed (after about a 15 min wait ) and run my post DEPNotify policy (enrolment complete trigger), but not always.
Looking at older forum posts, I see in the past people have experienced similar issues.
Tried the following...
- Enable user-initiated enrolment - (already enabled) have tried with it disabled, still the same.
- Checked sysdiagnose logs – I do see this but confirmed we have no Restriction Config Profiles with ‘Require admin password to install or update apps’ checked.
[com.apple.appstored:AppInstall] [MNFE60849E9/com.jamfsoftware.enrollment.dep.quickadd] Failing installation after receiving error: Error Domain=PKInstallErrorDomain Code=100 "Authorisation is required to install the packages." UserInfo={NSLocalizedDescription=Authorisation is required to install the packages.} - Restored Mac using IPSW – no effect.
- Have not tried disabling Management account creation, I’ve been advised its required for our FV policies to work.
- No orphaned (ghost) Mac records related to effected Macs on jamf DB
Our current (not ideal) work around to enrol devices is downgrade Macs to 13.4.1 -> enrol -> install 13.5 update.