Jamf Pro, MacOS Ventura and Profiles locking

itinspectorio
New Contributor II

I know there are some topics and solutions to lock Profiles, but none of them are working right now to prevent users from removing MDM Profile and uninstall Jamf from the company laptop.

May be someone can advise and help what is the solution for Ventura to lock removing MDM Profile option? 

We are not using ADE, thats why cant select option to disallow removing MDM. 

Please help guys. 

10 REPLIES 10

jamf-42
Valued Contributor

as they are user enrolled, by design the user can un-enroll,  a fudge: maybe to block access to terminal (for obvious reasons) and use a config profile to block access to config profiles in System Prefs, not sure if that brings its own issues.. ABM / ADE is the way forward though.. 

itinspectorio
New Contributor II

Config Profile not locking Profiles as it was moved from separate setting "Profiles" into Privacy and Security setting and Apple disabled extension remove of Privacy and Security.

itinspectorio
New Contributor II

To my regret we cant move to ADE =((

sdagley
Esteemed Contributor II

@itinspectorio Is it an organizational policy that prevents you from moving to ADE? If so you might want to let your management know that if they are serious about using Macs in the org then they need to find a way to move to ADE as that's the only way you can enforce MDM.

itinspectorio
New Contributor II

We cant migrate because we are not able to enroll vendors into Apple Business Manager account as we have too many and sometimes we buy from other vendors that are not in the list and to add every time new one is very complicated. @sdagley 

sdagley
Esteemed Contributor II

@itinspectorio One would hope persuading your management that standardizing your Mac purchasing process is critical to supporting Macs isn't an insurmountable obstacle. 

itinspectorio
New Contributor II

Before Ventura making Profiles grey was good idea, but now it is impossible

markdmatthews
Contributor

This is actually reversed right now (i.e. Disable to Enable) and is part of PI109427: Restrictions: Preferences > Restrict items in System Preferences > Profiles

itinspectorio
New Contributor II

This is the question or issue I am trying to ask big minds, if someone found any solution how to lock it =))) @markdmatthews 

Yes "Uncheck" Profile under "disable selected items" in Restrictions until PI109427 is completed. It is currently behaving for Profiles opposite of what is intended.