Looking to disallow migration assistant or timemachine restore before DEP

Jacek_ADC
Contributor

Hello
May it is a bit a weird question, but maybe someone know an answer for me.
I saw several informations here about blocking migration assistant etc. Have implemented the restricted software for the migration assistant as well. But what can I do, to disallow the migration assistant before DEP. We have some users, the just migrate everything before enrollment (cut the WLAN) and enroll then with dep. Please do not ask how the did, because I don't have an idea how this works with enrollment after migrating. At least it will be fine for me, when an extension attribute exist we can use to find out if the macbook was enrolled after migration assistant.
Someone a good idea?

3 REPLIES 3

snowfox
Contributor III

Hi,
Have you disabled 'Transfer Information' from showing up in your DEP prestage enrolment in Jamf Pro?
This is the only way I know of to supress that page.
777ae0dbafb44c369add4d0a5cdc2d1e

sdagley
Esteemed Contributor II

@user-faWBxyKMJD What @snowfox posted is how to disable Migration Assistant when going through the Setup Assistant, but only if your users aren't disabling network access to bypass the Remote Management screen of Setup Assistant. If they do that they're probably using the command sudo profiles renew -type enrollment to trigger enrollment after they finish migration. You might want to take an extreme approach like sending a Lock command (if you're not talking M1 Macs that is) with message that you're going to issue a Remote Wipe command every time the user tries to bypass your DEP process.

Jacek_ADC
Contributor

Thanks for the input!
@snowfox , yes this is checked as well, but how @sdagley says, when the users disables the wlan, they can migrate whatever they want. Yes, may they used the command for renew profile. Our MacBooks are enrolled with jamf connect, so may this enroll automatically after the migration and the next restart of the machine. Is there a possibility to track if the users use the sudo profiles renew -type enrollment command?