I have DEP enrollment of managed Macs, after a reinstall of the OS, down to four steps:
1. Selecting the Country
2. Selecting the Keyboard Layout
3. Clicking Continue on Remote Management/MDM enrollment (not optional for our Macs)
4. Selecting the Time Zone
However, my school was a bit spoiled with Netboot and DeployStudio as we would set the Startup Disk via ARD to our Netboot Server which would load into DeployStudio which was configured to automatically apply a workflow and run automatically.
Basically nobody had to physically touch the machines. It was truly "Zero Touch".
Is there a way to automate the DEP process to skip the steps 1-4 I listed above and simply enroll in our Jamf MDM server?
Solved! Go to Solution.
IIRC You are not seeing time zone as a jamf option because it is not skiable per say. If you remove the check box for Location service and allow the user to enable Express settings (which would turn on location services) then you won't see the time zone screen because the Mac will determine it on its own.
If you skip location services then they are disabled by default and you have to select a time zone. So really you are just trading one screen for another. Depending on your use case and if the Macs travel you may find that you want location services on anyway.
Also you may also have to uncheck App Analytics and one other box. It then combines them all into Express Settings..
Yeah, I don't think Time Zone is skippable unless you let the user choose to enable Location Services. So it's one or the other. No matter what you have to click through around 3-4 screens initially.
So, as for how to automate any of this and make it really truly zero touch, you can't. Welcome to the wonderful world of Apple and DEP (where "Zero touch" doesn't mean what you think it means)
Hopefully Apple will eventually give us some way to automate getting through those last few screens, but I wouldn't hold your breath for it.
This policy is run only at enrollment. The policy sets the login window to display a "please wait while we are installing additional applications" message along with setting the timezone, it will run a recon and set the computer name. Finally, this policy will restart the computer so the login window is configured for us.
Like others have said, we have the steps down to 3 steps but not really a zero touch.
I am going to guess Timezone is not skip-able to do cert based auth, and that if your time/date is off it will break many SSL types of communications.
zero-touch is more of that IT doesn't have to touch it. Historically you would either mass image, or you would have desktop support techs log in and configure machines. Zero touch is more of the fact IT doesn't have to touch the device and you can ship it to the user. I will agree that the phrase "zero touch," implies many other things and it should be maybe marketed more clearly.