Managing Macs Not Enrolled in ABM

Fojo
New Contributor

Hi Jamf Nation. Here's the scenario - we have several Macs that are not enrolled in Apple Business Manager (ABM) but are enrolled in Jamf Pro via User Initiated Enrollment. I found that despite being enrolled this way, I have very limited control over managing them, especially pushing OS updates. I read that as long as the Macs can run Monterey OS, I can use an iphone with Apple Configurator 2 installed to enroll these Macs in ABM, is that correct? Also, my understanding is that the Macs also need to have the T2 security chip.

I want to make sure I am not missing anything, because right now, despite the Macs being "enrolled" in Jamf Pro, I can't really manage them and want to be able to. Please let me know if I didn't explain things well or if you need clarification as I am fairly new to Jamf Pro. Thanks!

5 REPLIES 5

jpeters21
Contributor II

yes you can use apple configurator to import a device into ABM/ASM, I have done it a couple times when a department has went out of the official purchasing process. You will have to do this, then reset devices getting them DEP enrolled. 

https://support.apple.com/guide/apple-business-manager/add-devices-from-apple-configurator-axm200a54...

That said capabilities of managing apple updates are not great and are made worse when you move to M1 devices. Feel free to search jamf forums to set your expectations on that. 

Fojo
New Contributor

Thank you.

gabe2385
Contributor

@Fojo @This is the only way yes, you are correct. However if they purchased the product using an account that is registered to your company l, you maybe able to add that account into ABM and those device may show up. 

We had a similar issue where our clients ordered Mac products using a different account but since it will still registered to our university, we just added those accounts that they used to order into our Apple school manager and we were able to have those device come up in our Apple school manager account.

Fojo
New Contributor

Thanks. Fingers crossed.

AJPinto
Honored Contributor II

I would imagne you are seeing some of the differences that happen based on how a device is enrolled.

 

With Catalina and before if a device was enrolled using user based enrollment will lack supervision. Supervision is a massive part of management. With Big Sur all managed devices will become supervised, however only devices enrolled by DEP will get a bootstrap token. Those bootstrap tokens are what is used for the software update MDM commands and various other things. 

 

The only solution I can think of at this moment is to reprovision the devices. In this process use an iPhone with Apple Configurator as you mentioned to bring them in to Apple Business Manager.