I'm using Jamf Pro 10.15.1 and have some Macs showing up in a Smart Group as the MDM Profile not being verified. Some of the end users are working from home via VPN. My JSS is on-prem and is NOT in the DMZ. So, outside of them connecting to our network VPN they won't be able to reach my Jamf server.
I tried to resolve one of the Macs by re-enrolling it into Jamf remotely (screensharing). It pulled down the quickadd package and went through all the motions, but, at the end it was still unverified. Note: The end user did have admin rights.
Does anyone know how to get the MDM Profile verified if the Mac is being used remotely via VPN?
I'm pretty sure this is Apple's "new" way (Mojave and forward). If you don't DEP enroll, even if it's a reenroll, then the user (or you remotely) will need to click the verify button in System Prefs -> Profiles. If they open Self Service it should show them a picture of what needs to be done. It's not hard but I've had to do it for quite a few of our people anyway. I've only tried it on prem but it should work over VPN if that traffic is allowed (I have no idea what protocol Apple uses for that).
We occasionally get this on Macs that were enrolled via DEP/ASM. Issuing the
Renew MDM Profile command resolves it for us. If it's one of our older Macs that was manually enrolled to Jamf, either via Recon or by a quick add package, then as @mpenrod points out, the Mac is technically a user-initiated enrollment and the user must go to System Preferences > Profiles, click on the MDM Profile in the list of profiles, and click the 'Accept' (or maybe 'Approve'?) button that is just under the title of the profile.