Jamf Nation Community

VL · ‎01-02-2024

New to Jamf Pro and just looking to get things set up before rolling out company wide, and testing the initial configuration on my MacBook things haven't quite gone to plan.

Have in the Configuration Profile set a Banner message and cleared the tick-box for Show "Other...", but after I enroll my laptop they doesn't appear to be any banner message, i.e. there is no message displayed above the login prompt, and I am able to select Other on the login window which then prompts for a Name and Enter Password.

What am I doing wrong or not understand?

TIA.

jamf-42 · ‎01-02-2024

Is this what you want? https://support.apple.com/en-us/HT202277

VL · ‎01-02-2024

Thanks for the prompt reply, jamf-42, but no. That said, thanks for the link as that banner feature is something I might look at implementing.

I've subsequently discovered that the lack of a Scope for the Configuration Profile may have partly been the problem, in that now my MacBook has been enrolled having "registered" with Apple Business Manager (ABM) and been handed of to Jamf Pro I do see the simple text banner over my newly created local user account now that I am able to add my laptop to the Configuration Profile's Scope.

However, the issue of the option to use Other at the login window remains.

I am assuming that I'm not fully understanding the auto-enrollment process offered by ABM and Jamf Pro. Given a clean Jamf Pro account, and a single device registered with ABM, I presumed that setting up PreStage Enrollment and assigning the Configuration Profile it would be applied to any device being enrolled but that doesn't appear to be the case. Looks like the device has to be enrolled with Jamf Pro first through ABM, which then allows the device to be added to the scope of the Configuration Profile which then will be applied to the device. It's not as seamless as I was expecting (which is a disappointment).

mm2270 · ‎01-02-2024

Jamf Pro will sync with, and pull in devices from your ABM (once the connection is set up), but unless you specify that any new devices being fed in from the ABM sync get assigned to the Prestage enrollment, they may just sit there, ready to be assigned, but not actually getting anything applied to them. You can specify which prestage you want as the default assignment for any new devices that get synced to Jamf Pro, which saves you a step there. Or, you can manually assign the Macs to a Prestage.

Also, you may want to ensure that the profiles in question are checked on within the Configuration Profiles section of your Prestage. Bear in mind that proper scope still applies, meaning that if any of the profiles are scoped to Smart Computer Groups, just checking them within the Prestage doesn't mean they will get applied to the Mac upon enrollment. The Mac still needs to fit the smart group criteria for the profile to be installed on it.

I don't know if any of the above applies in your case. Maybe, maybe not, but just thought I'd mention this all for clarity purposes. Hopefully it helps a bit.

VL · ‎01-05-2024

Thanks for the feedback, mm2270.

Currently there is only one PreStage Enrollment configured, and the option Automatically assign new devices is ticked. Therefore, would expect any new enrollment to use this configuration which has currently the only Configuration Profile defined assigned. Given that the Configuration Profile has the option Show "Other..." tick-box cleared.

At present, having rebooted the laptop since making my inquiry, things are working the way I'd expect, other than when prompted to enter an admin account even though I am using the hidden admin user account created as part of the PreStage Enrollment these are never accepted. Just about to retry the enrollment process having cleared the tick-box for Hide managed administrator account in Users & Groups to see if that makes a difference.

Jamf Nation Community

Noobie: What am I doing wrong?