Help

Personal Mac enrolled in Jamf with no admin required

perryd
Contributor

Posted on ‎09-21-2018 02:22 AM

A user at my company managed to enrol him Mac in Jamf with no admin access or JSS access??

He said he was asked by Outlook to enrol his device but it told him enrolment failed and his emails stopped syncing. Intune/company portal isn't working correctly for us but thats another issue.

I'm more concerned that maybe the Office365 enrolment has somehow enrolled his personal device into Jamf??

His mac wasn't scoped to anything but yet it pulled down self-service, company licensed software, security certificates, admin accounts the lot!

How is that possible? Has anyone else seen this?

0 Kudos
3 REPLIES 3

perryd
Contributor

Posted on ‎09-21-2018 02:33 AM

Following on here are a few settings from our JSS.

Only the 10 users on the list are able to enrol anything from the jamf enrolment site.
30f93823cb11497681191abbc502b9a7

Also please see my User enrolment settings. Are these wrong???
691434e9634849b9b2991b2a65c43905
038493c1555a48689ad4c4b3396a0484

0 Kudos

a_stonham
Contributor II

Posted on ‎09-24-2018 04:58 AM

Looks like your user initiated enrollment settings would allow All LDAP Users to enroll their machine in Jamf.

Can you login to
https://<yourjss>:8443/enroll as a user who does not have access to jamf console?

Ash

0 Kudos

perryd
Contributor

Posted on ‎10-01-2018 03:23 AM

OMG That was it!!!!

I mean it says not allowed to enrol personal devices only institutional but turned it all off and now works just for admins.

Thanks! Lets put this down to a blonde moment.

0 Kudos