Is there a way in a single policy to allow install on reboot or enrollment at all times but restrict install on recurring check in to a maintenance window?
phew! thats a mind twister. 🤣.. yes, with 3 policies.
1) master policy - does what-ever you want it to do. with custom event 'FOO'. scope to run to devices you want with ongoing.
2) reboot / enrolment policy - trigger startup and enrolment complete - files and processes - jamf policy event FOO
3) recurring - recurring trigger - sever side / client side limitation - files and processes - jamf policy event FOO
Why couldn't the master policy do reboot/enrollment and custom (with custom being the link to time restrained check in )
then you won't get recurring.. you'll call the master from the time restricted.. and that only triggers on reboot / enrollment.. not recurring
That is a mind twist, it looks like policy triggers appear to work in parallel, it isn't possible to have reboot<or>enroll<or>custom all in the same policy coupled with 'Run Once per system' for mandated software installs at the most opportune time? Recurring in this case is more a 'on first check in, if not already installed' after that is should do nothing as the master policy is run 'once per computer'.
you can break them up more. so one for enrol, one for reboot and use them to call the master that is ongoing.
the run order is alphabetically on the policy name (dont ask) soo AAA will run before ZZZ
couple that with a recon and smart groups.. if needed..