Help

Preapprove Macs before Enrolment to Jamf

hedenstam
New Contributor III

Posted on ‎08-20-2018 06:11 AM

I doubt this is possible, but will ask it anyways. Does anyone know if it is possible to have a pre-approval / register of devices that are allowed to be enrolled to Jamf?
DEP is of course providing this, but I am talking about devices outside DEP that can be enrolled to Jamf with UserInitiated enrolment, but wondering if I could have a pre-approval for those.

0 Kudos
2 REPLIES 2

mojo21221
Contributor II

Posted on ‎08-20-2018 06:32 AM

We are doing something similar. We achieved it by creating a smart group of "Enrollment Method:PreStage enrollment" or Serial Number (manually add each approved) as scope for policy that is our baseline. This allows anyone to register but only members of your scope the policy for your environment. Hope this helps.

blackholemac
Valued Contributor III

Posted on ‎08-20-2018 06:43 AM

with user initiated enrollment you could only allow a certain ldap group to enroll. Or another trick we use is that our instance of Jamf Pro only allows enrollments internally (but works everywhere)...you could say allow people access to the internal production WiFi by MAC address. This is what we use to allow only corporate owned devices on the production Wifi. Combine that by only allowing enrollment to Jamf Pro on the production Wifi and that could be a possible solution....maybe not as elegant as you are looking for though.