Help

Prestage Enrollment, wifi issues, and zero touch.

MacKae
New Contributor II

Posted on ‎02-09-2017 07:25 AM

Hey everyone!

So we are loving our prestage enrollments, and being able to utilize Zero-Touch deployments with our new MacBooks. We will hand users unopened equipment which looks good to the user, and helps our teams "brand" have a more professional and magical appearance.

The problem we are having, is paranoia above me that users will not connect to our guest Network to pull the prestage, this making the devices not enrolled in Jamf.

I trust that most of our employees can connect to the guest Network if instructed without issue, but some users will think "huh, I cannot connect to the main wifi, and am told not to use guest, so I guess I should just skip for now" because our main wifi connection uses LDAP credentials to authenticate, which as far as I know, you cannot login with on a Mac during setup, you are only given the option to enter a password, and not user.

Any thoughts to help me ensure that zero touch deployment and Enrollment is reliable, or is that a risk I have to take?

Thanks everyone.

0 Kudos
Reply
5 REPLIES 5

dpodgors
Contributor

Posted on ‎02-09-2017 07:38 AM

We kind of have the same problem. I trying to float the idea of getting another SSID of "Apple Enrollment" so people get it. Our network group isn't feeling it yet...

0 Kudos
Reply

ImAMacGuy
Valued Contributor II

Posted on ‎02-09-2017 12:25 PM

you can login to the secured wifi during setup, at least we do.
when you select the wifi it will prompt for credentials

when delivering the machines to the user, include some quick start instructions?

0 Kudos
Reply

MacKae
New Contributor II

Posted on ‎02-10-2017 10:00 AM

It unfortunately does not prompt for username and password, just password when we try to connect to the networking that requires username and password.

0 Kudos
Reply

hjcao
Contributor

Posted on ‎02-13-2017 02:36 PM

@MacKae

I would have them set up a separate SSID that only connects to Apple and Jamf's servers, and as @dpodgors mentioned above, call it "Apple Enrollment" or something similar so users are sure to connect to it. This way, you alleviate some of infosec's fears about open networks. Obviously, it would also have a password, just not credentialed sign in.

0 Kudos
Reply

SVC-SBDJamfAdmi
New Contributor II

Posted on ‎06-19-2018 09:26 AM

Jesse what did you end up doing to resolve your problem? I'm having the exact same problem. The network engineers at my location WILL NOT enable our Wi-Fi connections to allow our Macs to enroll OTA. Guest Access network will not work either.

0 Kudos
Reply