Prestage Enrollment, wifi issues, and zero touch.

New Contributor II

Hey everyone!

So we are loving our prestage enrollments, and being able to utilize Zero-Touch deployments with our new MacBooks. We will hand users unopened equipment which looks good to the user, and helps our teams "brand" have a more professional and magical appearance.

The problem we are having, is paranoia above me that users will not connect to our guest Network to pull the prestage, this making the devices not enrolled in Jamf.

I trust that most of our employees can connect to the guest Network if instructed without issue, but some users will think "huh, I cannot connect to the main wifi, and am told not to use guest, so I guess I should just skip for now" because our main wifi connection uses LDAP credentials to authenticate, which as far as I know, you cannot login with on a Mac during setup, you are only given the option to enter a password, and not user.

Any thoughts to help me ensure that zero touch deployment and Enrollment is reliable, or is that a risk I have to take?

Thanks everyone.



We kind of have the same problem. I trying to float the idea of getting another SSID of "Apple Enrollment" so people get it. Our network group isn't feeling it yet...

Valued Contributor II

you can login to the secured wifi during setup, at least we do.
when you select the wifi it will prompt for credentials

when delivering the machines to the user, include some quick start instructions?

New Contributor II

It unfortunately does not prompt for username and password, just password when we try to connect to the networking that requires username and password.



I would have them set up a separate SSID that only connects to Apple and Jamf's servers, and as @dpodgors mentioned above, call it "Apple Enrollment" or something similar so users are sure to connect to it. This way, you alleviate some of infosec's fears about open networks. Obviously, it would also have a password, just not credentialed sign in.

New Contributor II

Jesse what did you end up doing to resolve your problem? I'm having the exact same problem. The network engineers at my location WILL NOT enable our Wi-Fi connections to allow our Macs to enroll OTA. Guest Access network will not work either.