Preventing end users from removing Jamf

New Contributor III

Hi everyone!

Recently, we had an user remove his device (macbook) from JAMF. We discovered it by the machine not checking in for three months and physically touching it.

Is there anyway we can prevent end users from doing this? Or something that could tell us when an end user has removed themselves?

Any help would be appreciated!


Valued Contributor III

I recommend Rich Trouton's Casper Check:

Valued Contributor

It might be better to have a personel policy for this than a technical one. If a machine doesn't checkin for greater than some fixed period, then the user should be contacted and the machine examined. Technical solutions are great, but a five minute Google search makes most of them moot.

Valued Contributor II

So, for us this a multi tier approach.
Part 1

Tier 1.
Most of our staff need vpn. VPN is only available by having your machine managed. Unmanaged = no vpn. (And Actively checking into casper jamf pro)
Tier 2. Policy: All staff machines must be managed as according to our AUP.
Tier 3.
Casper Check: should a machine become unenrolled it gets re-enrolled through casper.

Part 2
We have a smart group that has no checkin in 30 days, which emails us, and generates a ticket for the helpdesk to follow up with.

New Contributor III

so im a bit confused because jamf doesnt use quickadd packages anymore