- Jamf Nation Community
- Products
- Jamf Pro
- Re: Proper way to reset a managed device without l...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-11-2023 02:46 AM
Hello,
I would like to know what the proper way is to reset a device while still keeping it under management.
I have a MacBook that was added to ABM using Configurator 2 and was prestaged and is now managed in Jamf Pro. It has several policies and packages installed. Now, I want to take the MacBook back from a colleague and send it to a new colleague. He can then start with the MacBook as if it's new (=PreStage). It's important for me that the device is not removed from ABM, because everything is managed remotely.
Should I simply click on "Wipe Computer"? Will the MacBook rerun the policies, etc., if it's still in scope? Or do I need to take further steps, such as flushing all policies for that MacBook?
Best regards,
Floh
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-11-2023 05:19 AM
As long as the device is assigned to Jamf from Apple Business (or School) Manager, and assigned to a PreStage enrollment, it will re-enroll when the end user completes setup assistant after it has been erased. Mac computers with macOS 12.0.1 or later and either an Apple T2 Security chip or an Apple Silicon processor, support Erase all Content and Settings.
If the computer has escrowed a bootstrap token with Jamf Pro, the Wipe Computer command will attempt to do an Erase all Content and Settings. If your re-enrollment settings are set to clear commands and policy history, everything should re-run when the device re-enrolls, as if it were a new computer.
Reply
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-11-2023 05:19 AM
As long as the device is assigned to Jamf from Apple Business (or School) Manager, and assigned to a PreStage enrollment, it will re-enroll when the end user completes setup assistant after it has been erased. Mac computers with macOS 12.0.1 or later and either an Apple T2 Security chip or an Apple Silicon processor, support Erase all Content and Settings.
If the computer has escrowed a bootstrap token with Jamf Pro, the Wipe Computer command will attempt to do an Erase all Content and Settings. If your re-enrollment settings are set to clear commands and policy history, everything should re-run when the device re-enrolls, as if it were a new computer.
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-12-2023 05:44 AM - edited 03-12-2023 05:50 AM
Thank you for your previous response. I want to clarify my understanding of the re-enrollment process after removing the MDM profile from a device. If I understand correctly, I should not click "Wipe Computer" but instead choose "Remove MDM Profile." However, I'm unsure about the next steps. If I understand correctly, even after removing the MDM profile, the old account with data will still be present on the computer, so I need to wipe it afterward. Is this correct?
If I do need to wipe the computer, I don't think I need to remove it from the Jamf Pro computer list because I could just enable "Clear policy logs on computers" in the re-enrollment settings. Is this correct?
I appreciate your guidance on this matter. Thank you.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-12-2023 06:05 AM
If the device is new enough to support Erase all Contents and Settings, that's the best way to redeploy it to a new user. The Wipe Computer command should do the trick.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-12-2023 06:14 AM
Thanx, will test it and report back here.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-13-2023 06:02 AM
There is nothing that can be done on the device to remove it from Apple Business Manager. So long as the device is assigned to your MDM instance the proper way to reprovision is simply to reinstall macOS however you deem fit. When macOS goes to activate Apple will redirect activation to your MDM, and the device will enroll in to management before the user can do anything.
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-21-2023 08:00 AM
I am curious about the process. I already erased the disk. Mac asks me to connect to the Internet to activate it. I assume Mac doesn’t have any Jamf or MDM data after I erased the disk. How could this Mac know it needs to re-install Jamf or MPM back?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-21-2023 09:49 AM
@joejoe if the device is configured for Automated Device Enrollment,it will re-enroll with your MDM during Setup Assistant after being erased.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-13-2023 04:17 PM
Hi, as promised, I tested "Wipe Computer" and nothing else. The MacBook (M1) was erased and I was able to set it up again. It is still managed by Jamf Pro, and all profiles (if still in scope) were reapplied. So, it works as expected. Thank you very much, everybody!
As @jcarr mentioned, be sure to adjust the "re-enrollment setting" since it is disabled by default.
@AJPinto: Thank you for the additional information. This is good to know!
