Purging Inventory and license count

thefishyfew
New Contributor II

We have a limited number of licenses and I have been advised to purge records of devices that haven't checked in for 90 days. I'm worried about doing that since so many of our users have taken to working from home and many have just taken the summer off.

If we delete that record in JAMF Pro, will the record reappear if the device is turned on later? And, how will it affect the history like policy or computer management logs? The JAMF client is still installed.

Does deleting a record affect the license count?

 

 

1 ACCEPTED SOLUTION

cdev
Contributor III

Assuming your license is based on the number of devices registered in your Jamf instance, yes deleting a device will reduce your license count. However, you do lose all of the device history, logs, etc as that's part of the device record. Any device that is used after deletion won't know that anything has happened, except that none of the Jamf services will work any longer.

Jamf Pro doesn't cease working or adding new devices if you exceed the license count, but come your annual renewal, your Jamf rep will want an accurate count of devices to ensure your licensing covers your registered devices.

View solution in original post

7 REPLIES 7

cdev
Contributor III

Assuming your license is based on the number of devices registered in your Jamf instance, yes deleting a device will reduce your license count. However, you do lose all of the device history, logs, etc as that's part of the device record. Any device that is used after deletion won't know that anything has happened, except that none of the Jamf services will work any longer.

Jamf Pro doesn't cease working or adding new devices if you exceed the license count, but come your annual renewal, your Jamf rep will want an accurate count of devices to ensure your licensing covers your registered devices.

thefishyfew
New Contributor II

that's great info. thank you. Now, if the device comes back online, it will recreate the record minus the history?

mm2270
Legendary Contributor III

No, a device that's been removed from Jamf will not auto re-enroll into Jamf, unless you have some process to do that. Back in the day when things like the QuickAdd.pkg that was created in Jamf Recon was still valid, it was possible to use some processes put together by community members like Rich Trouton to get devices re-enrolled. But given the QuickAdd enrollment method leaves Macs in a weird state now, I wouldn't recommend it. So unfortunately, as @cdev above mentioned, the only thing that will happen is that the Mac will stop checking in, policies won't run on it, Self Service will no longer work, etc. If you were to try to run a sudo jamf recon on it, it will spit back a device signature error.

Of course, if you enable User Initiated Enrollment and allow end users to enroll, that's one way they can get back in good standing, but it involves user intervention, so it's in no way automatic.

For these reasons, I would recommend either not removing the devices if there is any question about whether they are still in use (for Macs that you are sure are no longer in use, it should be ok to delete them), or push out the threshold to longer than 90 days. Maybe make it 6 months. If something hasn't checked in in that long, it likely isn't coming back.

thefishyfew
New Contributor II

Ouch! I did not know they wouldn't recreate their records. That is definitely something I need to relay to my supervisor. Thank you, @mm2270!

swapple
Contributor III

If filevault is enabled and the key is escrowed in the Jamf computer record, deleting the record also deletes the key so you would not be able to recover the machine if the pw is forgotten.  

thefishyfew
New Contributor II

Very true. I was keeping a spreadsheet of those particular ones, just in case.

mm2270
Legendary Contributor III

This is definitely a good point. Jamf still doesn't allow us to export those Recovery keys out of the db using an API call or some other method, so for now if you need to hold onto those for any reason, it's a manual copy/paste job.

I guess if there's any question about whether you'd need to get back into those machines, best to hold onto the Recovery key for awhile.