Apple push notification (APN) certificates have expiration dates. To maintain MDM management with the Macs and iOS devices in your organization, you must renew your APN certificates periodically.
If your APN certificate expires, your iOS devices are no longer managed by Casper. They must be re-enrolled to restore MDM management to that iOS device.
Your Macs will also lose MDM management, but it should be possible to use the Casper agent to restore MDM management after a new APN certificate is uploaded to the Casper server.
They will not fix themselves but you can use the
jamf enroll command to reenroll them. Maybe you can run this on multiple computers at once using Apple Remote Desktop.
Usage: jamf enroll [-prompt | -invitation] [-noRecon] [-noManage] -prompt Prompts for JSS and SSH credentials. -invitation Uses an invitation ID for credentials instead of a user name and password. -noRecon Stops enroll from acquiring inventory. -noManage Stops enroll from enforcing the management framework. -noPolicy Stops enroll from checking for enrollment policies.
@tcandela Are your profiles getting installed?
Rich T. has some great resources on this topic. I haven't read them fully yet but it looked interesting.
the certificate has been renewed. subsequent enrollments are still MDM=NO
just to verify does 'Enable Push Notifications' need to be Checked ???
under the following section --- Computer Management --> Security
I mentioned to the admins here managing the Full JSS that they probably need to also 'Enable Push Notifications' under the following section --- Computer Management --> Security
this must of 'unchecked' itself after the certificate expired.
they 'checked' the box yesterday, and after computers started checking in, the MDM started changing to YES.
no need to re-enroll