QuickAdd.pkg on Big Sur

vao
New Contributor III

Has anyone been able to get QuickAdd.pkg to successfully enroll Big Sur non-DEP mac? The installers completes without any issues but no profiles ever get installed. Subsequent tries to re-enroll via the binary is unsuccessful in getting the MDM profile (jamf enroll -prompt).

However, installing via web enrollment works perfectly.

Could this issue with Big Sur blocking the ability to install profiles via shell?

JamfPRO version: 10.25.2-t1605115216
macOS version: 11.0.1. 20B29

19 REPLIES 19

snowfox
Contributor II

I remember reading in the Jamf Pro release notes that quickadd package functionality was being reduced / deprecated going forward. The preferred methods are device enrolment or user initated enrolment.

snowfox
Contributor II

jcrain
New Contributor

Can someone clarify the correct method for this? When I send an enrollment invitation it downloads a quick add PKG which as discussed does not work.

sdagley
Honored Contributor II

@jcrain If you're not using Apple Business Manager/Apple School Manager and Automated Device Enrollment then you need to enable User-Initiated Enrollment and have your users on Big Sur enroll by going to https://YourJSSAddress.com/enroll

mjhersh
New Contributor III

An additional advantage to user-initiated enrollment via the web site (/enroll) is that it grants supervision of the computer (like with DEP/ADE), which was never possible with QuickAdd packages.

daveyboy
New Contributor II

If you have a previous workflow setup for Mojave you can just image it to Mojave and then push a script to install&upgrade to Big Sur.

vinu_thankachan
New Contributor III

In macOS Big Sur, the command line profiles Tool is getting a major version update, jumping to Version 8 from Version 7 deprecating the ability to install configuration profiles using the profiles command .
With the deprecation of the installation feature of the profiles command in macOS Big Sur, Apple has now made it clear that the Apple Mobile Device Management (MDM) protocol is now the only way to silently install configuration profiles on remote macOS machines.

https://developer.apple.com/videos/play/wwdc2020/10639/ (Check the video timeline 9Min:40sec)

You need to enable the User initiated enrollment for non DEP devices - Download and install the CA and MDM profile .

Pratik
New Contributor II

@vinu.thankachan Thanks for the info. However, we have enabled the user initiated enrollment for non DEP machines from Settings > Global Management > User Initiated Enrollment

But still our Big Sur machine is asking to Download the QuickAdd package which in-turn is not allowing MDM profile installation for the very well known reason. Any thoughts please?

mhasman
Valued Contributor

I would recommend to check with your Apple rep the access to your company/educational Apple Business portal, DEP devices assignment and auto-confirmation with your MDM (Jamf Pro/Jamf Now)

Pratik
New Contributor II

@mhasman The User Initiated Enrolment are separate from DEP and they are not linked to Apple Business Manager. It's something different which I think I'm not able to figure out.

vinu_thankachan
New Contributor III

@Pratik please check the below Jamf training and see if this can help you.

https://docs.jamf.com/education-services/jamf-100-course/4.1/Lesson_22__User-Initiated_Enrollment.html

Pratik
New Contributor II

@vinu.thankachan I can confirm that we have followed all UIE guidelines and Jamf documents. What's strange is, even when I enroll Big Sur machines, I'm getting an option to Download & Install QuickAdd package instead of MDM profile. I have exhausted all my resources and finding it tough to get an answer from support team as well 😞

barnesaw
Contributor III

I had a BS machine download the QuickApp when UIE was not enabled. As soon as I enabled it, I was able to do the normal /enroll method of downloading the profile and manually installing it.

Not applicable

^ good to know!

Pratik
New Contributor II

@barnesaw If the UIE was not enabled then ideally you should get 'disabled' message when you access /enroll page.

angryant
New Contributor II

@Pratik Did you find a solution to this? This has started to happen on our devices, it worked as expected previously.

danielherr
New Contributor

This is happening to us now as well (just out of the blue). It was working perfectly around 1 month ago. I'm lost as UIE is set and everything is as it should be and was when it was working.

angryant
New Contributor II

Our push notification certificate had expired. Renewing this fixed the issue.

our push cert expired last week, renewing fixed the self-initiated enrollment issues with Big Sur