Removal of MDM profile notification?

New Contributor

One of the employees at my company told me they remove the MDM profile from their IMac. This is no problem because it was easily reinstalled but, is there a way to be notified when any user removes this profile?

We have agents that work from home, and unfortunately people are let go quite often. We are able to secure the usage of our devices by locking it after termination of employment. If they were to remove the MDM profile, would we lose the ability to lock our computers without any notification? Or alert?

I’m not tech savvy but just trying to learn


Valued Contributor

I don't know if there's any simple way other than by having your macs do a regular inventory update and then querying the API to see machines that are showing as not mdm capable? Maybe someone else would have a simpler way of finding out. Are you devices able to check in with Jamf Pro while offsite? I'm assuming yes.

New Contributor

You can use /usr/bin/profiles -L to list all the profiles. You could have an extension attribute based on that showing when a profile is present (or not)

Valued Contributor III

Yep I think Gavbien's idea is the easiest...This might get you started...